Updated on 2022-11-30 Healthcare data breaches are getting out of hand, impacting millions of individuals every so often. One such breach at a pediatric health IT software company impacted over two million patients and their sensitive information. In another vein, a China-linked threat actor was found using USB devices for nefarious purposes. We also have …
The US Government Accountability Office (GAO) says that the Department of Defense (DoD) needs to do a better job of reporting and sharing information about cybersecurity incidents. While DoD has taken steps that have reduced the number of cyber incidents it experiences, the agency “hasn’t fully implemented its processes for managing cyber incident, doesn’t have …
The Information Technology Industry Council (ITIC) has responded to a CISA Request for Information on the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) regarding the scope of CIRCIA incident reporting requirements. In its response ITIC writes, “CISA should develop criteria based on criticality assessment to national and economic security when entities are …
Scientists from Sandia and other US National Laboratories “recently published a summary of known electric vehicle charger vulnerabilities in the scientific journal Energies.” The vulnerabilities range from payment card skimming to taking control of an EV charger network. The paper includes proposed fixes and changes to the EV charging infrastructure. Note Remember that even the …
Updated on 2022-11-16 A report by the Center for Internet Security stated that K-12 schools remain a top target for cyberattacks as 81% have not implemented proper MFA, while 29% have no MFA at all. Read more: Report: K-12 Orgs Concerned about Security Budget, Threats Overview: CIS MS-ISAC Report: K-12 Schools Cybersecurity Concerns A report …
US Senator Mark Warner (D-Virginia) wants the Department of Health and Human Services. And the Cybersecurity and Infrastructure Security Agency (CFISA) to improve their collaboration in their efforts to protect the health care sector from cyberattacks. Warner has published a policy options paper that addresses “various challenges and proposals aimed at changing the way that …
Updated on 2022-11-02: UK NCSC annual review The UK GCHQ National Cyber Security Centre has published its annual cybersecurity year-in-review report. To cut the chase short, here are the main takeaways: In 2022, the NCSC managed the response to hundreds of incidents, 63 of which were nationally significant. In 2022, 18 ransomware incidents required a …
Question/Problem Description Is there an easy-to-use tool that I can use the NIST Cyber Security Framework (CSF) matrix and calculate a score, to know cybersecurity position? Solution #1 One tool that I am recommended is the CSET self assessment tool. CSET is a desktop software tool that guides asset owners and operators through a step-by-step …
Question/Problem Description Which Email Header Analyzers work best and most accurately when copying headers from Outlook email Some results are not consistent when identify the source IP easily and accurately. Solution Personally I use mxtoolbox, other email header analyzer you can try are Message Header Analyzer, MHA – Message Header Analyzer Add-in For Outlook, and …
Amazon AWS Security Advisories Reported AWS AppSync Issue Jenkins Security Advisories Jenkins Security Advisory 2022-11-15 Mozilla Security Advisories Security Vulnerabilities fixed in Thunderbird 102.5 mfsa2022-49 Security Vulnerabilities fixed in Firefox ESR 102.5 mfsa2022-48 Security Vulnerabilities fixed in Firefox 107 mfsa2022-47 Amazon AWS Security Advisories OpenSSL Security Advisories – November 2022 Google Security Advisories Chrome Releases: …
Updated on 2022-10-27: Interserve fine The UK Information Commissioner Officer levied a massive £4.4 million ($5 million) fine against Interserve, a Berkshire-based construction company, for failing to update software and train staff, which eventually led to a ransomware attack during which the data of its employees was stolen by cybercriminals. Read more: ‘Biggest cyber risk …
Updated on 2022-11-30: TSA Seeks Comments on Strengthening Pipeline and Rail Cybersecurity and Resiliency The US Transportation Security Administration (TSA) has published an advance notice of proposed rulemaking “regarding ways to strengthen cybersecurity and resiliency in the pipeline and rail (including freight, passenger, and transit rail) sectors.” TSA is accepting public comments through January 17, …
BSI, the German cybersecurity agency, took down this week a web server used to control malware deployed by the Iranian government to spy on participants of recent anti-government protests. The server was identified over the weekend by Hamid Kashfi, a security engineer at Trail Of Bits, who confirmed a tip that the Islamic Revolutionary Guard …
Updated on 2022-10-17: Operation Jackal Takes Down Cybercrime Organization Interpol has announced the arrest of 75 people in connection with a cybercrime syndicate that has been perpetrating cyber fraud and using the spoils to fund other criminal activity. Operation Jackal involved law enforcement agents in 14 countries around the world. Officials raided nearly 50 properties …
Question A term called “Data-Driven Defense Evangelist” thrown during the meeting, I have googled it and what I can gather is that are computer systems inefficient in security defenses that most companies assume that they can easily be breached in turn get or setup “A data-driven computer security defense” that will assist right threats and …
