CISA warns US federal agencies to secure their systems against ongoing attacks targeting a high-severity Windows kernel vulnerability. Tracked as CVE-2024-35250, this security flaw is due to an untrusted pointer dereference weakness that allows local attackers to gain SYSTEM privileges in low-complexity attacks that don't require user interaction. While Microsoft did not share more details in a security advisory published in June 2024, the DEVCORE Research Team [1] that found the flaw and report
cisa (84)
CISA warns US federal agencies to secure their systems against ongoing attacks targeting a high-severity Windows kernel vulnerability. Tracked as CVE-2024-35250, this security flaw is due to an untrusted pointer dereference weakness that allows local attackers to gain SYSTEM privileges in low-complexity attacks that don't require user interaction. While Microsoft did not share more details in a security advisory published in June 2024, the DEVCORE Research Team [1] that found the flaw and report
Concerns about the security risks of mobile messaging are increasing with concerns over the security of messaging between platforms like iPhone and Android have significantly increased. At the same time, Apple has launched its own RCS messaging system that will compete with WhatsApp and other messaging platforms. US authorities are telling the public to adopt fully encrypted communication services to protect against growing cyber threats. The FBI and the Cybersecurity and Infrastructure Securi
In a recent opinion piece, Linus Torvalds shares his views on C and C++. “I must be a glutton for punishment. Not only was my first programming language IBM 360 Assembler, but my second language was C. Programming anything in them wasn't easy. Programming safely in either is much harder.” So, when the US Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigations (FBI announced they were doubling down on their efforts to persuade software manufacturers t
It is not the federal government that’s responsible for the cyber defense of critical infrastructure. The responsibility falls on the critical infrastructure operators themselves and most aren’t equipped for the fight. Cyber threats to the United States' critical infrastructure are on the rise. On 31 January 2024, FBI Director Christopher Wray testified before Congress, highlighting how Chinese government hackers are attempting “‘to find and prepare to destroy or degrade the civilian critical
The US Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) is a significant piece of legislation passed in 2022, designed to tackle cyber incidents affecting critical infrastructure. While its full impact is still unknown, CIRCIA presents new requirements for incident reporting that cyber risk professionals must understand and prepare for.
CIRCIA was created to help the US government coordinate responses to significant cyber incidents that affect essential services. Its goal was
The US Cybersecurity and Infrastructure Security Agency (CISA), Australian Signals Directorate Australian Cyber Security Centre (ASD ACSC) and other U.S. and international partners, co-sealed Detecting and Mitigating Active Directory Compromises. This guide informs organizations of recommended strategies to mitigate 17 common techniques used by adversaries and malicious actor to compromise Active Directory.
The objective of malicious activity involving Active Directory is to escalate privileges
Government-run water systems are still at risk of attack by cybercriminals and nation-states, according to a new advisory from the US’s top cybersecurity agency. The notice from the US Cybersecurity and Infrastructure Security Agency (CISA) came two days after Arkansas City, Kansas, reported a cybersecurity issue that forced it to switch to manual operations.
Last week, US DHS CISA said it continues to “respond to active exploitation of internet-accessible operational technology (OT) and indust
Due to economic turbulence and a relentless surge in cyber threats, today's cybersecurity landscape requires enterprises to remain resilient by adapting to security risks. Many organizations have chosen to adapt to these risks by embracing modern technology such as generative artificial intelligence (GenAI), which can present new risks if not implemented properly. The speed at which companies innovate and adopt new technology is far outpacing the security measures that must be addressed first.
When the Heritage Foundation’s nearly 1,000-page Project 2025 report was published earlier this year, cybersecurity experts focused on its radical suggestion to drastically diminish the Cybersecurity and Infrastructure Security Agency (CISA) and other reimagining of cybersecurity policy. But despite the buzz the report has caused in Washington cybersecurity circles, interviews with five former senior Trump administration officials demonstrate a much more moderate vision for cyber if he wins a s
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are alerting the public of false claims that the US voter registration data has been compromised in cyber-attacks. The two agencies note that malicious actors spread disinformation to manipulate public "opinion and undermine confidence in US democratic institutions."
