The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have issued a joint cyber security advisory on the growing threat of Ghost ransomware. A variation of this strain of malware called GhostSocks uses SOCKS5 to bypass anti-fraud mechanisms and geographic restrictions. First detected in 2021, this ransomware group has targeted organizations in over 70 countries, exploiting unpatched software, weak credentials, and outdated security configurations to infiltrate enterprise networ
cisa (88)
It has been a confusing few days in US cyber security. At the end of February of this year, it was reported that Defense Secretary Pete Hegseth had ordered US Cyber Command to pause its offensive operations against Russia. The news was swiftly followed by reports that the US Cybersecurity and Infrastructure Security Agency (CISA) staff had been instructed to turn a blind eye to hacks directed against the United States that might be linked to Russia. The Trump administration had reportedly ordere
On 20 February 2025, the US Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center published a joint Cybersecurity Advisory #StopRansomware: Ghost (Cring) Ransomware[1]. This advisory provides known Indicators of Compromise (IOCs) and Tactics, Techniques and Procedures (TTPs) associated with Ghost ransomware actors identified through FBI investigations.
Ghost actors conduct these widespread attack
The US Cybersecurity and Infrastructure Security Agency (CISA) has warned federal agencies about three flaws allowing hackers to use Mitel MiCollab and Oracle WebLogic Server on its Known Exploited Vulnerabilities catalog (KEV). This security defect will enable attackers to perform unauthorized administrative actions and access user and network information.
Currently, there is no information on how these flaws are exploited in real-world attacks, who may be exploiting them, or the targets of th
CISA warns US federal agencies to secure their systems against ongoing attacks targeting a high-severity Windows kernel vulnerability. Tracked as CVE-2024-35250, this security flaw is due to an untrusted pointer dereference weakness that allows local attackers to gain SYSTEM privileges in low-complexity attacks that don't require user interaction. While Microsoft did not share more details in a security advisory published in June 2024, the DEVCORE Research Team [1] that found the flaw and report
CISA warns US federal agencies to secure their systems against ongoing attacks targeting a high-severity Windows kernel vulnerability. Tracked as CVE-2024-35250, this security flaw is due to an untrusted pointer dereference weakness that allows local attackers to gain SYSTEM privileges in low-complexity attacks that don't require user interaction. While Microsoft did not share more details in a security advisory published in June 2024, the DEVCORE Research Team [1] that found the flaw and report
Concerns about the security risks of mobile messaging are increasing with concerns over the security of messaging between platforms like iPhone and Android have significantly increased. At the same time, Apple has launched its own RCS messaging system that will compete with WhatsApp and other messaging platforms. US authorities are telling the public to adopt fully encrypted communication services to protect against growing cyber threats. The FBI and the Cybersecurity and Infrastructure Securi
In a recent opinion piece, Linus Torvalds shares his views on C and C++. “I must be a glutton for punishment. Not only was my first programming language IBM 360 Assembler, but my second language was C. Programming anything in them wasn't easy. Programming safely in either is much harder.” So, when the US Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigations (FBI announced they were doubling down on their efforts to persuade software manufacturers t
It is not the federal government that’s responsible for the cyber defense of critical infrastructure. The responsibility falls on the critical infrastructure operators themselves and most aren’t equipped for the fight. Cyber threats to the United States' critical infrastructure are on the rise. On 31 January 2024, FBI Director Christopher Wray testified before Congress, highlighting how Chinese government hackers are attempting “‘to find and prepare to destroy or degrade the civilian critical
The US Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) is a significant piece of legislation passed in 2022, designed to tackle cyber incidents affecting critical infrastructure. While its full impact is still unknown, CIRCIA presents new requirements for incident reporting that cyber risk professionals must understand and prepare for.
