Security News

Network defenders searching for malicious activity in their Microsoft Azure, Azure Active Directory, and Microsoft 365 cloud environments have a new free solution at their disposal: Untitled Goose Tool. As an agency charged with - among other things - helping US-based organizations in the government and private sector protect themselves against cyber attackers, CISA regularly releases free open-source services and tools for defenders to use.

The U.S. Cybersecurity & Infrastructure Security Agency has released a new open-source incident response tool that helps detect signs of malicious activity in Microsoft cloud environments. Known as the 'Untitled Goose Tool' and developed in collaboration with Sandia, a U.S. Department of Energy national laboratory, this Python-based utility can dump telemetry information from Azure Active Directory, Microsoft Azure, and Microsoft 365 environments.

The U.S. Cybersecurity and Infrastructure Security Agency has released eight Industrial Control Systems advisories on Tuesday, warning of critical flaws affecting equipment from Delta Electronics and Rockwell Automation. "Successful exploitation of these vulnerabilities could allow an unauthenticated attacker to obtain access to files and credentials, escalate privileges, and remotely execute arbitrary code," CISA said.

The U.S. Cybersecurity and Infrastructure Security Agency on March 15 added a security vulnerability impacting Adobe ColdFusion to its Known Exploited Vulnerabilities catalog, based on evidence of active exploitation. The critical flaw in question is CVE-2023-26360, which could be exploited by a threat actor to achieve arbitrary code execution.

CISA has added a critical vulnerability impacting Adobe ColdFusion versions 2021 and 2018 to its catalog of security bugs exploited in the wild. Adobe addressed the application server vulnerability in ColdFusion 2018 Update 16 and ColdFusion 2021 Update 6 and said it was exploited in attacks as a zero-day.

Organizations in critical infrastructure sectors whose information systems contain security vulnerabilities associated with ransomware attacks are being notified by the US Cybersecurity and Infrastructure Security Agency and urged to implement a fix. "CISA leverages multiple open-source and internal tools to research and detect vulnerabilities within U.S. critical infrastructure," the agency explained in the formal announcement of its Ransomware Vulnerability Warning Pilot.

Today, the U.S. Cybersecurity & Infrastructure Security Agency announced a new pilot program to help critical infrastructure entities protect their information systems from ransomware attacks. "Through the Ransomware Vulnerability Warning Pilot, which started on January 30, 2023, CISA is undertaking a new effort to warn critical infrastructure entities that their systems have exposed vulnerabilities that may be exploited by ransomware threat actors," the cybersecurity agency said.

Today, the U.S. Cybersecurity & Infrastructure Security Agency announced a new pilot program to help critical infrastructure entities protect their information systems from ransomware attacks. "Recognizing the persistent threat posed by ransomware attacks to organizations of all sizes, the Cybersecurity and Infrastructure Security Agency announces today the establishment of the Ransomware Vulnerability Warning Pilot," the cybersecurity agency said.

In brief Cybersecurity and Infrastructure Security Agency's director Jen Easterly has been outspoken in her drive to bring more women into the security industry, and this year for International Women's Day her agency formalized that pledge by announcing a partnership with nonprofit Women in CyberSecurity. The US department of Homeland Security agency and WiCyS signed a memorandum of understanding on Wednesday to help raise awareness of job opportunities for women in cybersecurity and build "a pipeline for the next generation of women" able to fill those roles, the agency said.

CISA has added an almost three-year-old high-severity remote code execution vulnerability in the Plex Media Server to its catalog of security flaws exploited in attacks. Attackers with "Admin access to a Plex Media Server could abuse the Camera Upload feature to make the server execute malicious code," according to an advisory published by the Plex Security Team in May 2020 when it patched the bug with the release of Plex Media Server 1.19.3.