Attacks

Today, the Cybersecurity and Infrastructure Security Agency (CISA) released an updated public version of the Continuous Diagnostics and Mitigation (CDM) Data Model Document. Version 5.0.1 aligns with fiscal year 2023 Federal Information Security Modernization Act (FISMA) metrics. The CDM Data Model Document provides a comprehensive description of a common data schema to ensure that prescribed diagnostic activities within CDM solutions are consistent across all participating federal agencies. Agencies leverage the common data schema to accomplish…

Read More

Today, CISA—in partnership with the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and international partners—released joint guidance, Enhanced Visibility and Hardening Guidance for Communications Infrastructure. Partners of this guidance include:  Australian Signals Directorate’s (ASD’s) Australian Cyber Security Centre (ACSC)  Canadian Centre for Cyber Security (CCCS) New Zealand’s National Cyber Security Centre (NCSC-NZ) This guidance was crafted in response to a People’s Republic of China (PRC)-affiliated threat actor’s compromise of “networks of major…

Read More

Today, CISA released Enhancing Cyber Resilience: Insights from CISA Red Team Assessment of a U.S. Critical Infrastructure Sector Organization in coordination with the assessed organization. This cybersecurity advisory details lessons learned and key findings from an assessment, including the Red Team’s tactics, techniques, and procedures (TTPs) and associated network defense activity. This advisory provides comprehensive technical details of the Red Team’s cyber threat activity, including their attack path to compromise a domain controller and human…

Read More

The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the Homeland Security Systems Engineering and Development Institute (HSSEDI), operated by MITRE, has released the 2024 CWE Top 25 Most Dangerous Software Weaknesses. This annual list identifies the most critical software weaknesses that adversaries frequently exploit to compromise systems, steal sensitive data, or disrupt essential services. Organizations are strongly encouraged to review this list and use it to inform their software security strategies. Prioritizing these weaknesses…

Read More

Today, CISA, the Federal Bureau of Investigation (FBI), and the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) released updates to #StopRansomware: BianLian Ransomware Group on observed tactics, techniques, and procedures (TTPs) and indicators of compromise attributed to data extortion group, BianLian. The advisory, originally published May 2023, has been updated with additional TTPs obtained through FBI and ASD’s ACSC investigations and industry threat intelligence as of June 2024. BianLian is likely based in…

Read More

Today, the Cybersecurity and Infrastructure Security Agency (CISA) and the U.S. Department of Agriculture (USDA) released Phishing-Resistant Multi-Factor Authentication (MFA) Success Story: USDA’s FIDO Implementation. This report details how USDA successfully implemented phishing-resistant authentication for its personnel in situations where USDA could not exclusively rely on personal identity verification (PIV) cards.  USDA turned to Fast IDentity Online (FIDO) capabilities, a set of authentication protocols that uses cryptographic keys on user devices, to offer a secure…

Read More

Palo Alto Networks (PAN) has released an important informational bulletin on securing management interfaces after becoming aware of claims of an unverified remote code execution vulnerability via the PAN-OS management interface. CISA urges users and administrators to review the following for more information, follow PAN’s guidance for hardening network devices, review PAN’s instruction for accessing organization’s scan results for internet-facing management interfaces, and take immediate action if required: PAN-SA-2024-0015 Important Informational Bulletin: Ensure Access to Management…

Read More

Microsoft released security updates to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following and apply necessary updates: Microsoft Security Update Guide for November

Read More

Ivanti released security updates to address vulnerabilities in Ivanti Endpoint Manager (EPM), Ivanti Avalanche, Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti Security Access Client. CISA encourages users and administrators to review the following Ivanti security advisories and apply the necessary guidance and updates: Ivanti Security Advisory EPM Ivanti Security Advisory Avalanche Ivanti Security Advisory Connect Secure, Ivanti Policy Secure, and Ivanti Security Access Client

Read More

The Cybersecurity and Infrastructure Security Agency (CISA), through the Joint Cyber Defense Collaborative (JCDC), enabled proactive coordination and information sharing to bolster cybersecurity ahead of the 2024 Olympic and Paralympic Games in Paris. Recognizing the potential for cyber threats targeting the Games, CISA worked to strengthen U.S. private sector ties and facilitate connections with key French counterparts to promote collective defense measures. Utilizing its role as a key facilitator between public and private sector partners,…

Read More