Security News
Cybersecurity Advisory warns of Russian-backed cyber threats to infrastructure. The cybersecurity authorities of the U.S., Australia, Canada, New Zealand, and the U.K. released a joint Cybersecurity Advisory on April 20, warning organizations based in these countries that Russia's invasion of Ukraine could expose them to increased rates of malicious cyber activity.
The National Association of Corporate Directors, SecurityScorecard and the Cyber Threat Alliance released a report that examines the U.S. Securities and Exchange Commission's recently proposed rules and amendments on cybersecurity reporting requirements for public companies. The report concludes that the proposed rules, if enacted as currently drafted, would strengthen the ability of public companies, funds and advisors to combat cybersecurity threats and implement risk mitigation processes.
"Given recent intelligence indicating that the Russian government is exploring options for potential cyberattacks against U.S. critical infrastructure, CISA along with our interagency and international partners are putting out this advisory to highlight the demonstrated threat and capability of Russian state-sponsored and Russian aligned cybercrime groups," added CISA Director Jen Easterly. The Five Eyes cybersecurity agencies recommends measures critical infrastructure orgs should take to harden their defenses and protect their information technology and operational technology networks against Russian state-sponsored and criminal cyber threats, including ransomware, destructive malware, DDoS attacks, and cyber espionage.
On overwhelming number of security teams believe their email security systems to be ineffective against the most serious inbound threats, including ransomware. "Security team managers are most concerned that current email security solutions do not block serious inbound threats, which requires time for response and remediation by the security team before dangerous threats are triggered by users," according to the report, released Wednesday.
In his blog post for Government Technology, he pointed out the significant rise of criminal copycats that deliver malware through software updates, the increase in mobile malware attacks, the packaging of malware with other threats that target specific organizations, and the weaponization of malicious software. Malware weaponization is particularly alarming in light of the geopolitical conflict the world is facing right now.
Hackers have created custom tools to control a range of industrial control system and supervisory control and data acquisition devices, marking the latest threat to a range of critical infrastructure in the United States, according to several government agencies. The tools enable threat groups to scan for, compromise, and eventually control affected device after gaining initial access to an organization's operational technology networks.
Splunk and Enterprise Strategy Group have released a research report examining the security issues facing modern enterprises. More than 1,200 security leaders participated in the survey and revealed that they've seen an increase in cyberattacks at the same time as their teams face widening talent gaps.
More than 1,200 security leaders participated in the survey, revealing they've seen an increase in cyberattacks while their teams are facing widening talent gaps. 64% of security professionals have stated that it's challenging to keep up with new security requirements, up from 49% a year ago.
Last December's Log4j crisis brought the danger of zero day vulnerabilities to the front pages. There is no way of knowing how many other open-source apps have zero day vulns, not to mention enterprise apps and APIs.
In this video for Help Net Security, Chris Westphal, Cybersecurity Evangelist at Ordr, talks about an alert that came out recently from CISA and the Department of Energy, about potential threats to uninterruptible power supply devices that are connected to the internet. UPS devices are used to provide emergency power, they're usually connected to critical infrastructure.