Insights

ConnectWise Quietly Patches Flaw That Helps Phishers

ConnectWise, which offers a self-hosted, remote desktop software application that is widely used by Managed Service Providers (MSPs), is warning about an unusually sophisticated phishing attack that can let attackers take remote control over user systems when recipients click the included link. The warning comes just weeks after the company quietly patched a vulnerability that makes it easier for phishers to launch these attacks. A phishing attack targeting MSP customers using ConnectWise. ConnectWise Control is…

Read More

#StopRansomware: Cuba Ransomware 

Original release date: December 1, 2022 Today, the Federal Bureau of Investigation (FBI) and CISA released a joint Cybersecurity Advisory (CSA) #StopRansomware: Cuba Ransomware to provide network defenders tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) associated with Cuba ransomware. FBI investigations identified these TTPs and IOCs as recently as August 2022. This CSA updates the December 2021 FBI Flash: Indicators of Compromise Associated with Cuba Ransomware. Key updates include: FBI has identified a…

Read More

CISA Releases Seven Industrial Control Systems Advisories

Original release date: November 29, 2022 CISA released seven (7) Industrial Control Systems (ICS) advisories on November 29, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-22-333-01 Mitsubishi Electric GOT2000 ICSA-22-333-02 Hitachi Energys IED Connectivity Packages and PCM600 Products ICSA-22-333-03 Hitachi Energys MicroSCADA ProX SYS600 Products ICSA-22-333-04 Moxa UC Series ICSA-22-333-05…

Read More

U.S. Govt. Apps Bundled Russian Code With Ties to Mobile Malware Developer

A recent scoop by Reuters revealed that mobile apps for the U.S. Army and the Centers for Disease Control and Prevention (CDC) were integrating software that sends visitor data to a Russian company called Pushwoosh, which claims to be based in the United States. But that story omitted an important historical detail about Pushwoosh: In 2013, one of its developers admitted to authoring the Pincer Trojan, malware designed to surreptitiously intercept and forward text messages from Android mobile devices.…

Read More

Researchers Quietly Cracked Zeppelin Ransomware Keys

Peter is an IT manager for a technology manufacturer that got hit with a Russian ransomware strain called “Zeppelin” in May 2020. He’d been on the job less than six months, and because of the way his predecessor architected things, the company’s data backups also were encrypted by Zeppelin. After two weeks of stalling their extortionists, Peter’s bosses were ready to capitulate and pay the ransom demand. Then came the unlikely call from an FBI…

Read More

CISA, NSA, and ODNI Release Guidance for Customers on Securing the Software Supply Chain 

Original release date: November 17, 2022 | Last revised: November 18, 2022 Today, CISA, the National Security Agency (NSA), and the Office of the Director of National Intelligence (ODNI), published the third of a three-part series on securing the software supply chain: Securing Software Supply Chain Series – Recommended Practices Guide for Customers. This publication follows the August 2022 release of guidance for developers and October 2022 release of guidance for suppliers. The guidance released…

Read More

#StopRansomware: Hive

Original release date: November 17, 2022 Today, CISA, the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) released joint Cybersecurity Advisory (CSA) #StopRansomware: Hive Ransomware to provide network defenders tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) associated with Hive ransomware variants. FBI investigations identified these TTPs and IOCs as recently as November 2022.  Hive ransomware has targeted a wide range of businesses and critical infrastructure sectors, including…

Read More

Cisco Releases Security Updates for Identity Services Engine

Original release date: November 16, 2022 Cisco has released security updates for vulnerabilities affecting Cisco Identity Services Engine (ISE). A remote attacker could exploit some of these vulnerabilities to bypass authorization and access system files. For updates addressing vulnerabilities, see the Cisco Security Advisories page.    CISA encourages users and administrators to review the following advisories and apply the necessary updates: Cisco Identity Services Engine Insufficient Access Control Vulnerability Cisco Identity Services Engine Cross-Site Scripting…

Read More

Disneyland Malware Team: It’s a Puny World After All

A financial cybercrime group calling itself the Disneyland Team has been making liberal use of visually confusing phishing domains that spoof popular bank brands using Punycode, an Internet standard that allows web browsers to render domain names with non-Latin alphabets like Cyrillic. The Disneyland Team’s Web interface, which allows them to interact with malware victims in real time to phish their login credentials using phony bank websites. The Disneyland Team uses common misspellings for top…

Read More

Mozilla Releases Security Updates for Multiple Products

Original release date: November 16, 2022 Mozilla has released security updates to address vulnerabilities in Thunderbird, Firefox ESR, and Firefox. An attacker could exploit these vulnerabilities to cause user confusion or conduct spoofing attacks. CISA encourages users and administrators to review Mozilla’s security advisories for Thunderbird 102.5, Firefox ESR 102.5, and Firefox 107 for mitigations and updates. This product is provided subject to this Notification and this Privacy & Use policy.

Read More