cisa (81)

12381762074?profile=RESIZE_400xBitdefender researchers have discovered a new backdoor targeting Mac OS users.  This previously undocumented family of malware is written in Rust and includes several interesting features.  While the investigation is ongoing, we’re sending out this alert to share indicators of compromise with the community. Bitdefender products identify this threat as Trojan.MAC.RustDoor.*.

Here’s what we know so far:  Distribution - The backdoor seems to impersonate a Visual Studio update, and all identified fi

12379021063?profile=RESIZE_400xThe Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI) assess that People’s Republic of China (PRC) state-sponsored cyber actors are seeking to pre-position themselves on IT networks for disruptive or destructive cyberattacks against US critical infrastructure in the event of a significant crisis or conflict with the United States.[1]

CISA, NSA, FBI and the following partners are releasing this advisory to warn criti

12378965473?profile=RESIZE_400xFortinet has disclosed a new critical security flaw in FortiOS SSL VPN that it said is likely being exploited in the wild.  The vulnerability, CVE-2024-21762 (CVSS score: 9.6), allows for the execution of arbitrary code and commands.  "An out-of-bounds write vulnerability [CWE-787] in FortiOS may allow a remote unauthenticated attacker to execute arbitrary code or command via specially crafted HTTP requests," the company said in a bulletin released last week.

It further acknowledged that the iss

12378415093?profile=RESIZE_400xAs more than 65,000 football fans descend on Allegiant Stadium in Las Vegas, Nevada, for Super Bowl LVIII, attractive targets for cybercriminals and hackers.  The major sporting events like the Super Bowl face elevated cyber risks due to the proliferation of connected networks and devices used by venues, teams, vendors, media, and attendees.  This year, the US Department of Homeland Security (DHS) is working closely with partners to assess and strengthen cyber protections.  "There are no known,

12375354497?profile=RESIZE_400xHackers from the People's Republic of China spent up to five years in US networks as part of a cyber operation that targeted US critical infrastructure, law enforcement and international agencies said earlier this week.  "The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI) assess that People's Republic of China (PRC) state sponsored cyber actors are seeking to preposition themselves on IT networks for disruptive o

12368087481?profile=RESIZE_400x“Vote early and often.”  In his book Capone, author John Kobler attributes the phrase to the gangster Al Capone.  In the United States, Republicans accused their opponents of inviting such corruption with their support of the National Voter Registration Act of 1993, the "Motor Voter Law."

See:  https://redskyalliance.org/xindustry/election-day-concerns

Jen Easterly, Director of the US Cybersecurity and Infrastructure Security Agency (CISA), stated in an interview on 19 January 2024 that "the Ame

12365719674?profile=RESIZE_400xSeveral US federal agencies published a guide of cybersecurity best practices for the water and sanitation sector following criticism from a US government watchdog about the government’s work with the industry.  This past week, the US Environmental Protection Agency (EPA) partnered with the FBI and Cybersecurity and Infrastructure Security Agency (CISA) to release a manual providing the water industry with more information on cyber incident response as well as the roles, resources and responsibi

12347854862?profile=RESIZE_400xThe Russia-based actor Star Blizzard (formerly known as SEABORGIUM, also known as Callisto Group/TA446/COLDRIVER/TAG-53/BlueCharlie) continues to successfully use spear-phishing attacks against targeted organizations and individuals in numerous global geographical areas of interest for information-gathering activity.

The UK National Cyber Security Centre (NCSC), the US Cybersecurity and Infrastructure Security Agency (CISA), the US Federal Bureau of Investigation (FBI), the US National Security

12331840098?profile=RESIZE_180x180A known ransomware group claims to have breached the systems of Kraft Heinz, but the food company says it cannot verify the cybercriminals’ allegations.  The ransomware group named Snatch publicly named Kraft Heinz on its website on 14 December 2023, but the post appears to have been created on 16 August 2023, which indicates that the attack occurred months ago.

