Malware

CISA Releases Joint Guide for Software Manufacturers: The Case for Memory Safe Roadmaps

Today, as part of the Secure by Design campaign, CISA published The Case for Memory Safe Roadmaps: Why Both C-Suite Executives and Technical Experts Need to Take Memory Safe Coding Seriously in collaboration with the following partners: United States National Security Agency United States Federal Bureau of Investigation Australian Signals Directorate’s Australian Cyber Security Centre Canadian Centre for Cyber Security United Kingdom National Cyber Security Centre New Zealand National Cyber Security Centre Computer Emergency Response…

Read More

CISA Releases Advisory on Threat Actors Exploiting CVE-2023-26360 Vulnerability in Adobe ColdFusion

Today, CISA released a Cybersecurity Advisory (CSA), Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers, to disseminate known indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs). The vulnerability in ColdFusion (CVE-2023-26360) presents as an improper access control issue and exploitation of this CVE can result in arbitrary code execution. CISA encourages network defenders and critical infrastructure organizations to review the CSA to improve their cybersecurity posture and protect against…

Read More

CISA Removes One Known Exploited Vulnerability From Catalog

CISA is continually collaborating with partners across government and the private sector. As a result of this collaboration, CISA has concluded that there is insufficient evidence to keep the following CVE in the catalog and has removed it: CVE-2022-28958 DIR-816L Remote Code Execution Vulnerability Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant…

Read More

CISA and Partners Release Joint Advisory on IRGC-Affiliated Cyber Actors Exploiting PLCs

Today, CISA, the Federal Bureau of Investigation (FBI), National Security Agency (NSA), Environmental Protection Agency (EPA), and the Israel National Cyber Directorate (INCD) released a joint Cybersecurity Advisory (CSA) IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors in response to the active exploitation of Unitronics programmable logic controllers (PLCs) in multiple sectors, including U.S. Water and Wastewater Systems (WWS) facilities, by Iranian Government Islamic Revolutionary Guard Corps (IRGC)-affiliated advanced persistent threat (APT) cyber actors.  IRGC-affiliated cyber…

Read More

IOTW: Ransomware gang steals 1.3TB of data from Sabre

Ransomware gang Dunghill Leak has claimed responsibility for a cyber attack against travel booking company Sabre. Dunghill claimed in a post on its dark web data leaks site that it had stolen 1.3 terabytes of data from Sabre, including corporate financial information, passenger turnover and ticket sales data and personal employee information. The ransomware gang validated its claims by sharing a portion of the stolen data, promising that the rest of the data will be…

Read More

Spyware is being spread via fake natural disaster alerts

Malware is being spread to Android devices via fake volcano eruption alerts, cyber security researchers have found.  Researchers at Italian cyber security company, D3Labs, published a blog about the malicious software on October 16. They discovered that malicious actors were exploiting the IT-Alert service, a new public alert system used by the Italian government to disseminate crucial information to its citizens in emergency situations, for example natural disasters.  In order to convince unsuspecting victims into…

Read More

Cyber security advisory warns of emerging ransomware variant Rhysida

A new cybersecurity advisory has warned of the threats posed by emerging ransomware variant Rhysida. The advisory, published jointly by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI) and the Multi-State Information Sharing and Analysis Center (MS-ISAC), disseminates the known indicators of compromise (IOCs) and tactics, techniques and procedures (TTPs) of the Rhysida ransomware operators. It also outlines the mitigative steps organizations should take to reduce the likelihood and impact…

Read More

Multiple Vulnerabilities Affecting Web-Based Court Case and Document Management Systems

CISA has assisted a researcher with coordinating the disclosure of multiple researcher-discovered vulnerabilities affecting web-based case and document management systems used by multiple state, county, and municipal courts. Affected systems include products from Tyler Technologies and Catalis and custom software used by specific counties in Florida. In summary, the vulnerabilities allow an unauthenticated, remote attacker to access sensitive documents by manipulating identifiers and file names in URLs. CISA understands that some of the vulnerabilities may…

Read More

CISA Releases First Secure by Design Alert

Today, CISA published guidance on How Software Manufacturers Can Shield Web Management Interfaces From Malicious Cyber Activity as a part of a new Secure by Design (SbD) Alert series.    This SbD Alert urges software manufacturers to proactively prevent the exploitation of vulnerabilities in web management interfaces by designing and developing their products using SbD principles:   Take Ownership of Customer Security Outcomes.  Embrace Radical Transparency and Accountability.    For more information on SbD principles,…

Read More

Exploitation of Unitronics PLCs used in Water and Wastewater Systems

CISA is responding to active exploitation of Unitronics programmable logic controllers (PLCs) used in the Water and Wastewater Systems (WWS) Sector. Cyber threat actors are targeting PLCs associated with WWS facilities, including an identified Unitronics PLC, at a U.S. water facility. In response, the affected municipality’s water authority immediately took the system offline and switched to manual operations—there is no known risk to the municipality’s drinking water or water supply. WWS Sector facilities use PLCs…

Read More