OT Data Stolen by Ransomware Gangs Can Facilitate Cyber-Physical Attacks

Cyber Insights 2022: Improving Criminal Sophistication | More Russian Attacks Against Ukraine Come to Light:

Visit SecurityWeek.Com | Advertise | Contact   Webcasts RSS Feed 01.31.22 Monday, January 31, 2022 Report: Architecting the Next Generation for OT Security Gain research-backed insights into current conditions and emerging trends in the OT Security realm Get Report The Third Building Block for the SOC of the Future: Balanced Automation When automation is consciously balanced between humans and machines, we can ensure security teams always have the best tool for the job. Read the Full Column by Marc Solomon In the Hacker's Crosshairs: K-12 Schools Schools should take measures to identify and secure sensitive data, keep devices up-to-date, and ensure that their endpoint security controls are working. Read the Full Column by Torsten George Combating the Surge in Retail Theft and E-Commerce Fraud With Open Source Intelligence Similar to investigations that disrupt cyberattacks on retailers, the same tactics, techniques, and procedures (TTPs) can be leveraged against those that sell counterfeit or stolen goods. Read the Full Column by Landon Winkelvoss Seven Ways to Ensure Successful Cross-Team Security Initiatives While there are many approaches to successfully accomplishing cross-team security initiatives, these seven points are helpful when working to push these efforts across the finish line. Read the Full Column by Joshua Goldfarb Living Off the "Edge" of the Land Living-off-the-land attacks are effective because they allow attackers to hide their activities in legitimate processes and makes it harder for defenders to detect them. These tools also make attack attribution much harder. Read the Full Column by Derek Manky How to Attract Hard-to-Find Cybersecurity Talent When organizations adopt a broader yet more focused framework for cybersecurity staffing, they're suddenly positioned to gain a clear competitive advantage in the labor market. Read the Full Column by Jeff Orloff Meshed Cybersecurity Platforms Enable Complex Business Environments Cybersecurity deployments have become as complex as the networks they are trying to protect. And that's not a good thing. Read the Full Column by John Maddison CISA Steps up Public and Private Sector Collaboration in 2021 Under the leadership of Jen Easterly, CISA launch several key initiatives to significantly increase government collaboration among federal agencies as well as with the private sector. Read the Full Column by Galina Antova The Second Building Block for the SOC of the Future: An Open Integration Framework An open integration architecture provides the greatest access to data from technologies, threat feeds and other third-party sources, and the ability to drive action back to those technologies once a decision is made. Read the Full Column by Marc Solomon Defense Contractors Must do More to Conceal Their Attack Surface The rise of social engineering tactics as well as risks associated with embedded vulnerabilities in contractor networks makes keeping this technology confidential and out of the hands of adversaries increasingly difficult. Read the Full Column by Gordon Lawson IoT's Importance is Growing Rapidly, But Its Security Is Still Weak" There is a pressing need tighten IoT security, especially in an insecure world where these unmanaged devices are playing a rapidly-growing and increasingly important role. Read the Full Column by Marie Hattar A New Year Will Bring New Targets: What to Look for in 2022 While the sky just may be the limit (or actually, it may not be), when it comes to cybercriminals, three key areas where we expect to see more activity in the coming year are space, digital wallets and esports. Read the Full Column by Derek Manky Report: Architecting the Next Generation for OT Security Gain research-backed insights into current conditions and emerging trends in the OT Security realm Get Report See All Recent Articles at SecurityWeek.Com Cyber Insights 2022: Improving Criminal Sophistication: When defenses get stronger, attackers get more sophisticated; and when attackers get more sophisticated, defenses get stronger. Read More OT Data Stolen by Ransomware Gangs Can Facilitate Cyber-Physical Attacks: Many ransomware attacks on industrial and critical infrastructure organizations result in OT data leaks that can be useful to threat actors for cyber-physical attacks. Read More Cyberattacks Increasingly Hobble Pandemic-Weary US Schools: Public school systems – which often have limited budgets and cybersecurity expertise -- have become an inviting target for ransomware gangs. Read More North Korean