natacs-logo-192x85

Cybersecurity

Top News in Cybersecurity

Defending yourself against cyberattacks starts with understanding the risks associated with cyber activity, what some of the basic cybersecurity terms mean, and what you can do to protect yourself.

 

Joint Cybersecurity Advisory: APT Actors Exploit Vulnerabilities to Gain Initial Accessfor Future Attacks

Published by Cybersecurity & Infrastructure Security Agency 2 April 2021
 

SUMMARY

In March 2021 the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) observed Advanced Persistent Threat (APT) actors scanning devices on ports 4443, 8443, and 10443 for CVE-2018-13379, and enumerated devices for CVE-2020-12812 and CVE-2019-5591. It is likely that the APT actors are scanning for these vulnerabilities to gain access to multiple government, commercial, and technology services networks. APT actors have historically exploited critical vulnerabilities to conduct distributed denial-of-service (DDoS) attacks, ransomware attacks, structured query language (SQL) injection attacks, spearphishing campaigns, website defacements, and disinformation campaigns.

 
To download this advisory, click here
 
 
 
 

This company was hit by ransomware. Here's what they did next, and why they didn't pay up

Published by ZDNet 25 March 2021
 

Ransomware has become a profitable business for cyber criminals; hacking a large company’s network can result in millions of dollars. One company decided it wouldn’t give in to the hackers' demands. 

 
To read this article, click here
 
 
 
 

Foreign Nationals Sentenced for Roles in Transnational Cybercrime Enterprise

Published by United States Department of Justice 19 March 2021
 

The internet is a global tool we have come to rely heavily on, especially for storing personal and sensitive information. It is also a way for criminal organizations to make money. One organization, run for over seven years, was called Infraud. Now two of its members are serving time in prison after pleading guilty. 

 
To read this press release, click here
 
 
 
 

What is cyber insurance? Everything you need to know about what it covers and how it works

Published by ZDNet 25 March 2021
 
Did you know the concept of insuring against risks to property or persons dates back to 1347? Insurance has come a long way since then. Now, companies can purchase some form of protection in the event of a hacking or cyberattack.
 
To learn more about cyber insurance, click here
 
 
 
 

FBI Releases the Internet Crime Complaint Center 2020 Internet Crime Report, Including COVID-19 Scam Statistics

Published by FBI 17 March 2021
 

Have you been the victim of an internet crime? Online extortion, non-payment/non-delivery scams and phishing scams were the top three categories of internet crime reported to the FBI in 2020. More than ever, it’s important to educate yourself and take steps to mitigate your risk.

 
To read this report, click here
 
 
 
 

FBI-CISA Joint Advisory Plus Two Additional Important Cyber Notices

Published by Cybersecurity & Infrastructure Security Agency 10 March 2021
 
Three new notices have been released by the Cybersecurity & Infrastructure Security Agency (CISA):
  1. FBI-CISA Joint Advisory on Compromise of Microsoft Exchange Server

Today (3/10), CISA and the Federal Bureau of Investigation (FBI) released a Joint Cybersecurity Advisory to address recently disclosed vulnerabilities in Microsoft Exchange Server. CISA and FBI assess that adversaries could exploit these vulnerabilities to compromise networks and steal information, encrypt data for ransom, or even execute a destructive attack. The Joint Cybersecurity Alert places the malicious cyber actor activity observed in the current Microsoft Exchange Server product compromise into the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework.

CISA recommends organizations to review Joint CSA: AA-21-069 Compromise of Microsoft Exchange Server as well as the CISA Remediating Microsoft Exchange Vulnerabilities web page for guidance on detecting, protecting against, and remediating this malicious activity.

  1. F5 Releases Security Advisory for Multiple Vulnerabilities in BIG-IP, BIG-IQ

Earlier today (3/10), F5 announced multiple CVEs impacting BIG-IP and BIG-IQ devices. Of these, four are criticalremote code execution vulnerabilities, whereby an attacker could exploit these to take control of an affected system. Two related CVEs are buffer-overflow vulnerabilities. If triggered, a buffer overflow would result in a DoS attack, and—in certain situations — may allow remote code execution.  To fully remediate the critical vulnerabilities, BIG-IP customers must update to a patched version as soon as possible.

