Security News

Steps CISA should take in 2023
2023-02-14 05:30

In a refresh, CISA and NIST should acknowledge the reality that an organization is made up of component parts including the network, the cloud, mobile and countless endpoints. Too few companies and organizations are seeing what CISA produces and following its valuable advice.

New ESXiArgs Ransomware Variant Emerges After CISA Releases Decryptor Tool
2023-02-11 13:36

After the U.S. Cybersecurity and Infrastructure Security Agency released a decryptor for affected victims to recover from ESXiArgs ransomware attacks, the threat actors have bounced back with an updated version that encrypts more data. The threat actors "Realized that researchers were tracking their payments, and they may have even known before they released the ransomware that the encryption process in the original variant was relatively easy to circumvent," Censys said in a write-up.

CISA Warns of Active Attacks Exploiting Fortra MFT, TerraMaster NAS, and Intel Driver Flaws
2023-02-11 05:45

The U.S. Cybersecurity and Infrastructure Security Agency on Friday added three flaws to its Known Exploited Vulnerabilities catalog, citing evidence of active abuse in the wild. Details about the flaw were disclosed by Ethiopian cyber security research firm Octagon Networks in March 2022.

Among the thousands of ESXiArgs ransomware victims? FBI and CISA to the rescue
2023-02-08 21:30

The US Cybersecurity and Infrastructure Security Agency has released a recovery script to help companies whose servers were scrambled in the recent ESXiArgs ransomware outbreak. In addition to the script, CISA and the FBI today published ESXiArgs ransomware virtual machine recovery guidance on how to recover systems as soon as possible.

CISA releases ESXiArgs ransomware recovery script
2023-02-08 12:08

According to the latest data, the number of ESXiArgs ransomware victims has surpassed 3,800, and CISA has published a recovery script for victim organizations. Investigations point to a new family of ransomware dubbed ESXiArgs by the researchers - though, according to Paul Ducklin, Sophos Head of Technology for the Asia Pacific region, it should be just Args, as it's a Linux program that can be used against more than just VMWare ESXi systems and files.

CISA releases recovery script for ESXiArgs ransomware victims
2023-02-08 01:55

The U.S. Cybersecurity and Infrastructure Security Agency has released a script to recover VMware ESXi servers encrypted by the recent widespread ESXiArgs ransomware attacks. To assist users in recovering their servers, CISA released an ESXiArgs-Recover script on GitHub to automate the recovery process.

CISA Alert: Oracle E-Business Suite and SugarCRM Vulnerabilities Under Attack
2023-02-03 05:23

The U.S. Cybersecurity and Infrastructure Security Agency on February 2 added two security flaws to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation. The first of the two vulnerabilities is CVE-2022-21587, a critical issue impacting versions 12.2.3 to 12.2.11 of the Oracle Web Applications Desktop Integrator product.

CISA: Federal agencies hacked using legitimate remote desktop tools
2023-01-25 21:18

CISA, the NSA, and MS-ISAC warned today in a joint advisory that attackers are increasingly using legitimate remote monitoring and management software for malicious purposes. More worryingly, CISA discovered malicious activity within the networks of multiple federal civilian executive branch agencies using the EINSTEIN intrusion detection system after the release of a Silent Push report in mid-October 2022.

CISA Warns of Flaws in Siemens, GE Digital, and Contec Industrial Control Systems
2023-01-18 05:56

The U.S. Cybersecurity and Infrastructure Security Agency has published four Industrial Control Systems advisories, calling out several security flaws affecting products from Siemens, GE Digital, and Contec. The most critical of the issues have been identified in Siemens SINEC INS that could lead to remote code execution via a path traversal flaw and command injection.

CISA Warns of Flaws Affecting Industrial Control Systems from Major Manufacturers
2023-01-16 10:47

The U.S. Cybersecurity and Infrastructure Security Agency has released several Industrial Control Systems advisories warning of critical security flaws affecting products from Sewio, InHand Networks, Sauter Controls, and Siemens. The most severe of the flaws relate to Sewio's RTLS Studio, which could be exploited by an attacker to "Obtain unauthorized access to the server, alter information, create a denial-of-service condition, gain escalated privileges, and execute arbitrary code," according to CISA. This includes CVE-2022-45444, a case of hard-coded passwords for select users in the application's database that potentially grant remote adversaries unrestricted access.