Malware

Today, CISA—in partnership with the Federal Bureau of Investigation (FBI) and Multi-State Information Sharing and Analysis Center (MS-ISAC)—released joint Cybersecurity Advisory, #StopRansomware: Medusa Ransomware. This advisory provides tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), and detection methods associated with known Medusa ransomware activity. Medusa is a ransomware-as-a-service variant used to conduct ransomware attacks; as of December 2024, over 300 victims from critical infrastructure sectors have been impacted. Medusa actors use common techniques like phishing…

Read More

The Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (IC3) has released an alert warning of a scam involving criminal actors masquerading as the “BianLian Group.” The cyber criminals target corporate executives by sending extortion letters threatening to release victims’ sensitive information unless payment is received.  CISA encourages organizations to review the following FBI Public Service Announcement for more information: Mail Scam Targeting Corporate Executives Claims Ties to Ransomware Organizations should report incidents and anomalous activity…

Read More

Today, CISA—in partnership with the Federal Bureau of Investigation (FBI) and Multi-State Information Sharing and Analysis Center (MS-ISAC)—released a joint Cybersecurity Advisory, #StopRansomware: Ghost (Cring) Ransomware. This advisory provides network defenders with indicators of compromise (IOCs), tactics, techniques, and procedures (TTPs), and detection methods associated with Ghost ransomware activity identified through FBI investigations. Ghost actors conduct these widespread attacks targeting and compromising organizations with outdated versions of software and firmware on their internet facing services.…

Read More

CISA and the Federal Bureau of Investigation (FBI) have released a Secure by Design Alert, Eliminating Buffer Overflow Vulnerabilities, as part of their cooperative Secure by Design Alert series—an ongoing series aimed at advancing industry-wide best practices to eliminate entire classes of vulnerabilities during the design and development phases of the product lifecycle. “Eliminating Buffer Overflow Vulnerabilities” describes proven techniques to prevent or mitigate buffer overflow vulnerabilities through secure by design principles and best practices.…

Read More

CISA is collaborating with private industry partners to respond to reports of exploitation of a vulnerability (CVE-2025-0994) discovered by Trimble impacting its Cityworks Server AMS (Asset Management System). Trimble has released security updates and an advisory addressing a recently discovered deserialization vulnerability enabling an external actor to potentially conduct remote code execution (RCE) against a customer’s Microsoft Internet Information Services (IIS) web server.  CISA has added CVE-2025-0994 to its Known Exploited Vulnerabilities Catalog, based on…

Read More

CISA—in partnership with international and U.S. organizations—released guidance to help organizations protect their network edge devices and appliances, such as firewalls, routers, virtual private networks (VPN) gateways, Internet of Things (IoT) devices, internet-facing servers, and internet-facing operational technology (OT) systems. The published guidance is as follows: “Security Considerations for Edge Devices,” led by the Canadian Centre for Cyber Security (CCCS), a part of the Communications Security Establishment Canada. “Digital Forensics Monitoring Specifications for Products of…

Read More

CISA released a fact sheet, Contec CMS8000 Contains a Backdoor, detailing an analysis of three firmware package versions of the Contec CMS8000, a patient monitor used by the U.S. Healthcare and Public Health (HPH) sector. Analysts discovered that an embedded backdoor function with a hard-coded IP address, CWE – 912: Hidden Functionality (CVE-2025-0626), and functionality that enables patient data spillage, CWE – 359: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2025-0683), exists in…

Read More

CISA, in partnership with the Federal Bureau of Investigation (FBI), released Threat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications. This advisory was crafted in response to active exploitation of vulnerabilities—CVE-2024-8963, an administrative bypass vulnerability; CVE-2024-9379, a SQL injection vulnerability; and CVE-2024-8190 and CVE-2024-9380, remote code execution vulnerabilities—in Ivanti Cloud Service Appliances (CSA) in September 2024. CISA, and the use of trusted third-party incident response data, found that threat actors chained the listed vulnerabilities to…

Read More

In partnership with the Federal Bureau of Investigation (FBI), CISA released an update to joint guidance Product Security Bad Practices in furtherance of CISA’s Secure by Design initiative. This updated guidance incorporates public comments CISA received in response to a Request for Information, adding additional bad practices, context regarding memory-safe languages, clarifying timelines for patching Known Exploited Vulnerabilities (KEVs), and other recommendations. While this voluntary guidance is intended for software manufacturers who develop software products…

Read More

Today, CISA—in partnership with the Defense Advanced Research Projects Agency (DARPA), the Office of the Under Secretary of Defense for Research and Engineering (OUSD R&E), and the National Security Agency (NSA)—published Closing the Software Understanding Gap. This report urgently implores the U.S. government to take decisive and coordinated action.  Software understanding refers to assessing software-controlled systems across all conditions. Mission owners and operators often lack adequate capabilities for software understanding because technology manufacturers build software that…

Read More