See:  https://redskyalliance.org/xindustry/snatch-ransomware

Snatch ransomware first appeared in 2018 and was formerly called Team Trun

12260185500?profile=RESIZE_400xCYBERSECURITY BEST PRACTICES, MALWARE, PHISHING, AND RANSOMWARE, CYBER THREATS AND ADVISORIES

The link below provides is document is a one-stop resource to help organizations reduce the risk of ransomware incidents through best practices to detect, prevent, respond, and recover, including step-by-step approaches to address potential attacks.  This publication was developed through the Joint Ransomware Task Force (JRTF), an interagency body established by Congress in the Cyber Incident Reporting

12258758265?profile=RESIZE_400xColonial Pipeline said there has been no disruption to pipeline operations or their systems after a ransomware gang made several threats last Friday; yes Friday the 13th.  The company, which runs the largest pipeline system for refined oil products in the US, addressed claims made by the Ransomed.vc gang that data had been stolen from their systems.

“Colonial Pipeline is aware of unsubstantiated claims posted to an online forum that its system has been compromised by an unknown party.  After wor

12258816689?profile=RESIZE_400xThe Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing this joint Cybersecurity Advisory (CSA) in response to the active exploitation of CVE-2023-22515.  This recently disclosed vulnerability affects certain versions of Atlassian Confluence Data Center and Server, enabling malicious cyber threat actors to obtain initial access to Confluence instances by creating unauthoriz

12254133253?profile=RESIZE_400xUS Authorities have shared a joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors.  #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware.  Visit stopransomware.gov to see all #StopRansomware advisories and to learn

12239558474?profile=RESIZE_400xTo celebrate the 20th Cybersecurity Awareness Month, CISA has launched a new program, meant to promote four critical actions that businesses and individuals can take to improve cybersecurity.  Since 2004, October has been dedicated to raising awareness on the importance of cybersecurity for both private and public sectors, as part of a collaborative effort between government and industry.  This year, CISA is introducing Secure Our World, an initiative to deliver an “enduring message” to be integ

12234694483?profile=RESIZE_400xA US government shutdown affects about 800,000 federal employees out of 1.8 million full-time civil servants.  About 380,000 are furloughed, meaning they cannot work or get paid.  The rest are working without pay.  A government shutdown can cause financial hardship for many federal employees, who may have to use their savings to survive while furloughed.

Nearly 85% of US cybersecurity agency CISA staff may be sent home at the end of the week as a government shutdown looms.  The US government wil

12229304882?profile=RESIZE_400xThe Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have released a this joint CSA to disseminate known ransomware IOCs and TTPs associated with the Snatch ransomware variant.  

Since mid-2021, Snatch threat actors have consistently evolved their tactics to take advantage of current trends in the cybercriminal space and leveraged successes of other ransomware variants’ operations.  Snatch threat actors have targeted a wide range of critical i

12229283293?profile=RESIZE_400xAfter years of spouting the need in an ease of reporting suspicious activity, I see the US Department of Homeland Security (DHS) now floating several new ideas for how to make federal cyber incident reporting rules ‘simpler’ for victim organizations — including the concept of a single reporting web portal.  Not a new concept, but a wise one. 

There are currently 52 in-effect or proposed federal cyber incident reporting requirements.  As part of the cyber incident reporting bill that was signed i

12227229689?profile=RESIZE_400xAdvanced Persistent Threat (APT) actors have exploited known vulnerabilities in Zoho ManageEngine and Fortinet VPN products to hack an organization in the aeronautical sector, according to a joint report from the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and the Cyber Command’s Cyber National Mission Force (CNMF).  Impacting more than 20 on-premises Zoho ManageEngine products, the first bug, tracked as CVE-2022-47966 (CVSS score of 9.8), allows remote attackers to execute

12201646682?profile=RESIZE_400xThe Internet runs on open-source software (OSS).  It is probably fair to say that open source is everywhere.  The Linux kernel, one of the building blocks of open source, is embedded in everything from most supercomputers, cloud computing, billions of phones, and most operating systems.  “Open Source” software, as its name suggests, is available to anyone, and it poses a particular challenge in tracking what is happening at all times.  This, in turn, leads to the potential for unique and serious

12201638272?profile=RESIZE_400xIn 2020, the US Cyber Command (CYBERCOM) established its private sector partnership program named UNDER ADVISEMENT (who thought up this name?), the purpose of which is to engage industry organizations and share critical cyber threat information and intelligence that supports both CYBERCOM missions and the private sector’s cybersecurity priorities.  According to CYBERCOM’s website https://www.cybercom.mil, formal agreements are made with private sector stakeholders to establish trust, create dial