Ransomware Awareness for Holidays and Weekends

CISA and the FBI have released an advisory warning of potential cyberattacks that may occur over the coming Labor Day weekend, noting that in recent years hackers have launched dozens of devastating attacks on long weekends. They urged organizations to Read More …

API Releases New Standard for Pipeline Control Systems

On August 18, 2021, the American Petroleum Institute (API) released the third edition of Standard 1164, Pipeline Control Systems Cybersecurity. The edition has been in development since 2017—a result of expert input from over 70 organizations, including the US’s Department Read More …

Biden to host summit with tech moguls on combating cyberattacks

United States President Joe Biden is set to host leaders from the country’s largest technology and finance firms at the White House on Wednesday to discuss how to shore up their cybersecurity defences in the face of increasingly complex attacks. Read More …

Pakistan: Neglect caused Federal Board of Revenue cyber-attack

Despite knowing that its information technology equipment is obsolete and some of its software is outdated, the Federal Board of Revenue (FBR) did not make any serious effort to upgrade them, which resulted into hacking of the data centres. The Read More …

The Next Disruptive ICS Attacker: An Advanced Persistent Threat (APT)?

No discussion on ICS attacks could be complete without talking about what some would call, ‘the elephant in the room.’ Critical infrastructure has always been a target for warfare, and modern ICS are no exception. Several high-profile ICS disruptions have Read More …

CISA Alert: BadAlloc Vulnerability Affecting BlackBerry QNX RTOS

On August 17, 2021, BlackBerry publicly disclosed that its QNX Real Time Operating System (RTOS) is affected by a BadAlloc vulnerability—CVE-2021-22156. BadAlloc is a collection of vulnerabilities affecting multiple RTOSs and supporting libraries.[1] A remote attacker could exploit CVE-2021-22156 to Read More …

The Next Disruptive ICS Attacker: A Disgruntled Insider?

Often, the most critical threats come from within an organization itself. This is true for all sectors, but it is especially true for industrial control systems (ICS). Technicians in these environments already have access to plant controls and may have Read More …

NSA, CISA release Kubernetes Hardening Guidance

FORT MEADE, Md. – The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) released a Cybersecurity Technical Report, “Kubernetes Hardening Guidance,” today. This report details threats to Kubernetes environments and provides configuration guidance to minimize risk. Read More …

Phishing Attacks Often Target Small Businesses – Here’s What to Watch for

Scammers target businesses with phishing emails all the time, pretending to be legitimate customers or vendors asking for payment. While any company can be vulnerable to this type of attack, small- to medium-size companies are particularly vulnerable because it is Read More …

NSA Issues Guidance on Securing Wireless Devices in Public Settings

FORT MEADE, Md. – NSA released the Cybersecurity Information Sheet, “Securing Wireless Devices in Public Settings” today to help National Security System (NSS), Department of Defense (DoD), and Defense Industrial Base (DIB) teleworkers identify potential threats and minimize risks to Read More …