Much to no one’s surprise, Russia has indeed launched attacks on Ukraine. We knew it was coming.
Earlier this week, on the eve of the tanks rolling across the borders, computer networks in Ukraine were targeted by a “data wiping” attack. However, this is actually the second time this has happened. The first was in mid-January as Russia was gearing up for its invasion of Ukraine.
READ MORE >>
CYBER NEWS
Ransomware extortion doesn’t end after paying up
Ransomware extortion doesn’t end after paying up
A new report confirms the untrustworthiness of ransomware threat actors
www.itsecurityguru.org • Share
Citibank phishing baits customers with fake suspension alerts
Citibank phishing baits customers with fake suspension alerts
An ongoing large-scale phishing campaign is targeting customers of Citibank, requesting recipients to disclose sensitive personal details to lift alleged account holds.
www.bleepingcomputer.com • Share
US and UK expose new Russian malware targeting network devices
The Record by Recorded Future gives exclusive, behind-the-scenes access to leaders, policymakers, researchers, and the shadows of the cyber underground.
therecord.media • Share
Nearly two dozen nonprofits form new coalition to collaborate, amplify good cyber advice
Nearly two dozen nonprofits form new coalition to collaborate, amplify good cyber advice
The main goals of Nonprofit Cyber are to improve broader coordination within the nonprofit sector, give greater reach to the specific expertise each organization brings and provide a unified signal to the public about some of the best cybersecurity practices or resources available.
www.scmagazine.com • Share
TIP OF THE WEEK
CISA Guidance to Reduce Likelihood of Damage from Cyber Intrusion
- Validate ALL access to the organization’s network requires multi-factor authentication (MFA)
- Confirm that all patching is up to date
- Ensure all ports and protocols that are not business-essential have been disabled (IT Team)
- Ensure strong controls are implemented for any cloud services (IT Team)
- Conduct vulnerability scanning to find and repair potential exposure to threat actors
- Ensure logging is enabled
- Implement and update (patch) antivirus/antimalware
- Carefully review all traffic to/from vendors/suppliers
- Develop Incident Response (IR) plans and ensure all responders are fully briefed on roles/responsibilities
- Train on IR Plan
- Provide Security Awareness Training for all personnel
- Ensure backups are maintained using the 3-2-1 rule (keep 3 backups on 2 different storage types and at least 1 kept offsite)
VOCABULARY WORD
3-2-1 Backup Rule: Policy of having at least 3 backup copies of data (the original and two copies), on 2 different types of storage media (e.g., internal hard drive, external hard drive, cloud), and at least 1 copy kept off-site (e.g., external hard drive, cloud)
SHAMELESS PLUG
Big Commonwealth Sentinel News coming next week!
CYBER HUMOR