CISA has published a current activity alert on the specific vulnerabilities affecting BIG-IP and BIG-IQ. For additional detail, organizations are encouraged to review the information provided by F5 — including related security advisories and supplemental information—to help determine the impact on their devices.

  1. Supply Chain Compromise Short Term Remediation

Last evening (3/9), CISA began releasing new resources to support federal departments and agencies affected by related threat activity associated with the compromise of certain versions of the SolarWinds Orion platform.

These resources provide technical remediation guidance based on the three categories previously outlined in Activity Alert AA20-352A, to include related public and private sector resources recommended by CISA. The guidance will assist organizations with understanding the steps for detecting, mitigating, and evicting this threat actor from their networks, and prevent the actor’s re-use of similar tactics, techniques, and procedures. These steps will prepare federal departments and agencies for long-term actions to build more secure, resilient networks.

Although the information released will be tailored to federal departments and agencies, CISA encourages critical infrastructure, private sector organizations, and other affected entities to refer to Mitigating and Remediating APT-Compromised Networks for eviction guidance and technical resources and cisa.gov/supply-chain-compromise for general information on this compromise and related activity.

 
 
 

Microsoft Warns of Windows Win32k Privilege Escalation

Published by Cybersecurity & Infrastructure Security Agency 9 February 2021
 
The Cybersecurity & Infrastructure Security Agency (CISA) is sharing a new Microsoft Security Advisory. Microsoft announced there is, “...an escalation of privileges vulnerability (CVE-2021-1732) in Microsoft Win32k. A local attacker can exploit this vulnerability to take control of an affected system. Microsoft has stated that Windows 10 and Windows Server 2019 are affected by this vulnerability.”
 
To read this article, click here
 
 
 
 

FTC Reports Scammers Impersonating FTC

Published by Cybersecurity & Infrastructure Security Agency 26 January 2021
 
The Cybersecurity & Infrastructure Security Agency (CISA) newest alert comes from the Federal Trade Commission (FTC). The FTC, “...has released information on scammers attempting to impersonate the FTC. The scammers operate an FTC-spoofed website that claims to provide instant cash payments and tries to trick consumers into disclosing their financial information.”
 
To read this alert, click here
 
 
 
 

Personal Security Considerations

Published by Cybersecurity & Infrastructure Security Agency 14 January 2021
 
The Cybersecurity & Infrastructure Security Agency (CISA) has released a new fact sheet titled, “Personal Security Considerations.” CISA states that the new information, “encourages critical infrastructure owners and their personnel to remain vigilant and report suspicious behavior that individuals may exhibit in order to thwart an attack. It also contains several easily implementable security measures that can mitigate threats to personal safety.”
 
To learn how to protect yourself, click here.
 
 
 
 

Cybersecurity and Physical Security Convergence

Published by Cybersecurity & Infrastructure Security Agency 5 January 2021
 
The Cybersecurity & Infrastructure Security Agency (CISA) has released a new guide titled, “The Cybersecurity and Infrastructure Security Convergence Action Guide.” CISA states that the new guidance “describes the complex threat environment created by increasingly interconnected cyber-physical systems, and the impacts that this interconnectivity has on an organization’s cybersecurity and physical security functions.”
 
To read this guide, click here
 

 

 

CBP and Simplified Arrival Stop Imposter at Washington Dulles

Published by Homeland Security Today 4 January 2021
 
A man who had multiple warrants for his arrest attempted to use a family member’s identification when he was flagged by CBP’s Simplified Arrival facial comparison technology. Keith Fleming, Acting Director of Field Operations for CBP’s Baltimore Field Office states, “Posing as someone else when attempting to enter the United States is a serious violation of U.S. immigration law and has very serious consequences...”
 
To read this article, click here.
 
 
 
 

Mitigate SolarWinds Orion Code Compromise

Published by Cybersecurity & Infrastructure Security Agency 13 December 2020
 
The Cybersecurity & Infrastructure Security Agency (CISA) has issued an Emergency Directive 21-01; this directive states, “SolarWinds Orion products (affected versions are 2019.4 through 2020.2.1 HF1) are currently being exploited by malicious actors. This tactic permits an attacker to gain access to network traffic management systems.”
 
To read this emergency directive, click here
 
To download the most recent update as of 18 December 2020, click here.
 
To read additional information and resources, click here.
 
To read continued updates, click here.
 