CIRCIA was created to help the US government coordinate responses to significant cyber incidents that affect essential services. Its goal was
The US Cybersecurity and Infrastructure Security Agency (CISA), Australian Signals Directorate Australian Cyber Security Centre (ASD ACSC) and other U.S. and international partners, co-sealed Detecting and Mitigating Active Directory Compromises. This guide informs organizations of recommended strategies to mitigate 17 common techniques used by adversaries and malicious actor to compromise Active Directory.
The objective of malicious activity involving Active Directory is to escalate privileges
Government-run water systems are still at risk of attack by cybercriminals and nation-states, according to a new advisory from the US’s top cybersecurity agency. The notice from the US Cybersecurity and Infrastructure Security Agency (CISA) came two days after Arkansas City, Kansas, reported a cybersecurity issue that forced it to switch to manual operations.
Last week, US DHS CISA said it continues to “respond to active exploitation of internet-accessible operational technology (OT) and indust
Due to economic turbulence and a relentless surge in cyber threats, today's cybersecurity landscape requires enterprises to remain resilient by adapting to security risks. Many organizations have chosen to adapt to these risks by embracing modern technology such as generative artificial intelligence (GenAI), which can present new risks if not implemented properly. The speed at which companies innovate and adopt new technology is far outpacing the security measures that must be addressed first.
When the Heritage Foundation’s nearly 1,000-page Project 2025 report was published earlier this year, cybersecurity experts focused on its radical suggestion to drastically diminish the Cybersecurity and Infrastructure Security Agency (CISA) and other reimagining of cybersecurity policy. But despite the buzz the report has caused in Washington cybersecurity circles, interviews with five former senior Trump administration officials demonstrate a much more moderate vision for cyber if he wins a s
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are alerting the public of false claims that the US voter registration data has been compromised in cyber-attacks. The two agencies note that malicious actors spread disinformation to manipulate public "opinion and undermine confidence in US democratic institutions."
According to public service awareness, the actors present publicly accessible data as evidence of the hacks. "Malicious acto
The US Cybersecurity and Infrastructure Security Agency (CISA) has disclosed that threat actors are abusing the legacy Cisco Smart Install (SMI) feature to access sensitive data. The agency said it has seen adversaries "acquire system configuration files by leveraging available protocols or software on devices, such as abusing the legacy Cisco Smart Install feature." It also said it continues to observe weak passwords used on Cisco network devices, thereby exposing them to password-cracking at
The US Cybersecurity and Infrastructure Security Agency (CISA) has taken a pioneering step in the realm of artificial intelligence and cybersecurity by appointing its first Chief Artificial Intelligence Officer, and it is not a computer, Lisa Einstein. This position, announced on 01 August 2024, underscores the growing importance of AI in national security and sets a precedent that other organizations may soon follow.
Einstein has served as CISA's Senior Advisor for AI since 2023 and as the Exe
In a show of international cooperation, intelligence and cybersecurity agencies from eight countries have jointly accused China of orchestrating a series of cyberattacks on government networks. The United States, United Kingdom, Canada, Australia, New Zealand, Germany, Japan, and South Korea have pointed the finger at APT40, a hacking group believed to be sponsored by China's Ministry of State Security.
See: https://redskyalliance.org/transportation/anchor-panda-and-periscope-threat-actors-tar
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert regarding an ongoing phone-based impersonation fraud campaign where scammers are masquerading as CISA staff. In a brief notification, the agency stated it is "aware of recent impersonation scammers claiming to represent the agency."
The CISA warning https://www.cisa.gov/news-events/alerts/2024/06/12/phone-scammers-impersonating-cisa-employees explicitly states that its employees "will never contact you with a
A major cyber-attack occurred just before the Fourth of July holiday in 2021, affecting at least 200 US companies. The attack was a ransomware attack that occurred first at Kaseya, a Florida-based IT company, and then spread through the corporate networks that use its software. The attack affected multiple managed service providers and their customers. The REvil ransomware gang was behind the attack. Please stay vigilant during all holiday times.
At least 200 US companies were hit by a major