Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On November 25, the U.S. municipal water authority in Aliquippa, Pennsylvania confirmed that one of its booster stations had suffered an attack by a threat actor group that supports Iranian geopolitical interests. The attack by a cyber group known as CyberAv3ngers compromised a programmable logic controller (PLC) for a water pressure monitoring and regulation system. Officials, however, have made it clear that the incident did not threaten local drinking water or water supplies.

East River Medical Imaging (ERMI) has three locations in New York City and Westchester County. ERMI is a “multi-modality radiology center,” including patient-centered solutions like MRIs, CTs, ultrasounds, imaging, radiology, fluoroscopy, and x-rays. They have served New York since 1970 and have a long history of high-quality patient care. At the end of August, an unauthorized actor accessed their network—exposing sensitive information from employees and patients.

Over sixty credit unions across the United States have been taken offline following a ransomware attack at one of their technology providers - demonstrating once again the damage that can be caused by a supply-chain attack. There are a few moving parts here, so here’s a quick summary: Trellance - A provider of solutions and services used by credit unions, and the parent company of FedComp. FedComp - a provider of software and services that enable credit unions to operate around the world.

The attack last week on the Municipal Water Authority in Aliquippa, Penn., that gave threat actors access to a portion of the facility’s pumping equipment has spurred the Cybersecurity & Infrastructure Security Agency (CISA)and WaterISAC to each issue incident reports and raised multiple questions regarding the site’s security and potential danger to similar plants.

In 2015, Family Dollar acquired its biggest competitor, Dollar Tree. Family Dollar is one-half of a consumer’s dream; they offer low-priced goods for families in 8,200 locations nationwide. The other half of the business offers even lower deals. Dollar Tree provides options for $1 purchases at 15,000 locations throughout the states. Now, branches are sporting both company’s colors, wares, and deals.

I hate spiders, a lot. But I really hate the idea of a Scattered Spider Attack which can jump between environments that you may have believed were segmented at an alarming rate. That is the stuff of real nightmares for networking and security professionals. Keeping up with your security posture isn’t easy. We’re all doing our best, but is it good enough? One CISO we talked to hired a consulting firm to map out their security posture.

Clickjacking is a widely used cyberattack technique where users are tricked into clicking on something without realizing it’s harmful. Clickjacking attacks can lead to serious problems like data theft and financial fraud, damaging organizations’ reputations. According to the Javelin 2022 Identity Fraud Study, 22% of U.S. adults have been victims of account takeover attacks. But here’s the good part.

Almost a year ago to the day, on December 1 2022, Forescout Vedere Labs published a report detailing several hacktivist operations that targeted critical infrastructure in response to the Russian invasion of Ukraine and other geopolitical developments. Since the most recent chapter in the Hamas-Israel conflict started on October 7, there have been multiple similar claims of attacks from hacktivists taking opposing sides in the conflict.