Threat Advisories and Alerts
CISA Issues Warning to OT/ICS Owners and Operators
Operational technology/industrial control system (OT/ICS) assets continue to be an attractive target for cybercriminals, and ICS networks are rife with risk. OT/ICS technology has vulnerable IT components and large attack surfaces—and traditional security measures don’t adequately address modern threats. System owners should assume that they will be targeted. To mitigate attacks, operators and owners can limit the exposure of system information, conduct regular security audits and secure remote access points.
Zero-Day Vulnerability Exploited in Sophos Firewall
A new critical zero-day vulnerability has been found in Sophos’ firewall product. The vulnerability (CVE-2022-3236), which impacts Sophos Firewall v19.0 MR1 (19.0.1) and older versions, has been exploited by attackers and could result in remote code execution. Users are recommended to apply the appropriate hotfixes immediately.
IRS Warns of an ‘Exponential’ Increase in Texting Scams
The IRS has a new warning for taxpayers: A surge in texting scams is putting personal and financial information at greater risk. This year, the agency has uncovered thousands of fraudulent websites that are connected to text-messaging scams often referred to as “smishing” or “SMS phishing.” The scams have increased over the course of 2022 but have especially surged in the last few weeks. In fact, the IRS says the fraud has “increased exponentially” recently.