To read the most recent update as of 30 December 2020, click here.
 
To read the most recent update as of 6 January 2021, click here.
 
 
 
 

That Email About Your Delivery Could Be Fake: Phishing Scammers Increase Their Attack on Online Shoppers

Published by ZDNET 1 December 2020
 
Before you click on any links, it’s always a good idea to think twice – especially with those emails you’re receiving regarding tracking and delivery of purchased online orders. There is a good possibility that the email in your inbox could be a phishing attempt from an online scammer.
 
To read this article, click here
 
 
 
 

CISA Urges All Americans to be on Alert for Holiday Scams and Cyber Threats

Published by Cybersecurity & Infrastructure Security Agency 24 November 2020
 
There are several great advantages in doing your holiday shopping online, but if you aren't careful, you could find yourself the victim of a cyber crime. The Cybersecurity & Infrastructure Security Agency (CISA) provides great information on how to stay cyber-safe this holiday season.
 
To learn how to mitigate your risk of becoming a victim, click here.
 
 
 
 

Embry-Riddle Research Aims to Blunt Aviation Cyber Attacks

Published by Embry-Riddle Aeronautical University 13 November 2020
 
The Cyber Scholarship Program Award was given to Embry-Riddle Aeronautical University to help mitigate cyber threats within the aviation industry. This award will provide the funds needed for research and equipment to help combat attacks and threats, such as drone hacking.
 
To read this article, click here
 
 
 
 

Enhancing Cybersecurity For Aircraft Systems

Published by Aero-mag.com 4 November 2020
 
Aircraft systems are relying more on the internet and this is raising the potential for cyber attacks on aircraft. New amendments concerning cybersecurity are being introduced by the European Aviation Safety Agency (EASA).
 
To read this article, click here
 
 
 
 

IoT Security for Smart Airports and Aviation Systems

Published by IoT For All 22 October 2020
 
We’ve all heard of smart phones, but have you heard of smart airports? Take a look at the security challenges airports face when they implement internet-based systems in their ongoing efforts to improve passenger experience.
 
To read this article, click here
 
 
 
 

Cyber Essentials Toolkits

Published by Cybersecurity & Infrastructure Security Agency 15 October 2020
 
It’s National Cyber Security Awareness Month (NCSAM)! Are you ready for the next chapter in CISA’s Cyber Essentials Toolkit? Chapter 5 has been released and CISA states, “This chapter focuses on strategies for cultivating a proactive data protection culture aimed at making organizations more resilient against attacks that may harm data integrity or render data inaccessible. It includes links to resources for leaders to understand how to properly manage backups, and safeguard against ransomware, malware, and other attacks.”
 
To learn more, click here
 
 
 
 

Alert (AA20-283A): APT Actors Chaining Vulnerabilities Against SLTT, Critical Infrastructure, and Elections Organizations

Published by Cybersecurity & Infrastructure Security Agency 9 October 2020
 
The Cybersecurity & Infrastructure Security Agency (CISA)  and the Federal Bureau of Investigation (FBI) has issued a new alert; this alert (AA20-283A) states, “CISA has recently observed advanced persistent threat (APT) actors exploiting multiple legacy vulnerabilities in combination with a newer privilege escalation vulnerability—CVE-2020-1472—in Windows Netlogon. The commonly used tactic, known as vulnerability chaining, exploits multiple vulnerabilities in the course of a single intrusion to compromise a network or application."
 
To read this alert, click here
 
 
 
 

Do Your Part. #BeCyberSmart

Published by Cybersecurity & Infrastructure Security Agency 1 October 2020
 
Did you know that October is National Cybersecurity Awareness Month (NCSAM)? Outreach and promotions regarding cybersecurity will be provided each week by the Cybersecurity & Infrastructure Security Agency (CISA), and the National Cyber Security Alliance (NCSA). You won’t want to miss out!
 
To learn more, click here.

 

 

CISA and MC-ISAC Release Ransomware Guide

Published by Cybersecurity & Infrastructure Security Agency 30 September 2020
 
The Cybersecurity & Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) have released a new guide regarding ransomware: “...that details practices that organizations should continuously engage in to help manage the risk posed by ransomware and other cyber threats.”
 