According to public service awareness, the actors present publicly accessible data as evidence of the hacks. "Malicious acto
The US Cybersecurity and Infrastructure Security Agency (CISA) has disclosed that threat actors are abusing the legacy Cisco Smart Install (SMI) feature to access sensitive data. The agency said it has seen adversaries "acquire system configuration files by leveraging available protocols or software on devices, such as abusing the legacy Cisco Smart Install feature." It also said it continues to observe weak passwords used on Cisco network devices, thereby exposing them to password-cracking at
The US Cybersecurity and Infrastructure Security Agency (CISA) has taken a pioneering step in the realm of artificial intelligence and cybersecurity by appointing its first Chief Artificial Intelligence Officer, and it is not a computer, Lisa Einstein. This position, announced on 01 August 2024, underscores the growing importance of AI in national security and sets a precedent that other organizations may soon follow.
Einstein has served as CISA's Senior Advisor for AI since 2023 and as the Exe
In a show of international cooperation, intelligence and cybersecurity agencies from eight countries have jointly accused China of orchestrating a series of cyberattacks on government networks. The United States, United Kingdom, Canada, Australia, New Zealand, Germany, Japan, and South Korea have pointed the finger at APT40, a hacking group believed to be sponsored by China's Ministry of State Security.
See: https://redskyalliance.org/transportation/anchor-panda-and-periscope-threat-actors-tar
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert regarding an ongoing phone-based impersonation fraud campaign where scammers are masquerading as CISA staff. In a brief notification, the agency stated it is "aware of recent impersonation scammers claiming to represent the agency."
The CISA warning https://www.cisa.gov/news-events/alerts/2024/06/12/phone-scammers-impersonating-cisa-employees explicitly states that its employees "will never contact you with a
A major cyber-attack occurred just before the Fourth of July holiday in 2021, affecting at least 200 US companies. The attack was a ransomware attack that occurred first at Kaseya, a Florida-based IT company, and then spread through the corporate networks that use its software. The attack affected multiple managed service providers and their customers. The REvil ransomware gang was behind the attack. Please stay vigilant during all holiday times.
At least 200 US companies were hit by a major
US Cyber authorities are releasing this joint CSA to provide information on Black Basta, a ransomware variant whose actors have encrypted and stolen data from at least 12 out of 16 critical infrastructure sectors, including the Healthcare and Public Health (HPH) Sector. This joint CSA provides TTPs and IOCs obtained from FBI investigations and third-party reporting.
Black Basta is considered a ransomware-as-a-service (RaaS) variant and was first identified in April 2022. Black Basta affiliate
In a comprehensive National Security Memorandum (NSM), the current administration has outlined its strategy for strengthening the security and resilience of United States critical infrastructure against threats like cyberattacks, natural disasters, and climate change. The memorandum designates 16 critical infrastructure sectors, such as energy, transportation, and health care, and outlines roles and responsibilities for relevant federal agencies to identify and mitigate risks within each sector
The below information from DHS/CISA is a fact sheet which provides information and mitigations associated with cyber operations conducted by pro-Russia hacktivists who seek to compromise industrial control systems (ICS) and small-scale operational technology (OT) systems in North American and European critical infrastructure sectors, including Water and Wastewater Systems, Dams, Energy, and Food and Agriculture Sectors.[1]
The pro-Russia hacktivist activity appears mostly limited to unsophistica
The Federal Bureau of Investigation (FBI), the U.S. Department of State, and the National Security Agency (NSA) are jointly issuing this advisory to highlight attempts by Democratic People’s Republic of Korea (DPRK, a.k.a. North Korea) Kimsuky cyber actors to exploit improperly configured DNS Domain-based Message Authentication, Reporting and Conformance (DMARC) record policies to conceal social engineering attempts. Without properly configured DMARC policies, malicious cyber actors are able to
