Readout Of CISA Call With Critical Infrastructure Partners On Log4j Vulnerabilities And The Need For Increased Vigilance This Holiday Season

WASHINGTON – This afternoon, the Cybersecurity and Infrastructure Security Agency (CISA) held a call with critical infrastructure entities from the public and private sectors to emphasize the importance of remaining vigilant against cyber threats over the holiday season, particularly with Read More …

Sensitive information of 30k Florida healthcare workers exposed in unprotected database

More than 30,000 US healthcare workers’ personal information was recently exposed due to a non-password protected database, according to security researcher Jeremiah Fowler and a team of ethical hackers with Website Planet. Fowler discovered a database run by Gale Healthcare Read More …

Indicators of Compromise Associated with Cuba Ransomware

The FBI has identified, as of early November 2021 that Cuba ransomware actors have compromised at least 49 entities in five critical infrastructure sectors, including but not limited to the financial, government, healthcare, manufacturing, and information technology sectors. Cuba ransomware Read More …

DHS Announces New Cybersecurity Requirements for Surface Transportation Owners and Operators

WASHINGTON – DHS’s Transportation Security Administration (TSA) today announced two new Security Directives and additional guidance for voluntary measures to strengthen cybersecurity across the transportation sector in response to the ongoing cybersecurity threat to surface transportation systems and associated infrastructure. Read More …

Railway Cybersecurity – Good Practices in Cyber Risk Management

This report aims to be a reference point for current good practices for cyber risk management approaches that are applicable to the railway sector. It offers a guide for railway undertakings and infrastructure managers to select, combine or adjust cyber Read More …

Sophisticated Tardigrade malware launches attacks on vaccine manufacturing infrastructure

Security researchers are warning biomanufacturing facilities around the world that they are being targeted by a sophisticated new strain of malware, known as Tardigrade. The warning comes from the non-profit Bioeconomy Information Sharing and Analysis Center (BIO-ISAC) which revealed that Read More …

TSA makes changes to new cyber requirements after industry feedback

The Transportation Security Administration is softening the deadlines on new cybersecurity requirements for major passenger and freight rail operators, as the agency’s leader said it learned from efforts earlier this year to begin regulating the cybersecurity of the pipeline sector. Read More …

Iranian Government-Sponsored APT Cyber Actors Exploiting MS Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activities

This joint cybersecurity advisory is the result of an analytic effort among the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), and the United Kingdom’s National Cyber Security Centre (NCSC) Read More …

On the Watch for Incident Response Capabilities in the Health Sector

The meetings of the CSIRT Network and the CyCLONe taking place these days in Ljubljana and online, have set the stage for the publication of the new report on CSIRT capabilities for increased efficiency of incident response tools and processes Read More …

Ukraine links members of Gamaredon hacker group to Russian FSB

SSU and the Ukrainian secret service say they have identified five members of the Gamaredon hacking group, a Russian state-sponsored operation known for targeting Ukraine since 2014. This Gamaredon hacking group, tracked as Armageddon by the SSU, is allegedly operated Read More …