Security News

Three of them were exploited by Russian APT28 cyberspies to hack into Roundcube email servers belonging to Ukrainian government organizations. While the KEV catalog's primary focus is alerting federal agencies of exploited vulnerabilities that must be patched as soon as possible, it is also highly advised that private companies worldwide prioritize addressing these bugs.

LockBit - a ransomware-as-a-service operation that has extorted $91 million from some 1,700 attacks against U.S. organizations since 2020, striking at least 576 organizations in 2022 - gives customers a low-code interface for launching attacks. The cybersecurity advisory noted that LockBit attacks have impacted the financial services, food, education, energy, government and emergency services, healthcare, manufacturing and transportation sectors.

U.S. and international cybersecurity authorities said in a joint LockBit ransomware advisory that the gang successfully extorted roughly $91 million following approximately 1,700 attacks against U.S. organizations since 2020. According to reports received by the MS-ISAC throughout last year, approximately 16% of ransomware incidents affecting State, Local, Tribal, and Tribunal governments were LockBit attacks.

CISA issued this year's first binding operational directive ordering federal civilian agencies to secure misconfigured or Internet-exposed networking equipment within 14 days of discovery."The Directive requires federal civilian executive branch agencies to take steps to reduce their attack surface created by insecure or misconfigured management interfaces across certain classes of devices," CISA said.

China's cyber-ops against the US have shifted from espionage activities to targeting infrastructure and societal disruption, the director of the Cybersecurity and Infrastructure Security Agency Jen Easterly told an Aspen Institute event on Monday. "PRC actors have been in the spotlight for years and years, the key difference here was for PRC actors the focus has been espionage," said [VIDEO] Easterly.

CISA has added an actively exploited security bug in the Progress MOVEit Transfer managed file transfer solution to its list of known exploited vulnerabilities, ordering U.S. federal agencies to patch their systems by June 23. The critical flaw is an SQL injection vulnerability that enables unauthenticated, remote attackers to gain access to MOVEit Transfer's database and execute arbitrary code.

CISA warned of a recently patched zero-day vulnerability exploited last week to hack into Barracuda Email Security Gateway appliances. Federal Civilian Executive Branch Agencies agencies must patch or mitigate the vulnerability as ordered by the BOD 22-01 binding operational directive.

In response to these risks, the US government reinforced critical infrastructure security by introducing Cross-Sector Cybersecurity Performance Goals mandated by the US Cybersecurity Infrastructure & Security Agency. Recently, CISA updated the CPGs to align with NIST's standard cybersecurity framework, establishing each of the five goals as a prioritized subset of IT and OT cybersecurity practices.

Today, the U.S. Cybersecurity & Infrastructure Security Agency ordered federal agencies to address three recently patched zero-day flaws affecting iPhones, Macs, and iPads known to be exploited in attacks. iPhone 6s, iPhone 7, iPhone SE, iPad Air 2, iPad mini, iPod touch, and iPhone 8 and later.

CISA warned today of a security vulnerability affecting Samsung devices used in attacks to bypass Android address space layout randomization protection. The exposed info can be used by local attackers with high privileges to conduct an ASLR bypass which could enable the exploitation of memory-management issues.