For more information about ransomware, click here
 
 
 
 

Telework Essentials Toolkit

Published by Cybersecurity & Infrastructure Security Agency 30 September 2020
 
A Telework Essentials Toolkit has recently been published by the Cybersecurity & Infrastructure Security Agency (CISA). According to CISA, this document is “...a comprehensive resource of telework best practices. The Toolkit provides three personalized modules for executive leaders, IT professionals, and teleworkers.”
 
To view this toolkit, click here.
 
 
 
 

Emergency Directive 20-04

Published by Cybersecurity & Infrastructure Security Agency 18 September 2020
 
An Emergency Directive has been released by the Cybersecurity & Infrastructure Security Agency (CISA). This Emergency Directive (20-04) from CISA concerns "a critical vulnerability affecting Microsoft Windows servers with the domain controller role. An unauthenticated attacker with only network access to the domain controller could exploit the vulnerability to completely compromise all Active Directory identity services.”
 
To read this Emergency Directive, click here
 
 
 
 

Understanding the Tactics of Ransomware Attacks

Published by Security Boulevard 10 September 2020
 
When surfing the internet, or checking your emails, are you aware of the dangers lurking online? Don’t become a victim of a ransomware attack, instead, be prepared to fight by understanding the strategy of your enemy.
 
To read this article, click here.

Iran-Based Threat Actor Exploits VPN Vulnerabilities

Published by Cybersecurity & Infrastructure Security Agency 15 September 2020
 
The Cybersecurity & Infrastructure Security Agency (CISA) has issued a new alert; this alert (AA20-259A) states, “CISA and FBI are aware of an Iran-based malicious cyber actor targeting several U.S. federal agencies and other U.S.-based networks.”
 
To read this alert, click here
 
 
 
 

Chinese Ministry of State Security-Affiliated Cyber Threat Actor Activity

Published by Cybersecurity & Infrastructure Security Agency 14 September 2020
 
The Cybersecurity & Infrastructure Security Agency (CISA) has issued an alert; this alert (AA20-258A) states, “The Cybersecurity and Infrastructure Security Agency (CISA) has consistently observed Chinese Ministry of State Security (MSS)-affiliated cyber threat actors using publicly available information sources and common, well-known tactics, techniques, and procedures (TTPs) to target U.S. Government agencies.”
 
To read this alert, click here.
 
 
 
 

Technical Approaches to Uncovering and Remediating Malicious Activity

Published by Cybersecurity & Infrastructure Security Agency 1 September 2020
 
Are you interested in learning how to mitigate malicious activity online? Well, you are in luck! An advisory, “Technical Approaches to Uncovering and Remediating Malicious Activity” has been released by the Cybersecurity & Infrastructure Security Agency (CISA), along with several international partners, and states “This joint guidance provides best practices to mitigate and detect common attack vectors; however, organizations are reminded to tailor mitigations specific to their own unique network environment.”
 
To learn more, click here
 
 
 
 

Operational Best Practices for Encryption Key Management

Published by Cybersecurity & Infrastructure Security Agency 25 August 2020
 
Encryption is an extremely important tool, as it provides an extra layer of cybersecurity. The Cybersecurity & Infrastructure Security Agency (CISA) has released on its website, the Operational Best Practices for Encryption Key Management along with the Encryption Key Management Fact Sheet. The email announcement from CISA states, “The Federal Partnership for Interoperable Communications (FPIC) in collaboration with SAFECOM and the National Council of Statewide Interoperability Coordinators developed this document as a way to further address critical encryption issues, including encryption key change periods and the continued use of the data encryption standard (DES).”
 
To view these documents, click here
 
 
 
 

Cyber Essentials Toolkits

Published by Cybersecurity & Infrastructure Security Agency 17 August 2020

 

Technology is an essential part of our everyday lives and it's important for operations to understand the fundamentals of cybersecurity to mitigate their risk of becoming a cyberattack victim. The Cybersecurity & Infrastructure Security Agency (CISA) has published a set of Cyber Essential Toolkits that focus on the individual, staff members and an operation's systems.

 

To view these toolkits, click here.

 

 

 

 

 

The State of Civil Aviation Cybersecurity

Published by Trip Wire 9 August 2020
 

Are you aware of the risks that the aviation industry faces due to cyberattacks? There are many different areas of aviation that could be affected: air traffic control (ATC) centers, airlines, supply vendors, airports and passengers. It’s important to remember that as more systems connect with each other and new technology is implemented, new cybersecurity risks emerge.

