CyberSecurity Updates

03 Apr

NSA, CISA, FBI, and International Partners Release Cybersecurity Advisory on “Fast Flux,” a National Security Threat

Attacks, Insights, Malware

Today, CISA—in partnership with the National Security Agency (NSA), Federal Bureau of Investigation (FBI), Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), Canadian Centre for Cyber Security (CCCS), and New Zealand’s National Cyber Security Centre (NCSC-NZ)—released joint Cybersecurity Advisory Fast Flux: A National Security Threat (PDF, 841 KB). This advisory warns organizations, internet service providers (ISPs), and cybersecurity service providers of the ongoing threat of fast flux enabled malicious activities and provides guidance on…

Read More
30 Mar

How Each Pillar of the 1st Amendment is Under Attack

Information, Insights

“Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.” -U.S. Constitution, First Amendment. Image: Shutterstock, zimmytws. In an address to Congress this month, President Trump claimed he had “brought free speech back to America.” But barely two months into…

Read More
28 Mar

CISA Releases Malware Analysis Report on RESURGE Malware Associated with Ivanti Connect Secure

Attacks, Insights, Malware

CISA has published a Malware Analysis Report (MAR) with analysis and associated detection signatures on a new malware variant CISA has identified as RESURGE. RESURGE contains capabilities of the SPAWNCHIMERA[1] malware variant, including surviving reboots; however, RESURGE contains distinctive commands that alter its behavior. These commands:  Create a web shell, manipulate integrity checks, and modify files.  Enable the use of web shells for credential harvesting, account creation, password resets, and escalating permissions.  Copy the web…

Read More
27 Mar

When Getting Phished Puts You in Mortal Danger

Information, Insights

Many successful phishing attacks result in a financial loss or malware infection. But falling for some phishing scams, like those currently targeting Russians searching online for organizations that are fighting the Kremlin war machine, can cost you your freedom or your life. The real website of the Ukrainian paramilitary group “Freedom of Russia” legion. The text has been machine-translated from Russian. Researchers at the security firm Silent Push mapped a network of several dozen phishing…

Read More
21 Mar

Arrests in Tap-to-Pay Scheme Powered by Phishing

Information, Insights

Authorities in at least two U.S. states last week independently announced arrests of Chinese nationals accused of perpetrating a novel form of tap-to-pay fraud using mobile devices. Details released by authorities so far indicate the mobile wallets being used by the scammers were created through online phishing scams, and that the accused were relying on a custom Android app to relay tap-to-pay transactions from mobile devices located in China. Image: WLVT-8. Authorities in Knoxville, Tennessee…

Read More
19 Mar

DOGE to Fired CISA Staff: Email Us Your Personal Data

Information, Insights

A message posted on Monday to the homepage of the U.S. Cybersecurity & Infrastructure Security Agency (CISA) is the latest exhibit in the Trump administration’s continued disregard for basic cybersecurity protections. The message instructed recently-fired CISA employees to get in touch so they can be rehired and then immediately placed on leave, asking employees to send their Social Security number or date of birth in a password-protected email attachment — presumably with the password needed…

Read More
18 Mar

Supply Chain Compromise of Third-Party GitHub Action, CVE-2025-30066

Attacks, Insights, Malware

A popular third-party GitHub Action, tj-actions/changed-files (tracked as CVE-2025-30066), was compromised. This GitHub Action is designed to detect which files have changed in a pull request or commit. The supply chain compromise allows for information disclosure of secrets including, but not limited to, valid access keys, GitHub Personal Access Tokens (PATs), npm tokens, and private RSA keys. This has been patched in v46.0.1.  CISA added CVE-2025-30066 to its Known Exploited Vulnerabilities Catalog.  CISA strongly urges…

Read More
14 Mar

ClickFix: How to Infect Your PC in Three Easy Steps

Information, Insights

A clever malware deployment scheme first spotted in targeted attacks last year has now gone mainstream. In this scam, dubbed “ClickFix,” the visitor to a hacked or malicious website is asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware. ClickFix attacks mimic the “Verify You are a Human” tests that many websites use to separate real visitors from content-scraping bots. This particular scam…

Read More
13 Mar

CISA Releases Thirteen Industrial Control Systems Advisories

Attacks, Insights, Malware

CISA released thirteen Industrial Control Systems (ICS) advisories on March 13, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-072-01 Siemens Teamcenter Visualization and Tecnomatrix Plant Simulation ICSA-25-072-02 Siemens SINEMA Remote Connect Server ICSA-25-072-03 Siemens SIMATIC S7-1500 TM MFP ICSA-25-072-04 Siemens SiPass integrated AC5102/ACC-G2 and ACC-AP ICSA-25-072-05 Siemens SINAMICS S200 ICSA-25-072-06 Siemens SCALANCE LPE9403 ICSA-25-072-07 Siemens SCALANCE M-800 and SC-600 Families ICSA-25-072-08 Siemens Tecnomatix Plant Simulation ICSA-25-072-09 Siemens…

Read More
12 Mar

CISA and Partners Release Cybersecurity Advisory on Medusa Ransomware

Attacks, Insights, Malware

Today, CISA—in partnership with the Federal Bureau of Investigation (FBI) and Multi-State Information Sharing and Analysis Center (MS-ISAC)—released joint Cybersecurity Advisory, #StopRansomware: Medusa Ransomware. This advisory provides tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), and detection methods associated with known Medusa ransomware activity. Medusa is a ransomware-as-a-service variant used to conduct ransomware attacks; as of December 2024, over 300 victims from critical infrastructure sectors have been impacted. Medusa actors use common techniques like phishing…

Read More