Hackers Abuse Windows Update Client in Attacks on Defense Industry: In a January 2022 attack, Lazarus abused the Microsoft Windows Update client for code execution. Read More More Russian Attacks Against Ukraine Come to Light: Security researchers say Russian threat actors are behind two recent cyber-operations against Ukrainian targets. Read More SureMDM Vulnerabilities Exposed Companies to Supply Chain Attacks: A series of vulnerabilities in 42Gears' SureMDM device management products could have resulted in a supply chain compromise against any organization using the platform. Read More CISA's 'Must Patch' List Puts Spotlight on Vulnerability Management Processes: CISA's Known Exploited Vulnerabilities Catalog puts the spotlight on ​​vulnerability management processes. Read More Israeli Lawyer, Hungarian Rights Group Target Pegasus Spyware: An Israeli lawyer said he was working with a rights group in Hungary to pursue authorities and Israeli firm NSO Group on behalf of Hungarian journalists allegedly targeted with Pegasus spyware. Read More Finnish Diplomats Targeted by Pegasus Spyware: Ministry: Mobile phones belonging to Finnish diplomats were spied on using the cyber espionage software Pegasus, the country's foreign ministry said on Friday. Read More Network Security Firm Portnox Raises $22 Million in Series A Funding: Network and endpoint security firm Portnox has raised $22 million in a Series A funding round. Read More Vulnerabilities in Swiss E-Voting System Earn Researchers Big Bounties: Researchers have already earned tens of thousands of euros for vulnerabilities found in Switzerland's new e-voting system. Read More Zerodium Offering $400,000 for Microsoft Outlook Zero-Day Exploits: The exploit acquisition firm also says it is willing to pay up to $200,000 for zero-days in Mozilla Thunderbird. Read More HackerOne Bags $49 Million in Series E Funding: The hacker-powered security platform will invest in research and development and in expanding its go-to-market activities. Read More FBI Warns of Hacker Attacks Conducted by Iranian Cyber Firm: The FBI has warned organizations about the hacker attacks conducted by an Iran-based cyber company named Emennet Pasargad. Read More Xerox Quietly Patched Device-Bricking Flaw Affecting Some Printers: A specially crafted TIFF payload can be sent to a vulnerable printer to cause a denial of service condition that persists after reboots. Read More Web-Tracking 'Cookies' Meant to Protect Privacy: Inventor: The data-tracking "cookies" at the heart of concerns over online privacy were meant to shield people, rather than serve as cyber snoops, their inventor says. Read More Identity Verification Firm Veriff Raises $100 Million: Veriff, a provider of automated identity verification technology, has raised $100 million in a Series C funding round, bringing the total amount raised by the company to $200 million. Read More Over 100 Million Android Users Installed 'Dark Herring' Scamware: Zimperium zLabs has identified 470 malicious Android applications distributed through Google Play and third-party app stores. Read More Outlook Security Feature Bypass Allowed Sending Malicious Links: Specially crafted malicious links can be included in emails to bypass the security system's URL scanning feature. Read More Attack Surface Management Play Censys Scores $35M Investment: The jostling for space in the attack surface management space intensified this week with Michigan startup Censys banking a new $35 million funding round to fuel growth and expansion. Read More French Ministry of Justice Targeted in Ransomware Attack: LockBit 2.0 ransomware operators claim to have hit France's Ministry of Justice and they are threatening to leak stolen information. Read More Microsoft Saw Record-Breaking DDoS Attacks Exceeding 3 Tbps: In November and December 2021, Microsoft mitigated record-breaking DDoS attacks that exceeded 3 Tbps, the largest at 3.47 Tbps and 340 Mpps. Read More US Says National Water Supply 'Absolutely' Vulnerable to Hackers: Cyber defenses for US drinking water supplies are "absolutely inadequate" and vulnerable to large-scale disruption by hackers, a senior official said. Read More REvil Ransomware Operations Apparently Unaffected by Recent Arrests: The activity of the ransomware cooperative did not decrease following Russia's smackdown. Read More To help make sure the SecurityWeek Briefing reaches you, please add news@securityweek.com to your address book. © 2021 Wired Business Media Visit SecurityWeek.Com | Twitter | Advertise | Contact

SecurityWeek | 40 Warren Street, Charlestown, MA 02129 Unsubscribe cyberdefense974.77330@blogger.com Update Profile | Constant Contact Data Notice Sent by news@securityweek.com