What to do about inherent security flaws in critical infrastructure?

The latest threat security research into operational technology (OT) and industrial systems identified a bunch of issues — 56 to be exact — that criminals could use to launch cyberattacks against critical infrastructure. But many of them are unfixable, due Read More …

Cyberattack shuts down unemployment, labor websites across the US

A cyberattack on a software company almost a week ago continues to ripple through labor and workforce agencies in a number of US states, cutting off people from such services as unemployment benefits and job-seeking programs. Labor departments and related Read More …

CISA Releases Guidance on Switching to Modern Auth in Exchange Online before October 1

CISA has released guidance on switching from Basic Authentication (“Basic Auth”) in Microsoft Exchange Online to Modern Authentication (“Modern Auth”) before Microsoft begins permanently disabling Basic Auth on October 1, 2022. Basic Auth is a legacy authentication method that does Read More …

Cyberattack forces Iran steel company to halt production

One of Iran’s major steel companies said Monday it was forced to halt production after being hit by a cyberattack, apparently marking one of the biggest such assaults on the country’s strategic industrial sector in recent memory. The Iranian government Read More …

CISA Releases Security Advisories Related to OT:ICEFALL (Insecure by Design) Report

CISA is aware that Forescout researchers have released OT:ICEFALL, a report on 56 vulnerabilities caused by insecure-by-design practices in operational technology across multiple vendors. The vulnerabilities are divided into four main categories: insecure engineering protocols, weak cryptography or broken authentication Read More …

Keeping PowerShell: Security Measures to Use and Embrace

Cybersecurity authorities from the United States, New Zealand, and the United Kingdom recommend proper configuration and monitoring of PowerShell, as opposed to removing or disabling PowerShell entirely. This will provide benefits from the security capabilities PowerShell can enable while reducing Read More …

Yodel blames cyber incident for disruption and parcel-tracking problems

Delivery company Yodel is experiencing service delays because of what it describes as a “cyber incident” affecting customer services and parcel tracking. “Yodel has experienced a cyber incident that has caused some disruption. We are servicing customers but tracking is Read More …

FDNY seeks firewall to stop doxxing, hacking of rescue workers’ personal data

The FDNY is seeking to build a digital firewall to protect the Big Apple’s thousands of rescue workers from cyberattacks, including “doxxing,” The Post has learned. The department recently put out a call in the City Record for consultant services Read More …