Month: February 2021

  • Compromise of U.S. Water Treatment Facility

    DEFENDEDGE

    Original release date: February 11, 2021 In response to recent events where unidentified cyber actors obtained unauthorized access to the supervisory control and data acquisition (SCADA) system at a U.S. drinking water treatment facility, CISA, the Federal Bureau of Investigation, the Environmental Protection Agency, and the Multi-State Information Sharing and Analysis Center have released joint… Read more

  • AA21-042A: Compromise of U.S. Water Treatment Facility

    DEFENDEDGE

    Original release date: February 11, 2021 Summary On February 5, 2021, unidentified cyber actors obtained unauthorized access to the supervisory control and data acquisition (SCADA) system at a U.S. drinking water treatment plant. The unidentified actors used the SCADA system’s software to increase the amount of sodium hydroxide, also known as lye, a caustic chemical,… Read more

  • Verify Your Valentine

    DEFENDEDGE

    Original release date: February 11, 2021 This Valentine’s Day, before you go looking for love in all the wrong chat rooms, CISA reminds users to be wary of internet romance scams. At first, cyber criminals promise the reward of romance after adopting an alias to appear as a potential partner. Once your heart is hooked… Read more

  • Military, Nuclear Entities Under Target By Novel Android Malware

    DEFENDEDGE

    The two malware families have sophisticated capabilities to exfiltrate SMS messages, WhatsApp messaging content and geolocation. Read more

  • What is Spyware?

    DEFENDEDGE

    What is Spyware? What is Spyware? Spyware is generally considered to be any malicious software which collects information on users that might be considered sensitive. For example, passwords, phone numbers, credit card info, and social security numbers can all be targets of spyware. Here is a little history lesson. The first recorded use of the… Read more

  • SAP Commerce Critical Security Bug Allows RCE

    DEFENDEDGE

    The critical SAP cybersecurity flaw could allow for the compromise of an application used by e-commerce businesses. Read more

  • Microsoft Launches Phase 2 Mitigation for Netlogon Remote Code Execution Vulnerability (CVE-2020-1472)

    DEFENDEDGE

    Original release date: February 10, 2021 Microsoft addressed a critical remote code execution vulnerability affecting the Netlogon protocol (CVE-2020-1472) on August 11, 2020. Beginning with the February 9, 2021 Security Update release, Domain Controllers will be placed in enforcement mode. This will require all Windows and non-Windows devices to use secure Remote Procedure Call (RPC)… Read more

  • Supply-Chain Hack Breaches 35 Companies, Including PayPal, Microsoft, Apple

    DEFENDEDGE

    Ethical hacker Alex Birsan developed a way to inject malicious code into open-source developer tools to exploit dependencies in organizations internal applications. Read more

  • Intel Squashes High-Severity Graphics Driver Flaws

    DEFENDEDGE

    Intel is warning on security bugs across its graphics drivers, server boards, compute modules and modems. Read more

  • Actively Exploited Windows Kernel EoP Bug Allows Takeover

    DEFENDEDGE

    Microsoft addressed 56 security vulnerabilities for February Patch Tuesday — including 11 critical and six publicly known. And, it continued to address the Zerologon bug. Read more