Continuous Monitoring and Protection
Juniper Networks has released a security advisory that addresses a vulnerability in Junos OS and Junos OS Evolved. A remote attacker could exploit this vulnerability to cause a denial-of-service condition. CISA encourages users and administrators to review the Juniper Security Advisory for CVE-2023-0026 and apply the necessary updates.
Read MoreMultinational accounting firms PricewaterhouseCoopers (PwC) and Ernst & Young (EY) are among the seemingly ever-growing list of victims linked to a cyber security incident that originated with data transfer service, MOVEit. A supply chain cyber attack launched at MOVEit by ransomware gang Clop has resulted in a series of data breaches for a large number of high-profile brands including Health Service Ireland (HSE) and payroll services provider Zellis. The breach of Zellis has also led to…
Read MoreRansomware gang ALPHV, most commonly known as BlackCat, is allegedly responsible for the theft of 80GB of data from social media site Reddit. The allegation comes directly from the ransomware gang, who have claimed responsibility for a data breach that happened in February of this year. In a post on the gang’s data leaks site, BlackCat claimed to have stolen 80GB of compressed data during the attack and are planning on selling it. The malicious actors…
Read MoreToday, CISA, the Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Center (MS-ISAC) released an update for joint Cybersecurity Advisory (CSA) Threat Actors Exploit Progress Telerik Vulnerability in U.S. Government IIS Server. This iteration of the CSA—now renamed Threat Actors Exploit Progress Telerik Vulnerabilities in Multiple U.S. Government IIS Servers—is based on the forensic analysis and identified exploitation of CVE-2017-9248 at an additional FCEB agency. Activity identified at this agency is separate…
Read MoreBarracuda Networks has released an update to their advisory addressing a vulnerability—CVE-2023-2868—in their Email Security Gateway Appliance (ESG). According to Barracuda, customers should replace impacted appliances immediately. CISA urges organizations to review the Barracuda advisory and for all impacted customers to follow the mitigation steps as well as hunt for the listed indicators of compromise (IOCs) to uncover any malicious activity. For more information, see Mandiant’s advisory on Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868) Exploited Globally…
Read MoreCISA released fourteen Industrial Control Systems (ICS) advisories on June 15, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-166-01 SUBNET PowerSYSTEM Center ICSA-23-166-02 Advantech WebAccessSCADA ICSA-23-166-03 Siemens SICAM Q200 Devices ICSA-23-166-04 Siemens SIMOTION ICSA-23-166-05 Siemens SIMATIC WinCC ICSA-23-166-06 Siemens TIA Portal ICSA-23-166-07 Siemens SIMATIC WinCC V7 ICSA-23-166-08 Siemens SIMATIC STEP 7 and Derived Products ICSA-23-166-09 Siemens Solid Edge ICSA-23-166-10 Siemens SIMATIC S7-1500 TM MFP BIOS ICSA-23-166-11 Siemens…
Read MoreProgress Software has released a security advisory for a privilege escalation vulnerability (CVE-2023-35708) in MOVEit Transfer—a Managed File Transfer Software. A cyber threat actor could exploit this vulnerability to take control of an affected system. CISA urges users and organizations to review the MOVEit Transfer advisory, follow the mitigation steps, and apply the necessary updates when available.
Read MoreToday, CISA, the Federal Bureau of Investigation (FBI), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and international partners released Understanding Ransomware Threat Actors: LockBit, a joint Cybersecurity Advisory (CSA) to help organizations understand and defend against threat actors using LockBit, the most globally used and prolific Ransomware-as-a-Service (RaaS) in 2022 and 2023. This guide is a comprehensive resource detailing the observed common vulnerabilities and exposures (CVEs) exploited, as well as the tools, and tactics,…
Read MoreToday, CISA, together with the National Security Agency (NSA), released a Cybersecurity Information Sheet (CSI), highlighting threats to Baseboard Management Controller (BMC) implementations and detailing actions organizations can use to harden them. BMCs are trusted components designed into a computer’s hardware that operate separately from the operating system (OS) and firmware to allow for remote management and control, even when the system is shut down. Hardened credentials, firmware updates, and network segmentation options are often…
Read MoreBritish television watchdog Ofcom is the latest victim of a supply chain attack against document transfer service MOVEit. The cyber attack against MOVEit saw Russian ransomware gang Clop exploit a critical zero-day vulnerability in the company’s infrastructure. This vulnerability allowed Clop to access the networks of companies that use MOVEit, meaning they were able to access and steal their data. During the cyber attack against Ofcom, confidential data on the companies regulated by the organization…
Read More