Security News

The U.S. Cybersecurity Infrastructure and Security Agency on Thursday warned of continued ransomware attacks aimed at disrupting water and wastewater facilities, highlighting five incidents that occurred between March 2019 and August 2021. "This activity-which includes attempts to compromise system integrity via unauthorized access-threatens the ability of WWS facilities to provide clean, potable water to, and effectively manage the wastewater of, their communities," CISA, along with the Federal Bureau of Investigation, the Environmental Protection Agency, and the National Security Agency, said in a joint bulletin.

The US Cybersecurity and Infrastructure Security Agency has released a new tool that allows public and private sector organizations to assess their vulnerability to insider threats and devise their own defense plans against such risks. The Insider Risk Mitigation Self-Assessment Tool helps orgs determine their risk posture by answering a series of questions about the requirements needed to set up an insider risk program management, the levels of insider risk awareness and training among employees, and the organization's insider risk environment.

The U.S. Cybersecurity and Infrastructure Security Agency and the National Security Agency have released guidance for hardening the security of virtual private network solutions. The two agencies created the document to help organizations improve their defenses particularly against attacks from nation-state adversaries, who in the past have exploited bugs in VPN systems to "Steal credentials, remotely execute code, weaken encrypted traffic's cryptography, hijack encrypted traffic sessions, and read sensitive data from the device."

The U.S. Cybersecurity and Infrastructure Security Agency and the National Security Agency have released guidance for hardening the security of virtual private network solutions.The two agencies created the document to help organizations improve their defenses particularly against attacks from nation-state adversaries, who in the past have exploited bugs in VPN systems to "Steal credentials, remotely execute code, weaken encrypted traffic's cryptography, hijack encrypted traffic sessions, and read sensitive data from the device."

CISA, the Federal Bureau of Investigation, and the National Security Agency warned today of an increased number of Conti ransomware attacks targeting US organizations. The three US federal agencies urge enterprise IT admins to review their organizations' network security posture and implement the immediate actions outlined in the joint advisory to defend against Conti ransomware.

The FBI, CISA and the U.S. Coast Guard Cyber Command warned today that state-backed advanced persistent threat actors are likely among those who've been actively exploiting a newly identified bug in a Zoho single sign-on and password management tool since early last month. At issue is a critical authentication bypass vulnerability in Zoho ManageEngine ADSelfService Plus platform that can lead to remote code execution and thus open the corporate doors to attackers who can run amok, with free rein across users' Active Directory and cloud accounts.

The FBI, CISA, and the Coast Guard Cyber Command today warned that state-backed advanced persistent threat groups are likely among those exploiting a critical flaw in a Zoho single sign-on and password management solution since early August 2021. The vulnerability tracked as CVE-2021-40539 was found in the Zoho ManageEngine ADSelfService Plus software, and it allows attackers to take over vulnerable systems following successful exploitation.

The U.S. Cybersecurity and Infrastructure Security Agency on Wednesday issued a bulletin warning of a zero-day flaw affecting Zoho ManageEngine ADSelfService Plus deployments that is currently being actively exploited in the wild. ManageEngine ADSelfService Plus is an integrated self-service password management and a single sign-on solution for Active Directory and cloud apps, enabling admins to enforce two-factor authentication for application logins and users to reset their passwords.

Both Microsoft and federal cybersecurity officials are urging organizations to use mitigations to combat a zero-day remote control execution vulnerability in Windows that allows attackers to craft malicious Microsoft Office documents. Microsoft has not revealed much about the MSHTML bug, tracked as CVE-2021-40444, beyond that it is "Aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents," according to an advisory released Tuesday.

On Tuesday, the FBI and CISA released an advisory, warning organizations to "Remain vigilant" to cybersecurity threats heading toward the holiday weekend. The federal advisory makes note of "Recent holiday targeting," stating that "Cyber actors have conducted increasingly impactful attacks against U.S. entities on or around holiday weekends." Neither FBI nor CISA has information about a cyberattack "Coinciding with upcoming holidays and weekends," per the advisory, but the document says cybercriminals may see holidays and weekends as "As attractive timeframes" to "Target potential victims."