Security News

Each agency has its own operational and technology teams that are not under the direct control of CISA - and that's where the CISA directives come in. A CISA directive is intended to compel tech teams at federal agencies to take certain actions that CISA deems necessary to ensure safe cybersecurity operations.

The Iranian APT has been exploiting Fortinet vulnerabilities since at least March 2021 and a Microsoft Exchange ProxyShell vulnerability since at least October 2021, according to the alert. In keeping with what CISA described on Wednesday, MSTIC has seen the Iran-linked Phosphorous group - aka a number of names, including Charming Kitten, TA453, APT35, Ajax Security Team, NewsBeef and Newscaster - globally target the Exchange and Fortinet flaws "With the intent of deploying ransomware on vulnerable networks."

The Cybersecurity and Infrastructure Security Agency has released new cybersecurity response plans for federal civilian executive branch agencies.The playbooks standardize the response process and aim to reduce associated risks across the federal government, private and public sectors.

Researchers have released public exploit code and a proof of concept tool to test Bluetooth devices against System-on-a-Chip security bugs impacting multiple vendors, including Intel, Qualcomm, Texas Instruments, and Cypress. CISA warned vendors Thursday to patch these vulnerabilities after the security researchers released the proof of concept tool to test Bluetooth devices against BrakTooth exploits.

CISA has issued this year's first binding operational directive ordering federal civilian agencies to mitigate security vulnerabilities exploited in the wild within an aggressive timeline. "BIG step forward today in protecting Federal Civilian Networks-Binding Operational Directive 22-01 establishes timeframes for mitigation of known exploited vulnerabilities and requires improvements in vulnerability management programs," said CISA Director Jen Easterly.

CISA and the NSA shared guidance on securing cloud-native 5G networks from attacks seeking to compromise information or deny access by taking down cloud infrastructure. The two federal agencies issued these recommendations for service providers and system integrators that build and configure 5G cloud infrastructure, including cloud service providers, core network equipment vendors, and mobile network operators.

Discourse - the ultra-popular, widely deployed open-source community forum and mailing list management platform - has a critical remote code-execution bug that was fixed in an urgent update on Friday. Discourse is widely used and wildly popular, being known for topping competing forum software platforms in terms of usability.

A critical Discourse remote code execution vulnerability tracked as CVE-2021-41163 was fixed via an urgent update by the developer on Friday. Discourse is an open-source forum, long-form chat, and mailing list management platform widely deployed on the web, offering excellent usability and integration potential while focusing heavily on social features.

The Cybersecurity and Infrastructure Security Agency warned that GPS deices might experience issues over the weekend because of a timing bug impacting Network Time Protocol servers running the GPS Daemon software. "The Network Time Protocol has been critical in ensuring time is accurately kept for various systems businesses and organizations rely on. Authentication mechanisms such as Time-based One-Time Password and Kerberos also rely heavily on time. As such, should there be a severe mismatch in time, users would not be able to authenticate and gain access to systems." - SANS ISC. The bug is set to trigger this Sunday, on October 24th, and the implications are somewhat unpredictable as it could cause systems to become unresponsive or unavailable.

The Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation, and the National Security Agency published today an advisory with details about how the BlackMatter ransomware gang operates.The joint cybersecurity advisory from CISA, the FBI, and the NSA shares the tactics, techniques, and procedures associated with BlackMatter activity that could help organizations protect against the BlackMatter ransomware gang.