 

To read this article, click here

 

 

 

 

Garmin Ltd. (GRMN) Q2 2020 Earnings Call Transcript

Published by The Motley Fool 29 July 2020

 

In the world of aviation, many rely on apps and services provided by the company, Garmin. The company recently experienced a network outage, generated by a cyberattack. CEO Clifton Pemble stated, “We immediately assessed the nature of the attack and started remediation efforts. We have no indication that any customer data was accessed, lost or stolen.”

 

To read this article, click here.
 
 
 
 

Trade Groups Warn of Online Charter Fraud

Published by AINonline 15 July 2020

 

If you were to conduct a Google search for private air charter, it is highly likely that you would come across an ad promoting a website that offers this service. However, chances are this website is fake, created by fraudsters looking to take advantage. Prior to booking any travel, it’s important to do your research.

 

To learn how to identify these fake websites, click here

 

 

 

 

Report COVID-19 Fraud

Published by United States Department of Justice
 
The United States Department of Justice is reminding people to be on the lookout for any COVID-19 fraud schemes involving the IRS, testing and treatment of the virus, and antibody testing; and to report any suspicious activity.
 
For read this notice, click here
 
 
 
 
 

Radio Frequency: An Airborne Threat to Corporate and Government Networks

Published by Security Magazine 6 July 2020

 

Radio frequency (RF) plays a huge part within the aviation industry and is required to use while operating an aircraft. Malicious users take advantage of the different devices and networks to intercept RF communications. “According to the annual Ericsson report, there are more than 22 billion connected devices – 15 billion of these devices contain radios – making them targets for an RF breach. Nations and enterprises are more at risk of a radio-based attack than ever before.”

 

To read this article, click here

 

 

 

 

Cyber Researchers Devise Method to Pinpoint Location of Drone Operators

Published by Homeland Security Today 6 July 2020

 

Drones can be extremely helpful and useful in some respects; but can also be a threat to protected airspace. HS Today states, “While some disruptive drone use is mere carelessness, the threats from malicious use include surveillance and active attacks.” Due to these threats, researchers at Ben-Gurion University of the Negev (BGU) have made it possible to: “...pinpoint the location of a drone operator who may be operating maliciously or harmfully near airports or protected airspace by analyzing the flight path of the drone.”

 

To read this article, click here

 

 

 

 

Ransomware Attacks Spike by 140%, 57% of Organizations Agree to Pay

Published by Atlas VPN 9 June 2020

Just because something hasn’t happened to you yet, doesn’t mean it can’t happen in the future. Murphy’s Law states, “Anything that can go wrong, will go wrong.” This is why it’s crucial to know how to protect your organization/business from ransomware. Atlas VPN states, “Data extracted and analyzed by Atlas VPN reveals, the amounts of demanded ransom payments increased by 140%, comparing the numbers of 2018 to 2019. More and more organizations succumb to blackmail: 57% of organizations settled and paid the ransom during the last 12 months.”

To read this article, click here.

 

 

PODCAST: Connected Aircraft Cybersecurity 101 With the Satcom Guru

Published by Aviation Today 16 March 2020

Cybersecurity is an extremely broad subject and is used across many industries, including aviation. Peter Lemme, a former Boeing engineer, speaks about cybersecurity and the potential security risks that operators see while in flight. 

To listen to this Global Connected Aircraft podcast, click here.

 

 

'Flight Risk' Employees Involved in 60% of Insider Cybersecurity Incidents

Published by ZDNet 20 May 2020

ZDNet states, “Employees planning to leave their jobs are involved in 60% of insider cybersecurity incidents and data leaks, new research suggests.” Many aspects of the aviation industry are sensitive and require protection. Take a moment and think... what if one of your employees resigned and took with them critical security information regarding your operation? Do you have a plan in place to mitigate insider threat? If you don’t, you may want to look into it.

To read this article, click here.

 

 

Cyber Security in Shipping During COVID-19 Pandemic

Published by Hellenic Shipping News 5 May 2020

The phrase ‘a new normal’ can be hard to digest, as change can be daunting. Despite this, we all need to adapt to this new way of living, especially companies and organizations. Orders concerning social distance have forced millions to start working remotely, and this includes employees of shipping companies. However, working from home raises concerns with regards to cybersecurity and puts operations at risk.

