cisa (23)

10392308058?profile=RESIZE_400xThe US government is sounding the alarm after discovering new custom tools capable of full system compromise and disruption of ICS/SCADA devices and servers. Investigators reported that a custom-made, modular ICS attack framework can be used to disrupt and/or destruct devices in industrial environments.

A joint advisory from the Department of Energy, CISA, NSA, and the FBI warned that unidentified APT actors have created specialized tools capable of causing major damage to PLCs from Schneider El

10068637857?profile=RESIZE_400xDemocratic lawmakers on the House Committee on Financial Services on 27 January 2022 outlined nine (9) provisions of the proposed America COMPETES Act of 2022 one of which has been criticized by the cryptocurrency community for potential privacy and due process concerns.

Committee Chairwoman Maxine Waters, D-Calif., says the America Creating Opportunities for Manufacturing Pre-Eminence in Technology and Economic Strength or COMPETES Act will "strengthen the competitiveness of the US economy and

10065321492?profile=RESIZE_400xThe US government has urged organizations to shore up defenses "now" in response to website defacements and destructive malware targeting Ukraine government websites and IT systems this week.

The US Cybersecurity and Infrastructure Security Agency (CISA) has published a new 'CISA Insights' document aimed at all US organizations, not just critical infrastructure operators.  The checklist of actions is CISA's response to this week's cyberattacks on Ukraine's systems and websites, which the country

10024795479?profile=RESIZE_400xIn 2010, Iran’s uranium enrichment centrifuges were attacked and rendered useless through a computer virus that became known as Stuxnet.  It was the first case in which a hacker attack, coordinated by nations (presumably the US and Israel), hit a large military target in the “real world.”  A worldwide race to create or acquire cyber weapons was then just taking shape. 

Fast forward to last week (11 years later), Ukraine was hit by a massive cyber-attack that targeted government websites.  Posted

9817896295?profile=RESIZE_400xThere was an old 60’s movie called, The Spy who came in from the Cold.  Well the FBI could be sidelined in new cybersecurity legislation and left out in the cyber security cold.  In the view of America’s most powerful law enforcement agency, that could be a big problem.

In testimony to the US Congress, the current assistant director of the FBI’s Cyber Division, said that the Biden administration is “troubled” by legislation proposed by the US Senate and House Homeland Security committees requiri

9795700079?profile=RESIZE_400xActivity Summary - Week Ending on 12 November 2021:

  • Red Sky Alliance identified 27,845 connections from new IP’s checking in with our Sinkholes
  • Analysts identified 3,224 new IP addresses participating in various Botnets
  • Sality remains the top Malware Variant at 24,282 Observation
  • Chaos Ransomware
  • Fake Ecommerce and Black Friday
  • Robinhood Hit (Again)
  • CISA 22-01
  • Ukraine & Gamaredon SSU Arrests
  • Pakistan and Russia
  • Cyber Attack US Federal Indictments
  • FIN7 still Kicking Around

 

 

Link to full repo

9764359868?profile=RESIZE_400xCISA issued Binding Operational Directive (BOD) 22-01, Reducing the Significant Risk of Known Exploited Vulnerabilities to evolve the approach to vulnerability management and keeping pace with threat activity.  The directive establishes a CISA managed catalog of known exploited vulnerabilities and requires federal civilian agencies to identify and remediate these vulnerabilities on their information systems.

Although BOD 22-01 requires action from federal civilian agencies only, CISA strongly re

9747897664?profile=RESIZE_400xA recent bipartisan report by the US Senate’s Homeland Security and Governmental Affairs Committee shows that key government agencies have made little progress in terms of cybersecurity over the past two years.  A report published in 2019 found that eight federal agencies failed to meet even the basic cybersecurity standards and protocols. Two years later, cybersecurity at those agencies was again analyzed and the findings are as described in the new report “stark.”

The new report, titled “Feder

9727670671?profile=RESIZE_400xSeveral top US federal agencies on 14 October 2021 issued a joint advisory around potential cyber threats to the nation's water facilities. 

Officials cite "ongoing malicious cyber activity by cyber threat actors targeting the information technology and operational technology networks, systems and devices" of US water and wastewater systems.

