AdvisoriesCISAAA23-335ADecember 2, 2023
December 2, 2023
The joint Cybersecurity Advisory issued by the FBI, CISA, NSA, EPA, and INCD warns of ongoing cyber attacks by Iranian IRGC-affiliated actors, using the persona "CyberAv3ngers," against operational technology devices, particularly Israeli-made Unitronics Vision Series PLCs utilized in various industries including water, energy, and healthcare. These attacks, which have been ongoing since at least November 22, 2023, involve compromising devices and leaving defacement messages. The advisory, which follows a CISA Alert, aims to share indicators of compromise and tactics used by these actors and urges organizations, especially in critical infrastructure, to apply recommended mitigations to reduce the risk of compromise.
December 4, 2023
Brute Forcing is a method cyber attackers employ to gain unauthorized access to user accounts or systems. This technique involves systematically guessing the password by trying numerous combinations until the correct one is found. It is a rudimentary yet effective attack vector, often used against login credentials, encrypted data, and PINs. Brute Force attacks capitalize on the weaknesses in password security, exploiting simple and commonly used passwords. These attacks, which are simple and effective, can be conducted with minimal expertise - a simple bash script works - but can cause significant damage to organizations. Maintaining least privilege and using multi-factor authentication in conjunction with complex password policies can significantly reduce the likelihood of successful intrusions.
Be immediately notified of new advisories and associated security tests
