Usage subject to Terms and Conditions

Archives March 2022

Orca Security Unveils Attack Path Analysis Score for Cloud Apps

Read the original article at https://www.msspalert.com/cybersecurity-services-and-products/orca-security-unveils-attack-path-analysis-score-for-cloud-apps/

Orca Security attack path analysis capability allows security analysts to view information on each step within the attack chain, Orca asserts.

The post Orca Security Unveils Attack Path Analysis Score for Cloud Apps appeared first on MSSP Alert.

Read the original article at https://www.msspalert.com/cybersecurity-services-and-products/orca-security-unveils-attack-path-analysis-score-for-cloud-apps/

Kroll Acquires Risk Intelligence Technology Provider Resolver

Read the original article at https://www.msspalert.com/investments/kroll-acquires-risk-intelligence-technology-provider-resolver/

Kroll, which has a Top 250 MSSP business practice, acquires risk intelligence technology provider Resolver. Cybersecurity M&A activity remains strong.

The post Kroll Acquires Risk Intelligence Technology Provider Resolver appeared first on MSSP Alert.

Read the original article at https://www.msspalert.com/investments/kroll-acquires-risk-intelligence-technology-provider-resolver/

How Frequently Do Hackers Exploit Zero-Day Vulnerabilities? Here’s the Math

Read the original article at https://www.msspalert.com/cybersecurity-research/how-frequently-do-hackers-exploit-zero-day-vulnerabilities-heres-the-math/

It takes hackers about 12 days to exploit a vulnerability — down from 42 days the prior year, Rapid7 research finds.

The post How Frequently Do Hackers Exploit Zero-Day Vulnerabilities? Here’s the Math appeared first on MSSP Alert.

Read the original article at https://www.msspalert.com/cybersecurity-research/how-frequently-do-hackers-exploit-zero-day-vulnerabilities-heres-the-math/

CISA Releases Security Advisories for Rockwell Automation Products

Read the original article at https://us-cert.cisa.gov/ncas/current-activity/2022/03/31/cisa-releases-security-advisories-rockwell-automation-products

Original release date: March 31, 2022

CISA has released two Industrial Controls Systems Advisories (ICSAs) detailing vulnerabilities in Rockwell Automation products. An attacker could exploit these vulnerabilities to inject code on affected system. 
 
CISA encourages users and administrators to review ICSA-22-090-05: Rockwell Automation Logix Controllers and ICSA-22-090-07: Rockwell Automation Studio 5000 Logix Designer for more information and to apply the necessary mitigations and detection method.  

This product is provided subject to this Notification and this Privacy & Use policy.

Read the original article at https://us-cert.cisa.gov/ncas/current-activity/2022/03/31/cisa-releases-security-advisories-rockwell-automation-products

Simple Facebook Phishing Scam Takes an Unexpected Turn to Throw Potential Victims Off the Scent

Read the original article at https://blog.knowbe4.com/facebook-phishing-scam-takes-unexpected-turn

Rather than take the usual path of sending an email and linking to a spoofed logon page, this attack takes a different set of actions that at first make no sense but may actually be brilliant.

Read the original article at https://blog.knowbe4.com/facebook-phishing-scam-takes-unexpected-turn

Cisco: Web 3.0 Will be the Next Frontier for Social Engineering and Phishing Attacks

Read the original article at https://blog.knowbe4.com/cisco-web-3.0-will-be-the-next-frontier-for-social-engineering-and-phishing-attacks

A look at what makes up Web 3.0 and how it may be used includes insight into what kinds of cyberattacks may plague it, as cybercriminals look for new profitable opportunities.

Read the original article at https://blog.knowbe4.com/cisco-web-3.0-will-be-the-next-frontier-for-social-engineering-and-phishing-attacks

FBI Releases PIN on Ransomware Straining Local Governments and Public Services

Read the original article at https://us-cert.cisa.gov/ncas/current-activity/2022/03/31/fbi-releases-pin-ransomware-straining-local-governments-and-public

Original release date: March 31, 2022

The Federal Bureau of Investigation (FBI) has released a Private Industry Notification (PIN) to inform U.S. Government Facilities Sector partners of cyber actors conducting ransomware attacks on local government agencies that have resulted in disrupted operational services, risks to public safety, and financial losses.

CISA encourages local government officials and public service providers to review FBI PIN: Ransomware Attacks Straining Local U.S. Governments and Public Services and apply the recommended mitigations.
 

This product is provided subject to this Notification and this Privacy & Use policy.

Read the original article at https://us-cert.cisa.gov/ncas/current-activity/2022/03/31/fbi-releases-pin-ransomware-straining-local-governments-and-public

Obvious Phishbait, But Someone Will Bite

Read the original article at https://blog.knowbe4.com/facebook-messenger-phishing-scam

A widespread phishing scam is circulating in Facebook Messenger, according to Jeff Parsons at Metro. The phishing messages simply contain the words, “Look what I found,” along with a link. If the user clicks the link, they’ll be taken to a spoofed Facebook login page that will steal their credentials. Notably, the attackers send the messages from compromised accounts of the target’s Facebook friends, which increases the appearance of legitimacy.

Read the original article at https://blog.knowbe4.com/facebook-messenger-phishing-scam

CISA Adds Seven Known Exploited Vulnerabilities to Catalog

Read the original article at https://us-cert.cisa.gov/ncas/current-activity/2022/03/31/cisa-adds-seven-known-exploited-vulnerabilities-catalog

Original release date: March 31, 2022

CISA has added seven new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow on the of the “Date Added to Catalog” column, which will sort by descending dates.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise. BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the meet the specified criteria.

This product is provided subject to this Notification and this Privacy & Use policy.

Read the original article at https://us-cert.cisa.gov/ncas/current-activity/2022/03/31/cisa-adds-seven-known-exploited-vulnerabilities-catalog