Attacks

Today, the United Kingdom’s National Cyber Security Centre (NCSC-UK), the United States’ Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI), New Zealand’s National Cyber Security Centre (NCSC-NZ), the Canadian Centre for Cyber Security (CCCS), and the Australian Signals Directorate (ASD) published a joint Malware Analysis Report (MAR), on Infamous Chisel, a new mobile malware targeting Android devices that has capabilities to enable unauthorized access to compromised devices,…

Read More

CISA urges users to remain on alert for malicious cyber activity following natural disasters, such as hurricanes, as attackers target disaster victims and concerned citizens by leveraging social engineering tactics, techniques, and procedures (TTPs). Social engineering TTPs include phishing, in which threat actors pose as trustworthy persons/organizations—such as disaster-relief charities—to solicit personal information via email or malicious websites. CISA recommends exercising caution in handling emails with disaster-related subject lines, attachments, or hyperlinks. In addition, be…

Read More

VMware has released security updates to address multiple vulnerabilities in Aria Operations for Networks. A cyber threat actor can exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory VMSA-2023-0018 and apply the necessary updates.

Read More

Today, the Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) released a joint Cybersecurity Advisory (CSA), Identification and Disruption of QakBot Infrastructure, to help organizations detect and protect against newly identified QakBot-related activity and malware. QakBot—also known as Qbot, Quackbot, Pinkslipbot, and TA570—is responsible for thousands of malware infections globally.  Originally used as a banking trojan to steal banking credentials for account compromise, QakBot—in most cases—was delivered via phishing campaigns containing…

Read More

CISA has released additional indicators of compromise (IOCs) associated with exploitation of CVE-2023-2868. CVE-2023-2868 is a remote command injection vulnerability affecting Barracuda Email Security Gateway (ESG) Appliance, versions 5.1.3.001-9.2.0.006. Malicious threat actors exploited this vulnerability as a zero day as early as October 2022 to gain access to ESG appliances.  Download the newly released IOCs associated with this activity: IOCs Associated with Exploitation of Barracuda ESG Vulnerability CVE-2023-2868 (JSON, 85.34 KB ) Review the following…

Read More

Today, the Cybersecurity and Infrastructure Security Agency (CISA) released its inaugural Vulnerability Disclosure Policy (VDP) Platform 2022 Annual Report, highlighting the service’s progress supporting vulnerability awareness and remediation across the Federal Civilian Executive Branch (FCEB). This report showcases how agencies have used the VDP Platform—launched in July 2021—to safeguard the FCEB and support risk reduction. The VDP platform gives federal agencies a single, user-friendly interface to intake vulnerability information and to collaborate with the public researcher community for…

Read More

Today, the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA) and National Institute of Standards and Technology (NIST) released a joint factsheet, Quantum-Readiness: Migration to Post-Quantum Cryptography (PQC), to inform organizations—especially those that support Critical Infrastructure—of the impacts of quantum capabilities, and to encourage the early planning for migration to post-quantum cryptographic standards by developing a Quantum-Readiness Roadmap. CISA, NSA, and NIST urge organizations to review the joint factsheet and to begin preparing…

Read More

Juniper has released a security advisory to address vulnerabilities in Junos OS on SRX Series and EX Series. A remote cyber threat actor could exploit these vulnerabilities to cause a denial-of service condition. CISA encourages users and administrators to review Juniper’s Support Portal and apply the necessary updates.

Read More

Atlassian has released its security bulletin for August 2023 to address a vulnerability in Confluence Server and Data Center, CVE-2023-28709. A remote attacker can exploit this vulnerability to cause a denial-of-service condition. CISA encourages users and administrators to review Atlassian’s August 2003 Security Bulletin and apply the necessary update.

Read More

Today, CISA released the Remote Monitoring and Management (RMM) Cyber Defense Plan, the first proactive Plan developed by industry and government partners through the Joint Cyber Defense Collaborative (JCDC). This plan addresses systemic risks facing the exploitation of RMM software. Cyber threat actors can gain footholds via RMM software into managed service providers (MSPs) or manage security service providers (MSSPs) servers and, by extension, can cause cascading impacts for the small and medium-sized organizations that…

Read More