Security News
The U.S. Cybersecurity and Infrastructure Security Agency has shared a factsheet providing details on free tools and guidance for securing digital assets after switching to the cloud from on-premises environments. The highlighted tools complement the built-in tools provided by cloud service providers and help reinforce the resilience of network infrastructures, strengthen security measures, promptly identify malicious compromises, meticulously map potential threat vectors, and effectively pinpoint malicious activity in the aftermath of a breach.
CISA ordered federal agencies today to patch a high-severity Arm Mali GPU kernel driver privilege escalation flaw added to its list of actively exploited vulnerabilities and addressed with this month's Android security updates. With this month's security updates for the Android operating system, Google patched two more security flaws tagged as being exploited in attacks.
CISA and the FBI warned today of new Truebot malware variants deployed on networks compromised using a critical remote code execution vulnerability in the Netwrix Auditor software in attacks targeting organizations across the United States and Canada. The bug impacts the Netwrix Auditor server and the agents installed on monitored network systems and enables unauthorized attackers to execute malicious code with the SYSTEM user's privileges.
The U.S. Cybersecurity and Infrastructure Security Agency has placed a set of eight flaws to the Known Exploited Vulnerabilities catalog, based on evidence of active exploitation. This includes six shortcomings affecting Samsung smartphones and two vulnerabilities impacting D-Link devices.
The U.S. Cybersecurity and Infrastructure Security Agency warned today of ongoing distributed denial-of-service attacks after U.S. organizations across multiple industry sectors were hit. "CISA is aware of open-source reporting of targeted denial-of-service and distributed denial-of-service attacks against multiple organizations in multiple sectors," the cybersecurity agency said.
Censys researchers have discovered hundreds of Internet-exposed devices on the networks of U.S. federal agencies that have to be secured according to a recently issued CISA Binding Operational Directive. All Internet-exposed management interfaces found by Censys on the networks of U.S. federal agencies have to be secured according to CISA's Binding Operational Directive 23-02 within 14 days after being identified.
Today, CISA ordered federal agencies to patch recently patched security vulnerabilities exploited as zero-days to deploy Triangulation spyware on iPhones via iMessage zero-click exploits. The attacks started in 2019 and are still ongoing, according to the company, and they use iMessage zero-click exploits that exploit the now-patched iOS zero-day bugs.
Three of them were exploited by Russian APT28 cyberspies to hack into Roundcube email servers belonging to Ukrainian government organizations. While the KEV catalog's primary focus is alerting federal agencies of exploited vulnerabilities that must be patched as soon as possible, it is also highly advised that private companies worldwide prioritize addressing these bugs.
LockBit - a ransomware-as-a-service operation that has extorted $91 million from some 1,700 attacks against U.S. organizations since 2020, striking at least 576 organizations in 2022 - gives customers a low-code interface for launching attacks. The cybersecurity advisory noted that LockBit attacks have impacted the financial services, food, education, energy, government and emergency services, healthcare, manufacturing and transportation sectors.
U.S. and international cybersecurity authorities said in a joint LockBit ransomware advisory that the gang successfully extorted roughly $91 million following approximately 1,700 attacks against U.S. organizations since 2020. According to reports received by the MS-ISAC throughout last year, approximately 16% of ransomware incidents affecting State, Local, Tribal, and Tribunal governments were LockBit attacks.