cisa (79)

12984594655?profile=RESIZE_400xThe US Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) is a significant piece of legislation passed in 2022, designed to tackle cyber incidents affecting critical infrastructure.  While its full impact is still unknown, CIRCIA presents new requirements for incident reporting that cyber risk professionals must understand and prepare for.

CIRCIA was created to help the US government coordinate responses to significant cyber incidents that affect essential services.  Its goal was

12984556089?profile=RESIZE_400xThe US Cybersecurity and Infrastructure Security Agency (CISA), Australian Signals Directorate Australian Cyber Security Centre (ASD ACSC) and other U.S. and international partners, co-sealed Detecting and Mitigating Active Directory Compromises. This guide informs organizations of recommended strategies to mitigate 17 common techniques used by adversaries and malicious actor to compromise Active Directory. 

The objective of malicious activity involving Active Directory is to escalate privileges

12978600259?profile=RESIZE_400xGovernment-run water systems are still at risk of attack by cybercriminals and nation-states, according to a new advisory from the US’s top cybersecurity agency.  The notice from the US Cybersecurity and Infrastructure Security Agency (CISA) came two days after Arkansas City, Kansas, reported a cybersecurity issue that forced it to switch to manual operations.

Last week, US DHS CISA said it continues to “respond to active exploitation of internet-accessible operational technology (OT) and indust

12960356261?profile=RESIZE_400xDue to economic turbulence and a relentless surge in cyber threats, today's cybersecurity landscape requires enterprises to remain resilient by adapting to security risks.  Many organizations have chosen to adapt to these risks by embracing modern technology such as generative artificial intelligence (GenAI), which can present new risks if not implemented properly.  The speed at which companies innovate and adopt new technology is far outpacing the security measures that must be addressed first.

12950707481?profile=RESIZE_400xWhen the Heritage Foundation’s nearly 1,000-page Project 2025 report was published earlier this year, cybersecurity experts focused on its radical suggestion to drastically diminish the Cybersecurity and Infrastructure Security Agency (CISA) and other reimagining of cybersecurity policy.  But despite the buzz the report has caused in Washington cybersecurity circles, interviews with five former senior Trump administration officials demonstrate a much more moderate vision for cyber if he wins a s

12952320459?profile=RESIZE_400xThe Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are alerting the public of false claims that the US voter registration data has been compromised in cyber-attacks.  The two agencies note that malicious actors spread disinformation to manipulate public "opinion and undermine confidence in US democratic institutions."

According to public service awareness, the actors present publicly accessible data as evidence of the hacks.  "Malicious acto

12860602665?profile=RESIZE_400xThe US Cybersecurity and Infrastructure Security Agency (CISA) has disclosed that threat actors are abusing the legacy Cisco Smart Install (SMI) feature to access sensitive data.  The agency said it has seen adversaries "acquire system configuration files by leveraging available protocols or software on devices, such as abusing the legacy Cisco Smart Install feature."  It also said it continues to observe weak passwords used on Cisco network devices, thereby exposing them to password-cracking at

12811540677?profile=RESIZE_400xThe US Cybersecurity and Infrastructure Security Agency (CISA) has taken a pioneering step in the realm of artificial intelligence and cybersecurity by appointing its first Chief Artificial Intelligence Officer, and it is not a computer, Lisa Einstein.  This position, announced on 01 August 2024, underscores the growing importance of AI in national security and sets a precedent that other organizations may soon follow.

Einstein has served as CISA's Senior Advisor for AI since 2023 and as the Exe

12745021476?profile=RESIZE_400xIn a show of international cooperation, intelligence and cybersecurity agencies from eight countries have jointly accused China of orchestrating a series of cyberattacks on government networks.  The United States, United Kingdom, Canada, Australia, New Zealand, Germany, Japan, and South Korea have pointed the finger at APT40, a hacking group believed to be sponsored by China's Ministry of State Security.

See:  https://redskyalliance.org/transportation/anchor-panda-and-periscope-threat-actors-tar

12685916258?profile=RESIZE_400xThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert regarding an ongoing phone-based impersonation fraud campaign where scammers are masquerading as CISA staff. In a brief notification, the agency stated it is "aware of recent impersonation scammers claiming to represent the agency."

