Filtered by tag: CISA Remove Filter

CISA News Tip of the Week: Top 11 Security Dont's

How many of these are present in your organization?  

1.No cybersecurity training for employees

Read More

CISA News: Scammers Scammed!

The following is from Jim Edman, CISA Cybersecurity Advisor for South Dakota

From the desk of long-time listener, first time submitter Andrew J. Ogan,  a call recorded with a group of scammers in India. The investigator does a great job of identifying and frustrating the scammers over the phone.  It’s a 14-minute video but he does a good job of explaining each step along the way on his call. The initial scam is in regards to an expired Norton anti-virus subscription with the ultimate goal of the scammers to empty his bank account. Unfortunately, far too many Americans fall for these types of scams. https://youtu.be/j0c_I7MWB1U 

CISA Tip of the Week: Social Engineering & Physical Security

The following tip was provided by our friend, Jim Edman, CISA Cybersecurity Advisor for South Dakota.

We spend a majority of time talking about the software and hardware vulnerabilities and related aspects of cybersecurity. It’s important that we remember the physical aspects also. Though we are a small state and considered by some to be somewhat geographically isolated, a critical aspect of cybersecurity continues to be the physical aspects. Reports surfaced this week of Russian nationals attempting to gain access to critical infrastructure facilities across the country. Recommendations for in-person and voice I/T support include:

Read More

Mitigating Threats Posed by Russian State-Sponsored Cyber Actors' Exploitation of Default Multifactor Authentication Protocol and "PrintNightmare" Vulnerability

WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) issued a joint cybersecurity advisory on Tuesday with technical details, mitigations, and resources regarding previously demonstrated ability of Russian state-sponsored cyber actors to gain network access through exploitation of default multifactor authentication (MFA) protocols and a known vulnerability in Windows Print Spooler, “PrintNightmare.”

As early as May 2021, the Russian state-sponsored cyber actors took advantage of a misconfigured account set to default MFA protocols at a non-governmental organization, allowing them to enroll a new device for MFA and access the victim’s network. The actors then exploited a critical vulnerability “PrintNightmare” (CVE-2021-34527) to run arbitrary code with system privileges, and then were able to access cloud and email accounts for document exfiltration.

Read More