A quick Saturday digest of cybersecurity news articles from other sources.
LastPass admits to customer data breach caused by previous breach
Seems that the developer account that the crooks breached last time gave indirect access to customer data this time round.
The CHRISTMA EXEC network worm – 35 years and counting!
“Uh-oh, this viruses-and-worms scene could turn out quite troublesome.” If only we’d been wrong…
December 2022 sees the 35th anniversary of the first major self-spreading computer virus – the infamous CHRISTMA EXEC
worm that temporarily crushed the major mainframe networks of the day…
CISA Releases Phishing Infographic
Original release date: December 8, 2022
Today, CISA published a Phishing Infographic to help protect both organizations and individuals from successful phishing operations. This infographic provides a visual summary of how threat actors execute successful phishing operations. Details include metrics that compare the likelihood of certain types of “bait” and how commonly each bait type succeeds in tricking the targeted individual. The infographic also provides detailed actions organizations and individuals can take to prevent successful phishing operations—from blocking phishing attempts to teaching individuals how to report successful phishing operations.
CISA Releases Three Industrial Control Advisories
Original release date: December 8, 2022
CISA has released three (3) Industrial Control Systems (ICS) advisories on 08 December 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations:
- ICSA-22-342-01 Advantech iView
- ICSA-22-342-02 AVEVA InTouch Access Anywhere
- ICSA-22-342-03 Rockwell Automation Logix Controllers
Share
DEC
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com