Continuous Monitoring and Protection
The transportation industry has doubled down in the area of fleet tracking in recent years, which has come with great benefits and not a few security headaches. On the consumer side, we’ve spoken of Apple’s AirTag and how it has been used to find personal items of import — and also its potential to be abused by the nefarious to track and trace individuals. Now we see that Google is jumping into the fray, with…
Read MoreToday, CISA retired US-CERT and ICS-CERT, integrating CISA’s operational content into a new CISA.gov website that better unifies CISA’s mission. CISA will continue to be responsible for coordinating cybersecurity programs within the U.S. government to protect against malicious cyber activity, including activity related to industrial control systems. In keeping with this responsibility, CISA will continue responding to incidents, providing technical assistance, and disseminating timely notifications of cyber threats and vulnerabilities. Visit the new CISA.gov today!…
Read MoreCISA assesses that the United States and European nations may experience disruptive and defacement attacks against websites in an attempt to sow chaos and societal discord on February 24, 2023, the anniversary of Russia’s 2022 invasion of Ukraine. CISA urges organizations and individuals to increase their cyber vigilance in response to this potential threat. In response to the heightened geopolitical tensions resulting from Russia’s full-scale invasion of Ukraine, CISA maintains public cybersecurity resources, including Shields…
Read MoreCISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2022-36537 ZK Framework AuUploader Unspecified Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses a significant risk to the federal enterprise. Note: To view other newly added vulnerabilities in the catalog, click on the arrow in the “Date Added to Catalog” column—which will sort by descending dates. Binding Operational Directive (BOD)…
Read MoreToday, CISA released a Cybersecurity Advisory, CISA Red Team Shares Key Findings to Improve Monitoring and Hardening of Networks. This advisory describes a red team assessment of a large critical infrastructure organization with a mature cyber posture. CISA is releasing this Cybersecurity Advisory (CSA) detailing the red team’s tactics, techniques, and procedures (TTPs) and key findings to provide network defenders proactive steps to reduce the threat of similar activity from malicious cyber actors. As…
Read MoreCISA released three Industrial Control Systems (ICS) advisories on February 28, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-23-059-01 Hitachi Energy Gateway Station ICSA-23-059-02 Hitachi Energy Gateway Station ICSA-22-139-01 Mitsubishi Electric MELSEC iQ-F Series (Update B) Please share your thoughts. We recently updated our anonymous Product Feedback Survey and we’d…
Read MoreToday, CISA released Decider, a free tool to help the cybersecurity community map threat actor behavior to the MITRE ATT&CK framework. Created in partnership with the Homeland Security Systems Engineering and Development Institute™ (HSSEDI) and MITRE, Decider helps make mapping quick and accurate through guided questions, a powerful search and filter function, and a cart functionality that lets users export results to commonly used formats. Network defenders, analysts, and researchers can see CISA’s video, fact…
Read MoreIn response to the attack, Chick-fil-A forced customers to reset passwords, froze funds loaded into accounts, and removed any stored payment information from accounts. Chick-fil-A also states that they restored Chick-fil-A One account balances and added rewards to impacted accounts as a way of apologizing. As the accounts were breached using credentials exposed in other data breaches, impacted users must change their passwords at all sites they frequent, especially if they use the same Chick-fil-A…
Read MoreHatch Bank has offered to provide free access to credit monitoring services for 12 months to any affected individuals. This attack is just one example of an incident involving a third-party service. Whenever an organization is looking to do business with a third-party company, they should go through their own security audit of the company before signing a contract. This can include paying for a penetration test or requesting recent penetration test results, as well…
Read MoreThe Message Queuing Telemetry Transport (MQTT) protocol is a protocol that is known as the standard for IoT messaging and occurs over port 1883. As IoT devices become more and more prevalent in an environment, this typically opens a greater number of potential vulnerabilities to be exploited as IoT devices are often more insecure. From an organizational standpoint, the best way to protect against this campaign would be to limit IoT devices in the environment…
Read More