Security News

The U.S. Cybersecurity and Infrastructure Security Agency has published eight Industrial Control Systems advisories warning of critical flaws affecting products from Hitachi Energy, mySCADA Technologies, Industrial Control Links, and Nexx. Topping the list is CVE-2022-3682, impacting Hitachi Energy's MicroSCADA System Data Manager SDM600 that could allow an attacker to take remote control of the product.

According to Etay Maor, Senior Director Security Strategy at Cato Networks, "It's interesting to note critical infrastructure doesn't necessarily have to be power plants or electricity. A nation's monetary system or even a global monetary system can be and should be considered a critical infrastructure as well." Not to mention the infamous Colonial Pipeline attack, which has become the poster child of critical infrastructure attacks.

The Cybersecurity and Infrastructure Security Agency warned federal agencies to patch a Zimbra Collaboration cross-site scripting flaw exploited by Russian hackers to steal emails in attacks targeting NATO countries. Winter Vivern's attacks start with the hackers using the Acunetix tool vulnerability scanner to find vulnerable ZCS servers and sending users phishing emails that spoof senders the recipients are familiar with.

Over 15 million publicly facing services are susceptible to at least one of the 896 vulnerabilities listed in CISA's KEV catalog. Using these custom search queries, the researchers found 15 million instances vulnerable to 200 CVEs from the catalog.

The Cybersecurity and Infrastructure Security Agency has ordered federal agencies today to patch security vulnerabilities exploited as zero-days in recent attacks to install commercial spyware on mobile devices. One month later, a complex chain of multiple 0-days and n-days was exploited to target Samsung Android phones running up-to-date Samsung Internet Browser versions.

American cybersecurity officials have released an early-warning system to protect Microsoft cloud users. Dubbed the Untitled Goose Tool, CISA said it "Offers novel authentication and data gathering methods for network defenders to use as they interrogate and analyze their Microsoft cloud services."

Network defenders searching for malicious activity in their Microsoft Azure, Azure Active Directory, and Microsoft 365 cloud environments have a new free solution at their disposal: Untitled Goose Tool. As an agency charged with - among other things - helping US-based organizations in the government and private sector protect themselves against cyber attackers, CISA regularly releases free open-source services and tools for defenders to use.

The U.S. Cybersecurity & Infrastructure Security Agency has released a new open-source incident response tool that helps detect signs of malicious activity in Microsoft cloud environments. Known as the 'Untitled Goose Tool' and developed in collaboration with Sandia, a U.S. Department of Energy national laboratory, this Python-based utility can dump telemetry information from Azure Active Directory, Microsoft Azure, and Microsoft 365 environments.

The U.S. Cybersecurity and Infrastructure Security Agency has released eight Industrial Control Systems advisories on Tuesday, warning of critical flaws affecting equipment from Delta Electronics and Rockwell Automation. "Successful exploitation of these vulnerabilities could allow an unauthenticated attacker to obtain access to files and credentials, escalate privileges, and remotely execute arbitrary code," CISA said.

The U.S. Cybersecurity and Infrastructure Security Agency on March 15 added a security vulnerability impacting Adobe ColdFusion to its Known Exploited Vulnerabilities catalog, based on evidence of active exploitation. The critical flaw in question is CVE-2023-26360, which could be exploited by a threat actor to achieve arbitrary code execution.