Security News

In a refresh, CISA and NIST should acknowledge the reality that an organization is made up of component parts including the network, the cloud, mobile and countless endpoints. Too few companies and organizations are seeing what CISA produces and following its valuable advice.

After the U.S. Cybersecurity and Infrastructure Security Agency released a decryptor for affected victims to recover from ESXiArgs ransomware attacks, the threat actors have bounced back with an updated version that encrypts more data. The threat actors "Realized that researchers were tracking their payments, and they may have even known before they released the ransomware that the encryption process in the original variant was relatively easy to circumvent," Censys said in a write-up.

The U.S. Cybersecurity and Infrastructure Security Agency on Friday added three flaws to its Known Exploited Vulnerabilities catalog, citing evidence of active abuse in the wild. Details about the flaw were disclosed by Ethiopian cyber security research firm Octagon Networks in March 2022.

The US Cybersecurity and Infrastructure Security Agency has released a recovery script to help companies whose servers were scrambled in the recent ESXiArgs ransomware outbreak. In addition to the script, CISA and the FBI today published ESXiArgs ransomware virtual machine recovery guidance on how to recover systems as soon as possible.

According to the latest data, the number of ESXiArgs ransomware victims has surpassed 3,800, and CISA has published a recovery script for victim organizations. Investigations point to a new family of ransomware dubbed ESXiArgs by the researchers - though, according to Paul Ducklin, Sophos Head of Technology for the Asia Pacific region, it should be just Args, as it's a Linux program that can be used against more than just VMWare ESXi systems and files.

The U.S. Cybersecurity and Infrastructure Security Agency has released a script to recover VMware ESXi servers encrypted by the recent widespread ESXiArgs ransomware attacks. To assist users in recovering their servers, CISA released an ESXiArgs-Recover script on GitHub to automate the recovery process.

The U.S. Cybersecurity and Infrastructure Security Agency on February 2 added two security flaws to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation. The first of the two vulnerabilities is CVE-2022-21587, a critical issue impacting versions 12.2.3 to 12.2.11 of the Oracle Web Applications Desktop Integrator product.

CISA, the NSA, and MS-ISAC warned today in a joint advisory that attackers are increasingly using legitimate remote monitoring and management software for malicious purposes. More worryingly, CISA discovered malicious activity within the networks of multiple federal civilian executive branch agencies using the EINSTEIN intrusion detection system after the release of a Silent Push report in mid-October 2022.

The U.S. Cybersecurity and Infrastructure Security Agency has published four Industrial Control Systems advisories, calling out several security flaws affecting products from Siemens, GE Digital, and Contec. The most critical of the issues have been identified in Siemens SINEC INS that could lead to remote code execution via a path traversal flaw and command injection.

The U.S. Cybersecurity and Infrastructure Security Agency has released several Industrial Control Systems advisories warning of critical security flaws affecting products from Sewio, InHand Networks, Sauter Controls, and Siemens. The most severe of the flaws relate to Sewio's RTLS Studio, which could be exploited by an attacker to "Obtain unauthorized access to the server, alter information, create a denial-of-service condition, gain escalated privileges, and execute arbitrary code," according to CISA. This includes CVE-2022-45444, a case of hard-coded passwords for select users in the application's database that potentially grant remote adversaries unrestricted access.