Major energy contractor reports ‘limited’ access to IT after ransomware locks files

December 3, 2024 at 03:07PM ENGlobal, an American energy contractor, is facing limited IT system access following a ransomware incident detected on November 25. The company is investigating and mitigating the breach, which involved unauthorized access and encryption of data. ENGlobal serves high-profile clients, including government departments, making it a prime target for cybercriminals. **Meeting … Read more

Volunteer DEF CON hackers dive into America’s leaky water infrastructure

November 24, 2024 at 10:33AM The Franklin project, launched at DEF CON, enlists hackers to enhance cybersecurity for six US water companies, addressing critical vulnerabilities. In partnership with the University of Chicago and the NRWA, volunteers will assess and improve security systems, aiming to bolster resilience against cyber threats targeting America’s critical infrastructure. **Meeting Takeaways: … Read more

Leaky Cybersecurity Holes Put Water Systems at Risk

November 22, 2024 at 11:53AM Nearly 100 large community water systems in the U.S. possess serious cybersecurity vulnerabilities, risking water supply for 27 million Americans. Despite regulations, financial and resource constraints hinder proper security measures. Cyberattacks from various groups have targeted water systems, emphasizing a critical need for improved investment and security practices in this … Read more

China’s Cyber Offensives Built in Lockstep With Private Firms, Academia

November 22, 2024 at 09:51AM Research reveals that numerous private cybersecurity firms and universities are aiding China in developing offensive cyber capabilities to support military and economic ambitions. This collaboration enhances cyberattacks, particularly against U.S. infrastructure, raising concerns about China’s persistent cyber threats and the complex ecosystem involving state and non-state actors. ### Meeting Takeaways … Read more

Over 145,000 Industrial Control Systems Across 175 Countries Found Exposed Online

November 21, 2024 at 06:11AM New research reveals over 145,000 internet-exposed Industrial Control Systems (ICS) in 175 countries, with the U.S. having the highest exposure. Key protocols used are outdated, increasing vulnerability. Cyber attacks targeting ICS are rare but rising, necessitating enhanced security measures. The analysis underscores the importance of monitoring and securing critical infrastructure. … Read more

Jen Easterly, CISA Director, to Step Down on Inauguration Day

November 18, 2024 at 03:56PM Jen Easterly, director of CISA, will resign on Inauguration Day as part of a transition to a Trump administration. During her tenure, she addressed significant cybersecurity incidents, including the Colonial Pipeline attack, and implemented new initiatives. Future plans for CISA remain uncertain amid calls from Republicans for mission restrictions. ### … Read more

Why Custom IOCs Are Necessary for Advanced Threat Hunting and Detection

November 18, 2024 at 10:33AM Cyber Threat Intelligence (CTI) is vital for cybersecurity, emphasizing the importance of actionable, reliable, and timely information. Indicators of Compromise (IOCs) are crucial but often generic and ineffective. Custom IOCs enhance threat detection, adapt to specific risks, improve supply chain security, and support compliance, making them essential for organizational defense. … Read more

Homeland Security Department Releases Framework for Using AI in Critical Infrastructure

November 15, 2024 at 03:26PM The Homeland Security Department’s framework advises AI developers to assess risky capabilities, align products with human-centric values, and safeguard user privacy in critical infrastructure applications. **Meeting Takeaways:** 1. **Evaluation of Capabilities**: AI developers are advised to assess and evaluate any potentially dangerous functionalities of their products. 2. **Alignment with Human-Centric … Read more

Trump 2.0 May Mean Fewer Cybersecurity Regs, Shift in Threats

November 15, 2024 at 08:05AM President-elect Donald Trump’s administration is expected to prioritize critical infrastructure security while reducing cybersecurity regulations. Experts predict a shift in cyber threats due to changing foreign policies, particularly concerning China, Iran, and Russia. Companies may see an uptick in state-level privacy regulations amid an easing of federal oversight. ### Meeting … Read more

OpenText Cybersecurity Unveils 2024’s Nastiest Malware

November 13, 2024 at 05:58PM OpenText has released its “Nastiest Malware of 2024” list, with ransomware LockBit topping the rankings for its persistent attacks on critical infrastructure. Cybersecurity investments are expected to rise by 14.3%, exceeding $215 billion. Other notable malware include Akira, RansomHub, Dark Angels, Redline, and Play Ransomware. ### Meeting Takeaways from OpenText … Read more