To read this article, click here. 

 

 

Aviation & Defense Cyber Security Market - Current Impact to Make Big Changes | Lockheed Martin, IBM, Rockwell Collins

Published by Open PR 30 April 2020

Cybersecurity is extremely important as it puts a plan in place to help protect and defend against possible cyber attacks/threats. It is especially crucial because of the simple fact - technologies are always advancing. Open PR states, “During these suspicious times, governments and organizations are investing more in the cybersecurity of defense and aviation products and services than they have ever before. The key factor of investment in the cybersecurity segment due to significant tension between the necessity for technology developments and simultaneously preventing these technologies from cyber-attacks.”

To read this article, click here.

SIM Swapping: A Route for Criminals to Target Those Preoccupied by COVID-19 Pandemic

Published by Homeland Security Today 22 April 2020
 
Technology continues to improve and our mobile devices keep us connected to many aspects of our lives. Homeland Security Today states, “SIM Swapping is a form of unauthorized access to your data through your cell phones". Using this technique criminals gain open access too many of the same accounts you can reach through your computer.
 
To read this article, click here.
 
 
 
 

Online Extortion Scams Increasing During the COVID-19 Crisis

Published by Homeland Security Today 22 April 2020
 
Stuck at home, millions of people are trying to find ways to combat their boredom. Many turn to their computers, cell phones, iPads and other devices. While keeping busy via the internet may be a way to pass time, users should still be careful. Cyber crime continues to be a growing concern with online extortion scams on the rise during the current “stay- at-home” orders.
 
To learn more, click here.
 
 
 
 

Defending Aviation From Cyber Attack

Published by Tech Radar 16 April 2020

Cybersecurity has become a popular topic over the years as these types of threats are becoming more and more apparent. The aviation industry faces potential cyber threats that could be damaging to your operation. These threats can effect numerous aspects of the aviation industry: passenger safety, crew safety, financial loss and more.


To read this article, click here.

 

 

Deal with Ransomware the Way Police Deal with Hostage Situations

Published by Homeland Security News Wire 27 March 2020
 
How much would you pay a perpetrator to retrieve back your sensitive files and data that had been stolen? Can't think of a price? Thinking this would never happen to you? Think again. Over 600 government agencies endured ransomware attacks within the first 9 months of 2019. The best course of action to prevent falling victim to this type of attack is preparation. Educate yourself on best cyber security practices to remain protected. 
 
To read this article, click here
 
 
 
 

How to Avoid Falling Victim to a COVID-19 Phishing Attack

Published by 101 Domain 23 March 2020
 
Since the coronavirus has made its way across the globe, hackers have 'gone phishing' trying to hook their victims. Knowing most people are on high alert due to recent health issues arising, hackers are taking advantage of our fears. Be aware of the new scams that have appeared and know what to look for. 
 
To read this article, click here

 

 

Hackers Are Using These Fake Coronavirus Maps to Give People Malware

Published by Business Insider 12 March 2020

Coronavirus is a global pandemic affecting numerous aspects of our daily lives. During this pandemic, hackers are taking advantage of opportunities to gain access to your systems, sensitive security information (SSI) and personal identifiable information (PII). Educate yourself on safe practices and know what to look for; double check to see if you are on a secured website and ensure what you are downloading doesn’t result in malware. Stay vigilant.

To read this article, click here.

 

 

Protecting Against Cybersecurity Threats When Working From Home

Published by The National Law Review 11 March 2020

How can we stop the spread of coronavirus? The answer - isolation. While the answer seems simple, it's not that easy to isolate yourself when you have to get up every morning and go to work. 

Organizations are taking extreme efforts to help stop the spread of COVID-19; some entities are advising staff to start working from home. Even though that helps mitigate exposure, there are concerns about how to keep sensitive information and data secured. The National Law Review provides some great tips on how to remain secure with remote employees.

To read this article, click here.

 

 

Exclusive: Details of 10.6 Million MGM Hotel Guests Posted on a Hacking Forum

Published by ZDNet 19 February 2020

Personal information including dates of birth, home addresses, full names, emails and phone numbers were released in a large data dump on a hacking forum. The data was obtained through a hacking breach against MGM Resorts and affected more than 10 million guests, including government officials, celebrities, reporters and tech CEOs.

To read this article, click here.

