Hackers from the People's Republic of China spent up to five years in US networks as part of a cyber operation that targeted US critical infrastructure, law enforcement and international agencies said earlier this week. "The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI) assess that People's Republic of China (PRC) state sponsored cyber actors are seeking to preposition themselves on IT networks for disruptive o
cisa (97)
“Vote early and often.” In his book Capone, author John Kobler attributes the phrase to the gangster Al Capone. In the United States, Republicans accused their opponents of inviting such corruption with their support of the National Voter Registration Act of 1993, the "Motor Voter Law."
See: https://redskyalliance.org/xindustry/election-day-concerns
Jen Easterly, Director of the US Cybersecurity and Infrastructure Security Agency (CISA), stated in an interview on 19 January 2024 that "the Ame
Several US federal agencies published a guide of cybersecurity best practices for the water and sanitation sector following criticism from a US government watchdog about the government’s work with the industry. This past week, the US Environmental Protection Agency (EPA) partnered with the FBI and Cybersecurity and Infrastructure Security Agency (CISA) to release a manual providing the water industry with more information on cyber incident response as well as the roles, resources and responsibi
The Russia-based actor Star Blizzard (formerly known as SEABORGIUM, also known as Callisto Group/TA446/COLDRIVER/TAG-53/BlueCharlie) continues to successfully use spear-phishing attacks against targeted organizations and individuals in numerous global geographical areas of interest for information-gathering activity.
The UK National Cyber Security Centre (NCSC), the US Cybersecurity and Infrastructure Security Agency (CISA), the US Federal Bureau of Investigation (FBI), the US National Security
A known ransomware group claims to have breached the systems of Kraft Heinz, but the food company says it cannot verify the cybercriminals’ allegations. The ransomware group named Snatch publicly named Kraft Heinz on its website on 14 December 2023, but the post appears to have been created on 16 August 2023, which indicates that the attack occurred months ago.
See: https://redskyalliance.org/xindustry/snatch-ransomware
Snatch ransomware first appeared in 2018 and was formerly called Team Trun
CYBERSECURITY BEST PRACTICES, MALWARE, PHISHING, AND RANSOMWARE, CYBER THREATS AND ADVISORIES
The link below provides is document is a one-stop resource to help organizations reduce the risk of ransomware incidents through best practices to detect, prevent, respond, and recover, including step-by-step approaches to address potential attacks. This publication was developed through the Joint Ransomware Task Force (JRTF), an interagency body established by Congress in the Cyber Incident Reporting
Colonial Pipeline said there has been no disruption to pipeline operations or their systems after a ransomware gang made several threats last Friday; yes Friday the 13th. The company, which runs the largest pipeline system for refined oil products in the US, addressed claims made by the Ransomed.vc gang that data had been stolen from their systems.
“Colonial Pipeline is aware of unsubstantiated claims posted to an online forum that its system has been compromised by an unknown party. After wor
The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing this joint Cybersecurity Advisory (CSA) in response to the active exploitation of CVE-2023-22515. This recently disclosed vulnerability affects certain versions of Atlassian Confluence Data Center and Server, enabling malicious cyber threat actors to obtain initial access to Confluence instances by creating unauthoriz
US Authorities have shared a joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to see all #StopRansomware advisories and to learn
To celebrate the 20th Cybersecurity Awareness Month, CISA has launched a new program, meant to promote four critical actions that businesses and individuals can take to improve cybersecurity. Since 2004, October has been dedicated to raising awareness on the importance of cybersecurity for both private and public sectors, as part of a collaborative effort between government and industry. This year, CISA is introducing Secure Our World, an initiative to deliver an “enduring message” to be integ
A US government shutdown affects about 800,000 federal employees out of 1.8 million full-time civil servants. About 380,000 are furloughed, meaning they cannot work or get paid. The rest are working without pay. A government shutdown can cause financial hardship for many federal employees, who may have to use their savings to survive while furloughed.
Nearly 85% of US cybersecurity agency CISA staff may be sent home at the end of the week as a government shutdown looms. The US government wil
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have released a this joint CSA to disseminate known ransomware IOCs and TTPs associated with the Snatch ransomware variant.
Since mid-2021, Snatch threat actors have consistently evolved their tactics to take advantage of current trends in the cybercriminal space and leveraged successes of other ransomware variants’ operations. Snatch threat actors have targeted a wide range of critical i
After years of spouting the need in an ease of reporting suspicious activity, I see the US Department of Homeland Security (DHS) now floating several new ideas for how to make federal cyber incident reporting rules ‘simpler’ for victim organizations — including the concept of a single reporting web portal. Not a new concept, but a wise one.
There are currently 52 in-effect or proposed federal cyber incident reporting requirements. As part of the cyber incident reporting bill that was signed i
Advanced Persistent Threat (APT) actors have exploited known vulnerabilities in Zoho ManageEngine and Fortinet VPN products to hack an organization in the aeronautical sector, according to a joint report from the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and the Cyber Command’s Cyber National Mission Force (CNMF). Impacting more than 20 on-premises Zoho ManageEngine products, the first bug, tracked as CVE-2022-47966 (CVSS score of 9.8), allows remote attackers to execute
The Internet runs on open-source software (OSS). It is probably fair to say that open source is everywhere. The Linux kernel, one of the building blocks of open source, is embedded in everything from most supercomputers, cloud computing, billions of phones, and most operating systems. “Open Source” software, as its name suggests, is available to anyone, and it poses a particular challenge in tracking what is happening at all times. This, in turn, leads to the potential for unique and serious
In 2020, the US Cyber Command (CYBERCOM) established its private sector partnership program named UNDER ADVISEMENT (who thought up this name?), the purpose of which is to engage industry organizations and share critical cyber threat information and intelligence that supports both CYBERCOM missions and the private sector’s cybersecurity priorities. According to CYBERCOM’s website https://www.cybercom.mil, formal agreements are made with private sector stakeholders to establish trust, create dial
Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged-on user. Depending on the privileges associated with the user, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those with administrative user rights.[1]
THREAT INTELLIGEN
The US Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Canadian Centre for Cyber Security (CCCS) released a joint cybersecurity advisory (CSA) regarding new Truebot malware variants that are being used against organizations in the United States and Canada.
Older versions of the Truebot malware variant were delivered via malicious phishing email attachments, the CSA expla
The US Department of Energy and several other federal agencies were compromised in a Russian cyber-extortion gang’s global hack of a file-transfer program popular with corporations and governments. Still, the impact was not expected to be great, Homeland Security officials said on 15 June 2023. But for others, among what could be hundreds of victims from industry to higher education, including patrons of at least two state motor vehicle agencies, the hack was beginning to show some serious impa
On 23 May 2023, US authorities in CISA, the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) published an updated version of the #StopRansomware Guide. Ransomware actors have accelerated their tactics and techniques since its initial release in 2020 and this guide will assist in helping cyber prevention. The update incorporates lessons learned from the past two years and includes additional recommend
