Latest Cyberthreats and Advisories – September 30, 2022

Russian cybercrime, social media corruption and a tidal wave of malicious app downloads…. ​​Here are the latest threats and advisories for the week of September 30, 2022.

Threat Advisories and Alerts

CISA Issues Warning to OT/ICS Owners and Operators

Operational technology/industrial control system (OT/ICS) assets continue to be an attractive target for cybercriminals, and ICS networks are rife with risk. OT/ICS technology has vulnerable IT components and large attack surfaces—and traditional security measures don’t adequately address modern threats. System owners should assume that they will be targeted. To mitigate attacks, operators and owners can limit the exposure of system information, conduct regular security audits and secure remote access points.

Source: https://www.cisa.gov/uscert/ncas/alerts/aa22-265a

Zero-Day Vulnerability Exploited in Sophos Firewall

A new critical zero-day vulnerability has been found in Sophos’ firewall product. The vulnerability (CVE-2022-3236), which impacts Sophos Firewall v19.0 MR1 (19.0.1) and older versions, has been exploited by attackers and could result in remote code execution. Users are recommended to apply the appropriate hotfixes immediately.

Source: https://www.csa.gov.sg/en/singcert/Alerts/al-2022-054

IRS Warns of an ‘Exponential’ Increase in Texting Scams

The IRS has a new warning for taxpayers: A surge in texting scams is putting personal and financial information at greater risk. This year, the agency has uncovered thousands of fraudulent websites that are connected to text-messaging scams often referred to as “smishing” or “SMS phishing.” The scams have increased over the course of 2022 but have especially surged in the last few weeks. In fact, the IRS says the fraud has “increased exponentially” recently.

Read more

Explore the site

More from the blog

Latest News