Security News

The U.S. Cybersecurity and Infrastructure Security agency has announced RedEye, an open-source analytic tool for operators to visualize and report command and control activity. A joint project from CISA and DOE's Pacific Northwest National Laboratory, RedEye can parse logs from attack frameworks to present complex data in a more digestible format.

The FBI and the US government's Cybersecurity and Infrastructure Security Agency claim any foreign interference in the 2022 US midterm elections is unlikely to disrupt or prevent voting, compromise ballot integrity, or manipulate votes at scale. The agencies also took the time to explain how US election systems are secured using "a variety of technological, physical, and procedural controls to mitigate the likelihood of malicious cyber activity" that could affect "Election infrastructure systems or data that would alter votes or otherwise disrupt or prevent voting."

The FBI and Cybersecurity and Infrastructure Security Agency claim any foreign interference in the 2022 US midterm elections is unlikely to disrupt or prevent voting, compromise ballot integrity or manipulate votes at scale. Despite popular narratives in some political circles that the 2020 election was insecure and fraudulent, there hasn't been any evidence to suggest that, the FBI and CISA said in the PSA. The agencies also took the time to explain how US election systems are secured using "a variety of technological, physical, and procedural controls to mitigate the likelihood of malicious cyber activity" that could affect "Election infrastructure systems or data that would alter votes or otherwise disrupt or prevent voting."

A new directive issued by the Cybersecurity and Infrastructure Security Agency is ordering US federal civilian agencies to perform regular asset discovery and vulnerability enumeration, to better account for and protect the devices that reside on their networks. "Over the past several years, CISA has been working urgently to gain greater visibility into risks facing federal civilian networks, a gap made clear by the intrusion campaign targeting SolarWinds devices," the agency explained the impetus for the Binding Operational Directive 23-01.

U.S. cybersecurity and intelligence agencies on Tuesday disclosed that multiple nation-state hacking groups potentially targeted a "Defense Industrial Base Sector organization's enterprise network" as part of a cyber espionage campaign. " actors used an open-source toolkit called Impacket to gain their foothold within the environment and further compromise the network, and also used a custom data exfiltration tool, CovalentStealer, to steal the victim's sensitive data," the authorities said.

The U.S. Cybersecurity and Infrastructure Security Agency has issued a new Binding Operational Directive that directs federal agencies in the country to keep track of assets and vulnerabilities on their networks six months from now. To that end, Federal Civilian Executive Branch enterprises have been tasked with two sets of activities: Asset discovery and vulnerability enumeration, which are seen as essential steps to gain "Greater visibility into risks facing federal civilian networks."

The Cybersecurity and Infrastructure Security Agency late on Friday placed the flaw - tracked as CVE-2022-36804 - on its catalog of Known Exploited Vulnerabilities, effectively a must-patch list. CISA put the vulnerability in Bitbucket Server and Data Center tools on the KEV list on the same day as two high-profile Microsoft Exchange zero-day flaws.

The U.S. Cybersecurity and Infrastructure Security Agency on Friday added a recently disclosed critical flaw impacting Atlassian's Bitbucket Server and Data Center to the Known Exploited Vulnerabilities catalog, citing evidence of active exploitation. Tracked as CVE-2022-36804, the issue relates to a command injection vulnerability that could allow malicious actors to gain arbitrary code execution on susceptible installations by sending a specially crafted HTTP request.

The Cybersecurity and Infrastructure Security Agency has added three more security flaws to its list of bugs exploited in attacks, including a Bitbucket Server RCE and two Microsoft Exchange zero-days.While Microsoft hasn't yet released security updates to address this pair of actively exploited bugs, it shared mitigation measures requiring customers to add an IIS server blocking rule that would block attack attempts.

The U.S. Cybersecurity and Infrastructure Security Agency on Thursday added a recently disclosed security flaw in Zoho ManageEngine to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation. "Zoho ManageEngine PAM360, Password Manager Pro, and Access Manager Plus contain an unspecified vulnerability which allows for remote code execution," the agency said in a notice.