Skip to Content

Cybersecurity and Infosec News Headlines Update on 2022-11-30

Updated on 2022-11-30 Healthcare data breaches are getting out of hand, impacting millions of individuals every so often. One such breach at a pediatric health IT software company impacted over two million patients and their sensitive information. In another vein, a China-linked threat actor was found using USB devices for nefarious purposes. We also have …

Read More about Cybersecurity and Infosec News Headlines Update on 2022-11-30

GAO: US Department of Defense Needs to Improve Cyber Incident Reporting and Sharing

The US Government Accountability Office (GAO) says that the Department of Defense (DoD) needs to do a better job of reporting and sharing information about cybersecurity incidents. While DoD has taken steps that have reduced the number of cyber incidents it experiences, the agency “hasn’t fully implemented its processes for managing cyber incident, doesn’t have …

Read More about GAO: US Department of Defense Needs to Improve Cyber Incident Reporting and Sharing

Industry Group Says Third Party Providers Should be Exempt from CISA’s Incident Reporting Rule

The Information Technology Industry Council (ITIC) has responded to a CISA Request for Information on the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) regarding the scope of CIRCIA incident reporting requirements. In its response ITIC writes, “CISA should develop criteria based on criticality assessment to national and economic security when entities are …

Read More about Industry Group Says Third Party Providers Should be Exempt from CISA’s Incident Reporting Rule

Electric Vehicle Charging Infrastructure Cybersecurity

Scientists from Sandia and other US National Laboratories “recently published a summary of known electric vehicle charger vulnerabilities in the scientific journal Energies.” The vulnerabilities range from payment card skimming to taking control of an EV charger network. The paper includes proposed fixes and changes to the EV charging infrastructure. Note Remember that even the …

Read More about Electric Vehicle Charging Infrastructure Cybersecurity

US Senator Calls for Improved Healthcare Sector Cybersecurity

US Senator Mark Warner (D-Virginia) wants the Department of Health and Human Services. And the Cybersecurity and Infrastructure Security Agency (CFISA) to improve their collaboration in their efforts to protect the health care sector from cyberattacks. Warner has published a policy options paper that addresses “various challenges and proposals aimed at changing the way that …

Read More about US Senator Calls for Improved Healthcare Sector Cybersecurity

UK NCSC annual review

Updated on 2022-11-02: UK NCSC annual review The UK GCHQ National Cyber Security Centre has published its annual cybersecurity year-in-review report. To cut the chase short, here are the main takeaways: In 2022, the NCSC managed the response to hundreds of incidents, 63 of which were nationally significant. In 2022, 18 ransomware incidents required a …

Read More about UK NCSC annual review

Solved: What tool to calculate NIST Cyber Security Framework (CSF) score?

Question/Problem Description Is there an easy-to-use tool that I can use the NIST Cyber Security Framework (CSF) matrix and calculate a score, to know cybersecurity position? Solution #1 One tool that I am recommended is the CSET self assessment tool. CSET is a desktop software tool that guides asset owners and operators through a step-by-step …

Read More about Solved: What tool to calculate NIST Cyber Security Framework (CSF) score?

Solved: Which Email Header Analyzers identify source IP accurately?

Question/Problem Description Which Email Header Analyzers work best and most accurately when copying headers from Outlook email Some results are not consistent when identify the source IP easily and accurately. Solution Personally I use mxtoolbox, other email header analyzer you can try are Message Header Analyzer, MHA – Message Header Analyzer Add-in For Outlook, and …

Read More about Solved: Which Email Header Analyzers identify source IP accurately?

Security Advisories Notices Update on 2022-11-29

Amazon AWS Security Advisories Reported AWS AppSync Issue Jenkins Security Advisories Jenkins Security Advisory 2022-11-15 Mozilla Security Advisories Security Vulnerabilities fixed in Thunderbird 102.5 mfsa2022-49 Security Vulnerabilities fixed in Firefox ESR 102.5 mfsa2022-48 Security Vulnerabilities fixed in Firefox 107 mfsa2022-47 Amazon AWS Security Advisories OpenSSL Security Advisories – November 2022 Google Security Advisories Chrome Releases: …

Read More about Security Advisories Notices Update on 2022-11-29

UK’s Information Commissioner Fines Firm Over Inadequate Security

Updated on 2022-10-27:  Interserve fine The UK Information Commissioner Officer levied a massive £4.4 million ($5 million) fine against Interserve, a Berkshire-based construction company, for failing to update software and train staff, which eventually led to a ransomware attack during which the data of its employees was stolen by cybercriminals. Read more: ‘Biggest cyber risk …

Read More about UK’s Information Commissioner Fines Firm Over Inadequate Security

TSA Seeks Comments on Strengthening Pipeline and Rail Cybersecurity and Resiliency

Updated on 2022-11-30: TSA Seeks Comments on Strengthening Pipeline and Rail Cybersecurity and Resiliency The US Transportation Security Administration (TSA) has published an advance notice of proposed rulemaking “regarding ways to strengthen cybersecurity and resiliency in the pipeline and rail (including freight, passenger, and transit rail) sectors.” TSA is accepting public comments through January 17, …

Read More about TSA Seeks Comments on Strengthening Pipeline and Rail Cybersecurity and Resiliency

IRGC installed malware on phones of Iranian protesters following their arrest

BSI, the German cybersecurity agency, took down this week a web server used to control malware deployed by the Iranian government to spy on participants of recent anti-government protests. The server was identified over the weekend by Hamid Kashfi, a security engineer at Trail Of Bits, who confirmed a tip that the Islamic Revolutionary Guard …

Read More about IRGC installed malware on phones of Iranian protesters following their arrest

Operation Jackal Takes Down Cybercrime Organization

Updated on 2022-10-17:  Operation Jackal Takes Down Cybercrime Organization Interpol has announced the arrest of 75 people in connection with a cybercrime syndicate that has been perpetrating cyber fraud and using the spoils to fund other criminal activity. Operation Jackal involved law enforcement agents in 14 countries around the world. Officials raided nearly 50 properties …

Read More about Operation Jackal Takes Down Cybercrime Organization
Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.