Insights

02 Nov

Russian Reshipping Service ‘SWAT USA Drop’ Exposed

Information, Insights

The login page for the criminal reshipping service SWAT USA Drop. One of the largest cybercrime services for laundering stolen merchandise was hacked recently, exposing its internal operations, finances and organizational structure. Here’s a closer look at the Russia-based SWAT USA Drop Service, which currently employs more than 1,200 people across the United States who are knowingly or unwittingly involved in reshipping expensive consumer goods purchased with stolen credit cards. Among the most common ways…

Read More
31 Oct

.US Harbors Prolific Malicious Link Shortening Service

Information, Insights

The top-level domain for the United States — .US — is home to thousands of newly-registered domains tied to a malicious link shortening service that facilitates malware and phishing scams, new research suggests. The findings come close on the heels of a report that identified .US domains as among the most prevalent in phishing attacks over the past year. Researchers at Infoblox say they’ve been tracking what appears to be a three-year-old link shortening service…

Read More
27 Oct

CISA Updates Guidance for Addressing Cisco IOS XE Web UI Vulnerabilities With Additional Releases

Attacks, Insights, Malware

Today, CISA updated its guidance addressing two vulnerabilities, CVE-2023-20198 and CVE-2023-20273, affecting Cisco’s Internetworking Operating System (IOS) XE Software Web User Interface (UI). The guidance now notes that Cisco has fixed these vulnerabilities for the 17.6 Cisco IOS XE software release train with the 17.6.6a update. According to Cisco’s Security Advisory: Multiple Vulnerabilities in Cisco IOS XE Software Web UI Feature, fixes are still to be determined for the following Cisco IOS XE software release…

Read More
27 Oct

CISA Announces Launch of Logging Made Easy

Attacks, Insights, Malware

Today, CISA announces the launch of a new version of Logging Made Easy (LME), a straightforward log management solution for Windows-based devices that can be downloaded and self-installed for free. CISA’s version reimagines technology developed by the United Kingdom’s National Cyber Security Centre (NCSC), making it available to a wider audience. Log management makes systems more secure. Until now, it has been a heavy lift for many targeted organizations, especially those with limited resources. CISA’s LME is…

Read More
26 Oct

Apple Releases Security Advisories for Multiple Products

Attacks, Insights, Malware

Apple has released security updates to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected device. CISA encourages users and administrators to review the following advisories and apply the necessary updates: iOS 17.1 and iPadOS 17.1 iOS 16.7.2 and iPadOS 16.7.2 iOS 15.8 and iPadOS 15.8 macOS Sonoma 14.1 macOS Ventura 13.6.1 macOS Monterey 12.7.1 tvOS 17.1 watchOS 10.1 Safari 17.1

Read More
26 Oct

VMware Releases Security Advisory for vCenter Server

Attacks, Insights, Malware

VMware released a security advisory for a vulnerability (CVE-2023-34048) affecting the VMware vCenter Server and (CVE-2023-34056) affecting [VMware Cloud Foundation]. A remote cyber actor could exploit these vulnerabilities to obtain information or take control of an affected system. CISA encourages users and administrators to review the VMware vCenter Server Out-of-Bounds Write Vulnerability VMSA-2023-0023 advisory and apply the necessary updates.  

Read More
24 Oct

Cybersecurity Awareness Month 2023 Blog Series | Recognizing and Reporting Phishing

Insights

During this week’s blog series, we sat down with two of our NIST experts from the Visualization and Usability Group at NIST — Shanée Dawkins and Jody Jacobs — who discussed the importance of recognizing and reporting phishing. This blog wraps up our Cybersecurity Awareness Month 2023 blog series…but we of course plan to continue to share, collaborate, learn, and spread the word all year long. 1. This week’s Cybersecurity Awareness Month theme is ‘recognize and report…

Read More
23 Oct

NJ Man Hired Online to Firebomb, Shoot at Homes Gets 13 Years in Prison

Information, Insights

A 22-year-old New Jersey man has been sentenced to more than 13 years in prison for participating in a firebombing and a shooting at homes in Pennsylvania last year. Patrick McGovern-Allen was the subject of a Sept. 4, 2022 story here about the emergence of “violence-as-a-service” offerings, where random people from the Internet hire themselves out to perform a variety of local, physical attacks, including firebombing a home, “bricking” windows, slashing tires, or performing a…

Read More
23 Oct

CISA Updates Guidance for Addressing Cisco IOS XE Web UI Vulnerabilities

Attacks, Insights, Malware

Today, CISA updated its guidance addressing two vulnerabilities, CVE-2023-20198 and CVE-2023-20273, affecting Cisco’s Internetworking Operating System (IOS) XE Software Web User Interface (UI). The guidance now notes that Cisco has fixed these vulnerabilities for the 17.9 Cisco IOS XE software release train with the 17.9.4a update. According to Cisco’s Security Advisory: Multiple Vulnerabilities in Cisco IOS XE Software Web UI Feature, fixes are still to be determined for the following Cisco IOS XE software release…

Read More