 

 

Cyber-security Threat Guidance Published by ACI World

Published by International Airport Review 11 February 2020

A new handbook has been published by the Airports Council International (ACI) World, providing information on cybersecurity to airports. The handbook is intended to help airports examine their current cyber defenses as well as educate them on how to maintain and strengthen their security systems.

To read this article, click here.

 

 

Medical Devices' Vulnerability to Cyber Attacks

6 February 2020

The healthcare industry is a regular target for cyber attacks and medical devices are especially vulnerable, according to recent articles in Homeland Security Today and HeathcareITNews. The devices, which monitor everything from a patient’s insulin level to their heartbeat, are connected to healthcare IT systems and contain sensitive data. Despite this, they hold few, if any, cybersecurity technology and are extremely easy to hack into, experts say.

To read the article in Homeland Security Today, click here.

To read the article in HealthcareITNews, click here.

 

 

Cybersecurity Expert Explains How Scammers are Taking The Coronavirus Online

Published by WECT 6 News 31 January 2020

Online searches for the coronavirus have become opportunities for cyber criminals and experts are warning users to avoid anything that doesn’t look quite right. One cybersecurity firm says it has discovered docx, mp4s and pdfs that contain malicious files, which can quickly advance through networks, taking over multiple computers. The files, which claim to have links to videos on protection from the coronavirus, can target personal information, a company’s sensitive data or just corrupt a computer system.

To read this article, click here.

 

 

Nintendo Hacker Pleads Guilty

Published by ZDNet 4 February 2020

A 21-year-old man faces up to five years in prison after pleading guilty to hacking a second time into Nintendo’s system, downloading proprietary and confidential data, and then releasing that information online. The man used a vulnerability in Nintendo’s servers and a phishing email to gain access in the two hacking events.

To read this article, click here.

 

 

Preparing for Increased Geopolitical Tensions and Threats

Published by Cybersecurity & Infrastructure Security Agency 6 January 2020

CISA has released a preparation guide for navigating the increase in threats, both cyber and physical, against the United States. Reviewing and implementing the CISA Cyber Essentials can increase your defenses against a cyberattack immediately. An actionable checklist has also been provided to assist in protecting against Cyber and Physical attacks.

To download the full CISA Insight Guide, click here.

 

 

What is Cybersecurity?

Published by Cybersecurity & Infrastructure Security Agency

Educate yourself on cybersecurity with this informative article from the Cybersecurity & Infrastructure Security Agency (CISA). Learn how to improve your cybersecurity, what falls under cybersecurity and what the risks associated with poor cybersecurity are.

To read this article, click here.

 

 

CISA Releases Cyber Essentials for Small Businesses and Governments

Distributed by U.S. Department of Homeland Security Private Sector Office 6 November 2019

 

Cybersecurity is often discussed from a national perspective, but even smaller government and business organizations are vulnerable. This is why the Cybersecurity & Infrastructure Security Agency (CISA) has released a new guide specifically created for these entities.

 

To read this notice, click here.

 

 

 

 

U.S. Official Visits Minneapolis to Cite Cyber Threats

Posted by Neal St. Anthony with the StarTribune 4 November 2019

The director of the National Counterintelligence and Security Center (NCSC) voices concern over the ability of the U.S. to protect its critical infrastructure from cybersecurity threats.

To read this article, click here.

 

 

National Cybersecurity Protection System (NCPS)-Intrusion Detection

Released by DHS/CUSA/PIA-033 25 September 2019

How are federal network systems protected and defended against cyber threats? This report explains how information related to known or suspected cyber threats is collected by the National Cybersecurity Protection System (NCPS).

To download this report, click here.

 

 

DHS Gives Cybersecurity Warning to Small Aircraft Owners Podcast

Published by National Business Aviation Association 12 August 2019

Several steps have been voluntarily taken in the aviation industry to address the risk of unauthorized aircraft access. This podcast, hosted by NBAA, discusses these measures in response to a warning issued by the Department of Homeland Security (DHS) concerning small aircraft and restricted access.

To listen to this podcast, click here.

 

 

Civil Aviation Cybersecurity Information Repository

Published by International Civil Aviation Organization

Building a solid cybersecurity structure to keep air transportation safe is of great importance to the ICAO. This link discusses Civil Aviation and Cybersecurity.

For details, click here.