See:  https://redskyalliance.org/xindustry/water-is-worth-fighting-for

The advisory co-authored by the FBI, Cybersecurity, and Infrastructure Security Agenc

9725291476?profile=RESIZE_400xThis joint Cybersecurity Advisory was developed by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) to provide information on BlackMatter ransomware.  Since July 2021, BlackMatter ransomware has targeted multiple US critical infrastructure entities, including two US Food and Agriculture Sector organizations.  This advisory provides information on cyber actor tactics, techniques, and procedures (TTPs) ob

9690728900?profile=RESIZE_400xThe US head of the US National Security Agency (NSA), Cyber Command says the US will continue to battle ransomware for many years into the future. Some of the highest-ranking cybersecurity officials in the US government discussed the pervasive threat of ransomware on 05 October 2021, comparing it to an issue of national security with the ability to inflict measurable damage on major world powers.

Speaking at security firm Mandiant's Cyber Defense Summit, the deputy national security adviser for

9518436491?profile=RESIZE_400xUS Government Cyber Warning Summary:

Immediate Actions You Can Take Now to Protect Against Ransomware

  • Make an offline backup of your data.
  • Do not click on suspicious links.
  • If you use RDP, secure and monitor it.
  • Update your OS and software.
  • Use strong passwords.
  • Use multi-factor authentication.

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have observed an increase in highly impactful ransomware attacks occurring on US holidays and we

9297005663?profile=RESIZE_400xCybersecurity professionals, including the US expert team at the Cybersecurity and Infrastructure Security Agency (CISA), often focus on promoting best practices: the necessary steps that organizations must take to secure their enterprises. It is equally important for organizations to focus on stopping bad practices.

High-risk and dangerous technology practices are often accepted because of competing priorities, lack of incentives, or resource limitations that preclude sound risk management deci

9243849699?profile=RESIZE_400xThe current US administration has a message for Russia: Rein in the criminal hackers operating from inside your borders who hit Western targets, or we will do it for you.  The White House says that is the imperative being stressed in ongoing talks between high-level officials in the US and Russian national security teams following the mid-June summit in Geneva between the US President and the Russian President. 

Experts say disrupting ransomware will take more than diplomacy, and needed cybersec

9241445861?profile=RESIZE_400xPatches to fix a severe flaw in the Windows Print spooler are now available for Windows 10 Version 1607, Windows Server 2012 and Windows Server 2016.  Microsoft (MS) has now released patches to protect all versions of Windows against the critical PrintNightmare flaw.  MS recently deployed fixes to cover most but not all editions of Windows.  They patched the remaining versions of Windows, according to an update on its message center page.

Newly patched as of 7 July 7 are Windows 10 version 1607,

9103820261?profile=RESIZE_400xThe Department of Homeland Security has issued a cybersecurity directive that requires the operators of oil and gas pipelines to report ransomware attacks and other security incidents to the government.  The new cybersecurity mandates, which will replace some voluntary guidelines that had been in place for a decade, were announced Thursday in the wake of a 07 May 2021 ransomware attack that led Colonial Pipeline Co. to temporarily shut down its pipeline serving the East Coast, triggering fuel sh

8895950496?profile=RESIZE_400xThe current US administration is introducing a 100-day plan to improve cybersecurity and address cyber threats across the nation's electrical grid.  Officials state the program is part of a broader cybersecurity plan designed to address issues across the nation's critical infrastructure.

The 100-day initiative will involve government agencies that are responsible for the security of critical infrastructure as well as businesses and private utilities that oversee or own infrastructure, such as el

8321594296?profile=RESIZE_400xThis Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) version 8 framework.  See the ATT&CK for Enterprise version 8 for all referenced threat actor tactics and techniques.

The Cybersecurity and Infrastructure Security Agency (CISA) is aware of compromises of U.S. government agencies, critical infrastructure entities, and private sector organizations by an advanced persistent threat (APT) actor beginning in at least March 2020.  This APT actor has demonstrated

8267297470?profile=RESIZE_400xRussian state level hackers have been exploiting a vulnerability found in VMware products including virtual workspaces, this according to a cybersecurity advisory issued last week by the the US based, National Security Agency.

PHOTOGRAPH: YIFEI FANG, GETTY IMAGES

The VMware vulnerability, which is called in CVE-2020-4006 and rated 7.2 on the Common Vulnerability Scoring System (CVSS), was disclosed and patched last week.  According to the NSA advisory, threat actors are using the vulnerability t