Lifeboat Foundation

Leaving a vulnerable system unpatched can invite troubles for an organization. The issue can turn worse when the organization suffers a cyberattack that can result in, but not limited to, compromise of confidential data, DDoS attacks or stealing of customers’ details.

According to a report released by Recorded Future, it has been found that the same vulnerabilities kept showing up year-after-year. An interesting aspect of the report was that most of these vulnerabilities were found to be exploited via phishing attacks and exploit kits that specifically target flaws in Microsoft products.

CyrusOne data centers infected by REvil (Sodinokibi) ransomware.

Iranian hackers have again attacked strategic industrial targets in the region, with a new strain of malware designed to cause widespread chaos.

Energy is a critical resource that powers our homes and businesses, and also supports every facet of the U.S. economy and our nation’s security. As technology advances and we become more connected, the likelihood that there will be a successful cyber or physical attack on critical infrastructure increases.

This month we recognize National Critical Infrastructure Security and Resilience Month, which is a great time to reinforce that our nation’s electric companies are working across the industry and with our government partners to protect the energy grid and ensure that customers have access to the safe and reliable energy they need. We also are focusing on strategies to mitigate the potential impact of an attack and to accelerate recovery should an incident occur.

We know that cyberattacks constantly are evolving and increasing in sophistication. As the vice president for security and preparedness at the Edison Electric Institute (EEI), the association that represents all U.S. investor-owned electric companies, I have a deep appreciation for how any threat to the energy grid endangers our communities and the national and economic security of our country.

As the threat of cyber-attacks on critical infrastructure such as power grids ramps up, the Securing Energy Infrastructure Act (SEIA) is taking technology back to its retro roots. But is it a good idea?

The flaw can allow hackers to take over typical device functions like sending messages and taking photos because users think malicious activity is a mobile app they use regularly.

PyXie RAT capabilities include keylogging, stealing login credentials and recording videos, warn researchers at BlackBerry Cylance — who also say the trojan can be used to distribute other attacks, including ransomware.

A popular WiFi chip, ESP32, contains a security flaw that enables hackers to implant malware that can never be removed. The attack works by implanting code into eFuses, a chip feature that can only be configured once.

The Cowlitz County PUD is among more than a dozen utilities targeted in a recent cyberattack across the United States, according to an investigation by The Wall Street Journal published this week.

Cowlitz County PUD spokeswoman Alice Dietz confirmed Wednesday that the PUD’s firewall successfully blocked the only infected email that hackers sent.

“We’re proud of our IT department,” Dietz said. “They just continue to implement strong cybersecurity measures. This is a great example of why we take it so seriously.”