Category: US Security Alert

HomeUS Security Alert

Implement Cybersecurity Measures Now to Protect Against Potential Critical Threats

Every organization is at risk from cyber threats that can disrupt essential services and potentially result in impacts to public safety. Over the past year, cyber incidents have impacted many companies, non-profits, and other organizations, large and small, across multiple...

Continue Reading  

Card Production and Provisioning Security Standard V 3.0

PCI Card Production and Provisioning Security Requirements helps payment card vendors to secure the components and sensitive data involved in the payment cards’ production and provisioning. Card production includes card manufacturing; magnetic-stripe card encoding and embossing; card personalization; chip initializing, embedding,...

Continue Reading  

Log4j vulnerability: what should boards be asking?

Background The Log4Shell critical vulnerability in the widely used logging tool Log4j has caused concern beyond the cyber security community. This is because Log4j - rather than being a single piece of software - is a software component that’s used by millions of computers worldwide running online services....

Continue Reading  

Apache Log4j Vulnerability Guidance

Background Apache Log4j2 is a ubiquitous library used by millions for Java applications; the library is part of the Apache Software Foundation’s Apache Logging Services project. The vulnerability CVE-2021-44228, disclosed on December 9, 2021, allows for remote code execution against...

Continue Reading  

Alert (AA21-291A) BlackMatter Ransomware : The Dark Side Returns

Background BlackMatter is a new ransomware threat discovered at the end of July 2021. BlackMatter is ransomware-as-a-service (Raas) tool that allows  the ransomware's developers to profit from cybercriminal affiliates (i.e., BlackMatter actors) who deploy it against victims. This malware started...

Continue Reading  

FoggyWeb: SolarWinds Hackers Access Microsoft AD Servers

Background The Microsoft Threat Intelligence Center (MSTIC) has released information on the uncovering of a widespread malicious email campaign undertaken by the activity group that Microsoft tracks as NOBELIUM. Nobelium, which operates from Russia, is the name given to the threat actor behind...

Continue Reading  

TOP Routinely Exploited Vulnerabilities (AA21-209A)

Background Cyber actors continue to exploit publicly known—and often dated—software vulnerabilities against broad target sets, including public and private sector organizations worldwide. However, entities worldwide can mitigate the vulnerabilities listed in this report by applying the available patches to their...

Continue Reading  

CWE Top 25 Most Dangerous Software Weaknesses, 2021

Cybernetic GI Security Bulletin provides a summary of CWE Top 25 Most Dangerous Software Weaknesses in 2021. Entries may include additional information provided by organizations. This data may include identifying information, values, definitions, and related links. The patch information is...

Continue Reading  

Increasing Security Breaches In Mobile Banking Apps: FBI Warns Public

Escalating Security Breaches In Mobile Banking Apps: FBI Warns Public to Steadfast Security As the public keeps increasing their use of mobile banking apps on an extensive scale. It is mostly due to increased time at home due to the...

Continue Reading  

Covid-19 Early Release Of Super: Skilled Cyber-Scammers Steals Thousands Of Dollars Using myGovID

The Federal government has recently allowed individuals affected by the outbreak of COVID-19 coronavirus to apply for the early release of their superannuation. Alarmingly, Government officials have uncovered a “highly complex” early-access fraud that robbed 150 Australians of $120,000 to...

Continue Reading