The CISA warning  https://www.cisa.gov/news-events/alerts/2024/06/12/phone-scammers-impersonating-cisa-employees  explicitly states that its employees "will never contact you with a

12673831262?profile=RESIZE_400xA major cyber-attack occurred just before the Fourth of July holiday in 2021, affecting at least 200 US companies.  The attack was a ransomware attack that occurred first at Kaseya, a Florida-based IT company, and then spread through the corporate networks that use its software.  The attack affected multiple managed service providers and their customers.  The REvil ransomware gang was behind the attack.  Please stay vigilant during all holiday times.

At least 200 US companies were hit by a major

12539040659?profile=RESIZE_400xUS Cyber authorities are releasing this joint CSA to provide information on Black Basta, a ransomware variant whose actors have encrypted and stolen data from at least 12 out of 16 critical infrastructure  sectors, including the Healthcare and Public Health (HPH) Sector.  This joint CSA provides TTPs and IOCs obtained from FBI investigations and third-party reporting.

Black Basta is considered a ransomware-as-a-service (RaaS) variant and was first identified in April 2022.  Black Basta affiliate

12539630274?profile=RESIZE_400xIn a comprehensive National Security Memorandum (NSM), the current administration has outlined its strategy for strengthening the security and resilience of United States critical infrastructure against threats like cyberattacks, natural disasters, and climate change.  The memorandum designates 16 critical infrastructure sectors, such as energy, transportation, and health care, and outlines roles and responsibilities for relevant federal agencies to identify and mitigate risks within each sector

12439541492?profile=RESIZE_400xThe below information from DHS/CISA is a fact sheet which provides information and mitigations associated with cyber operations conducted by pro-Russia hacktivists who seek to compromise industrial control systems (ICS) and small-scale operational technology (OT) systems in North American and European critical infrastructure sectors, including Water and Wastewater Systems, Dams, Energy, and Food and Agriculture Sectors.[1]

The pro-Russia hacktivist activity appears mostly limited to unsophistica

12439541492?profile=RESIZE_400xThe Federal Bureau of Investigation (FBI), the U.S. Department of State, and the National Security Agency (NSA) are jointly issuing this advisory to highlight attempts by Democratic People’s Republic of Korea (DPRK, a.k.a. North Korea) Kimsuky cyber actors to exploit improperly configured DNS Domain-based Message Authentication, Reporting and Conformance (DMARC) record policies to conceal social engineering attempts.  Without properly configured DMARC policies, malicious cyber actors are able to

12428378480?profile=RESIZE_400xSome smart locks controlled by Chirp Systems' software can be remotely unlocked by strangers thanks to a critical security vulnerability.  This remote exploitation is possible due to passwords and private keys being hard-coded in Chirp's Android app. Anyone who knows or finds these credentials can use them with an API maintained by smart lock supplier August to remotely open someone's Chirp-powered lock and thus unlock whatever door it is supposed to be protecting.  Chirp has claimed its system

12403148060?profile=RESIZE_400xThe attached US DHS CISA fact sheet provides an overview for executive leaders on the urgent risk posed by People’s Republic of China (PRC) state-sponsored cyber actors known as “Volt Typhoon.”  CISA—along with the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and other US government and international partners1—released a major advisory on 7 February 2024, in which the U.S. authoring agencies warned cybersecurity defenders that Volt Typhoon has been pre-positioning t

12382706263?profile=RESIZE_400xDarkReading recently provided an editorial on the recent cyber security repose to Ivanti’s VPN issues.  “Here's what's clear about the current cybersecurity state of Ivanti's VPN appliances, they have been widely vulnerable to cyberattack, and threat actors are onto the possibilities.  It's up to enterprise cyber teams to decide what comes next.”

So far, Ivanti has disclosed five VPN flaws in 2024, most exploited as zero-days — with two of them publicly announced weeks before patches became avai

12381762074?profile=RESIZE_400xBitdefender researchers have discovered a new backdoor targeting Mac OS users.  This previously undocumented family of malware is written in Rust and includes several interesting features.  While the investigation is ongoing, we’re sending out this alert to share indicators of compromise with the community. Bitdefender products identify this threat as Trojan.MAC.RustDoor.*.

Here’s what we know so far:  Distribution - The backdoor seems to impersonate a Visual Studio update, and all identified fi

12379021063?profile=RESIZE_400xThe Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI) assess that People’s Republic of China (PRC) state-sponsored cyber actors are seeking to pre-position themselves on IT networks for disruptive or destructive cyberattacks against US critical infrastructure in the event of a significant crisis or conflict with the United States.[1]

CISA, NSA, FBI and the following partners are releasing this advisory to warn criti