- U.S. unveils plan to improve cyber defenses for water utilities
January 27, 2022
The White House on Thursday unveiled a plan to beef up cybersecurity in the nation’s water sector, an extension of its efforts to thwart attacks against critical infrastructure including electricity and natural gas pipeline operators.
Senior administration officials said water facilities use automation and electronic networks that are vulnerable to cyber attacks, which could include producing ...
- Brazilian Ministry of Health recovers systems over a month after cyberattack
January 18, 2022
After a major cyberattack brought key systems of Brazil’s Ministry of Health (MoH) to a halt, the department has reported all its platforms are back online.
According to a statement released by the MoH on Friday (14), most systems have been reestablished following a cyberattack in early December 2021, including ConecteSUS, which holds COVID-19 vaccination data. ...
- The race towards renewable energy is creating new cybersecurity risks
January 14, 2022
The renewable energy industry is becoming more important as countries attempt to move away from fossil fuels, but the continued growth of the sector must be managed with cybersecurity in mind, or there’s the danger that vulnerabilities in everything from power plants down to smart meters could leave energy providers and their customers open to ...
- Cyberattack shuts down Albuquerque schools; county copes with ransomware incident
January 13, 2022
School officials in Albuquerque, New Mexico have cancelled classes for Thursday and Friday due to a cyberattack. The shutdown took place just days after a ransomware attack hit government services across Bernalillo County.
In a statement posted to the Albuquerque Public Schools (APS) website, officials said schools will remain closed “as the district continues to investigate ...
- Fingers point to Lazarus, Cobalt, FIN7 as key hacking groups attacking finance industry
January 13, 2022
The Lazarus, Cobalt, and FIN7 hacking groups have been labeled as the most prevalent threat actors striking financial organizations today.
According to “Follow the Money,” a new report published on the financial sector by Outpost24’s Blueliv on Thursday, members of these groups are the major culprits of theft and fraud in the industry today.
The financial sector ...
- Maryland officials confirm ransomware attack shut down Department of Health
January 12, 2022
Maryland officials confirmed on Wednesday that state’s Department of Health is dealing with a devastating ransomware attack, which has left hospitals struggling amid a surge of COVID-19 cases.
In a statement released on Wednesday, Maryland Chief Information Security Officer Chip Stewart said the attack began on December 4 and crippled their systems.
“We have paid no extortion ...
- Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure
January 11, 2022
This joint Cybersecurity Advisory (CSA)—authored by the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and National Security Agency (NSA)—is part of our continuing cybersecurity mission to warn organizations of cyber threats and help the cybersecurity community reduce the risk presented by these threats. This CSA provides an overview of Russian state-sponsored ...
- TSA to impose cybersecurity mandates on railroad and aviation industries
January 6, 2022
The Transportation Security Administration will impose new cybersecurity mandates on the railroad and airline industries, including reporting requirements as part of a department effort to force compliance in the wake of high-profile cyberattacks on critical industries, Homeland Security Secretary Alejandro Mayorkas announced Wednesday.
DHS is moving to require more companies in critical transportation industries to meet ...
- UK: Three flights diverted as Gatwick Airport air traffic control suffers IT issues
January 6, 2022
Three flights have been diverted from Gatwick Airport due to IT issues in the air traffic control tower.
Two British Airways flights were diverted to Heathrow Airport while one easyJet flight was redirected to London Luton Airport, a spokesperson for the airport told Sky News.
One British Airways plane was travelling from Belfast while the other was ...
- Data breach: Broward Health warns 1.3 million patients, staff of ‘medical identity theft’
January 3, 2022
This weekend, the Broward Health hospital system notified more than 1.3 million patients and staff members that their personal information was involved in a data breach that started on October 15.
In a statement on Saturday, the Florida hospital system said that in addition to names, addresses and phone numbers, Social Security numbers, bank account information ...
- Top 10 healthcare breaches in the U.S. exposed data of 19 million
December 31, 2021
The healthcare sector has been the target of hundreds of cyberattacks this year. A tally of public data breach reports so far shows that tens of millions of healthcare records have been exposed to unauthorized parties.
Most of the largest data breaches result from ransomware attacks and the first ten of them account for more than ...
- Examining Log4j Vulnerabilities in Connected Cars and Charging Stations
December 23, 2021
Since its disclosure on Dec. 9, a vast number of articles have been written on the remote code execution (RCE) vulnerability in the library Apache Log4j — a reflection of its impact. The library is used by innumerable programs to easily release log statements without modifying the code. This means that it has an expansive ...
- Fulfilling Security Requirements for the Transportation Sector
December 23, 2021
Protecting our critical infrastructure against the threat of ransomware remains a top priority for both the private sector and the federal government. In fact, a recent survey from Tripwire found that security professionals in both sectors still identify ransomware as a top security concern. More than half (53%) of respondents in that study said they ...
- Mitigating Log4Shell and Other Log4j-Related Vulnerabilities
December 22, 2021
The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), National Security Agency (NSA), Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), the Computer Emergency Response Team New Zealand (CERT NZ), the New Zealand National Cyber Security Centre (NZ NCSC), and the United Kingdom’s National Cyber Security Centre (NCSC-UK) ...