Preparedness and Prevention - Cyber Security Review

CISA Issues Emergency Directive Requiring Federal Agencies To Mitigate Apache Log4j Vulnerabilities

Posted onDecember 17, 2021December 22, 2021

WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA) issued Emergency Directive (ED) 22-02 today requiring federal civilian departments and agencies to assess their internet-facing network assets for the Apache Log4j vulnerabilities and immediately patch these systems or implement other appropriate mitigation measures. This Directive will be updated to further drive additional mitigation actions. The Read More …

CISA Issues Apache Log4j Vulnerability Guidance

Posted onDecember 14, 2021December 15, 2021

CISA and its partners, through the Joint Cyber Defense Collaborative, are responding to active, widespread exploitation of a critical remote code execution (RCE) vulnerability (CVE-2021-44228) in Apache’s Log4j software library, versions 2.0-beta9 to 2.14.1, known as “Log4Shell” and “Logjam.” Log4j Read More …

German logistics giant Hellmann reports cyberattack

Posted onDecember 10, 2021December 13, 2021

Billion-dollar logistics firm Hellmann Worldwide Logistics reported a cyberattack this week that forced them to temporarily remove all connections to their central data center. The company said the shut down was having a “material impact” on their business operations. The Read More …

Irish Health Service ransomware attack happened after one staffer opened malware-ridden email

Posted onDecember 10, 2021December 13, 2021

Ireland’s Health Service Executive (HSE) was almost paralysed by ransomware after a single user opened a malicious file attached to a phishing email, a consultancy’s damning report has revealed. Issued today, the report from PWC (formerly known as PriceWaterhouseCoopers) said Read More …

Israel leads 10-country simulation of major cyberattack on world markets

Posted onDecember 9, 2021December 10, 2021

Israel led a 10-country, 10-day-long simulation of a major cyberattack on the world’s financial system by “sophisticated” players, with the goal of minimizing the damage to banks and financial markets, the Finance Ministry said on Thursday. The Finance Ministry led Read More …

DHS Announces New Cybersecurity Requirements for Surface Transportation Owners and Operators

Posted onDecember 2, 2021December 3, 2021

WASHINGTON – DHS’s Transportation Security Administration (TSA) today announced two new Security Directives and additional guidance for voluntary measures to strengthen cybersecurity across the transportation sector in response to the ongoing cybersecurity threat to surface transportation systems and associated infrastructure. Read More …

Play Your Cards Right: Detecting Wildcard DNS Abuse

Posted onDecember 1, 2021December 2, 2021

The domain name system (DNS) maps names to addresses so that computers can communicate. The directions within the DNS exist largely in records where a specific name (such as paloaltonetworks.com) is mapped to pieces of data, such as IP addresses Read More …

Railway Cybersecurity – Good Practices in Cyber Risk Management

Posted onNovember 27, 2021November 28, 2021

This report aims to be a reference point for current good practices for cyber risk management approaches that are applicable to the railway sector. It offers a guide for railway undertakings and infrastructure managers to select, combine or adjust cyber Read More …

IT threat evolution Q3 2021

Posted onNovember 26, 2021November 26, 2021

Last March, Kaspersky researchers reported a WildPressure campaign targeting industrial-related entities in the Middle East. While tracking this threat actor in spring 2021, they discovered a newer version. It contains the C++ Milum Trojan, a corresponding VBScript variant and a Read More …

UK government transport website caught showing porn

Posted onNovember 25, 2021November 26, 2021

A UK Department for Transport (DfT) website was caught serving porn earlier today. The particular DfT subdomain behind the mishap, on most days, provides vital DfT statistics for the public and the department’s business plan. Racy traffic ahead The UK Read More …