NSA Releases Network Infrastructure Security Guidance https://ift.tt/oiOPEwN Original release date: March 3, 2022 The National Security Agency (NSA) has released a new Cybersecurity Technical Report (CTR): Network Infrastructure Security Guidance. The report captures best practices based on the depth and breadth of experience in supporting customers and responding to threats. Recommendations include perimeter and internal […]
Why Upgraded Infrastructure Needs Interoperability and Security https://ift.tt/T3ALSHG In the United States, the $1.2 Trillion Infrastructure Investment and Jobs Act is being called a “once-in-a-generation investment” in infrastructure. A lot of that money will flow to state and local governments throughout the nation. Virtually all of the infrastructure that is being repaired, replaced, or initiated […]
CISA Alerts on Actively Exploited Flaws in Zabbix Network Monitoring Platform https://ift.tt/Bhet5cR The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned of active exploitation of two security flaws impacting Zabbix open-source enterprise monitoring platform, adding them to its Known Exploited Vulnerabilities Catalog. On top of that, CISA is also recommending that Federal Civilian Executive […]
Ukrainian gov’t sites disrupted by DDoS, wiper malware discovered https://ift.tt/TEv3OVW Ukraine’s State Service of Special Communications and Information Protection said a number of government websites and banks are dealing with a “massive DDoS attack” as the country prepares for a potential invasion by Russian-backed forces. The websites for the Ministry of Foreign Affairs, Ministry […]
CISA publishes guide with free cybersecurity tools, resources for incident response https://ift.tt/OHRhjqB CISA has published a guide containing free cybersecurity resources and services that may be valuable in incident response. The US Cybersecurity and Infrastructure Security Agency (CISA) is responsible for monitoring, managing, and reducing risk to the country’s critical infrastructure. The federal agency is […]
GitHub calls for contributions to new cybersecurity Advisory Database https://ift.tt/fe7190t GitHub announced on Tuesday that their Advisory Database for security data is now open to contributions from experts. GitHub senior product manager Kate Catlin explained that the company has teams of security researchers that review all changes and help keep security advisories up to date. […]
Top 6 critical infrastructure cyber-risks https://ift.tt/kVHNEUK Critical infrastructure sectors — from communications and energy to transportation and water — are subject to risk, just like any other organization. Understanding the top risks and how to manage them is key. Before delving into the top risks, let’s clarify what cyber-risk is and how it’s properly understood […]
Squirrelwaffle, Microsoft Exchange Server vulnerabilities exploited for financial fraud https://ift.tt/PB3DnEA The combination of Squirrelwaffle, ProxyLogon, and ProxyShell against Microsoft Exchange Servers is being used to conduct financial fraud through email hijacking. On Tuesday, researchers from Sophos revealed a recent incident in which a Microsoft Exchange Server, which had not been patched to protect it against […]
Traditional MFA is creating a false sense of security https://ift.tt/2vHAsza A report from HYPR and Cybersecurity Insiders, reveals that despite the zero trust initiative, many organizations are still highly exposed to credential attacks due to insufficient multi-factor authentication (MFA) methods and overall lack of urgency after potential exposure. In fact, 64% of those hacked did […]
Vulnerability found in WordPress plugin with over 3 million installations https://ift.tt/Nfl5Fpg Updates have been released for UpdraftPlus, a WordPress plugin with over 3 million installations, after a vulnerability was discovered by security researcher Marc Montpas. In a blog post, the Wordfence Threat Intelligence team explained that the vulnerability allows any logged-in user, including subscriber-level users, […]
Stack IT News 