Security News

The U.S. Cybersecurity and Infrastructure Security Agency and the National Security Agency have released guidance for hardening the security of virtual private network solutions. The two agencies created the document to help organizations improve their defenses particularly against attacks from nation-state adversaries, who in the past have exploited bugs in VPN systems to "Steal credentials, remotely execute code, weaken encrypted traffic's cryptography, hijack encrypted traffic sessions, and read sensitive data from the device."

The U.S. Cybersecurity and Infrastructure Security Agency and the National Security Agency have released guidance for hardening the security of virtual private network solutions.The two agencies created the document to help organizations improve their defenses particularly against attacks from nation-state adversaries, who in the past have exploited bugs in VPN systems to "Steal credentials, remotely execute code, weaken encrypted traffic's cryptography, hijack encrypted traffic sessions, and read sensitive data from the device."

CISA, the Federal Bureau of Investigation, and the National Security Agency warned today of an increased number of Conti ransomware attacks targeting US organizations. The three US federal agencies urge enterprise IT admins to review their organizations' network security posture and implement the immediate actions outlined in the joint advisory to defend against Conti ransomware.

The FBI, CISA and the U.S. Coast Guard Cyber Command warned today that state-backed advanced persistent threat actors are likely among those who've been actively exploiting a newly identified bug in a Zoho single sign-on and password management tool since early last month. At issue is a critical authentication bypass vulnerability in Zoho ManageEngine ADSelfService Plus platform that can lead to remote code execution and thus open the corporate doors to attackers who can run amok, with free rein across users' Active Directory and cloud accounts.

The FBI, CISA, and the Coast Guard Cyber Command today warned that state-backed advanced persistent threat groups are likely among those exploiting a critical flaw in a Zoho single sign-on and password management solution since early August 2021. The vulnerability tracked as CVE-2021-40539 was found in the Zoho ManageEngine ADSelfService Plus software, and it allows attackers to take over vulnerable systems following successful exploitation.

The U.S. Cybersecurity and Infrastructure Security Agency on Wednesday issued a bulletin warning of a zero-day flaw affecting Zoho ManageEngine ADSelfService Plus deployments that is currently being actively exploited in the wild. ManageEngine ADSelfService Plus is an integrated self-service password management and a single sign-on solution for Active Directory and cloud apps, enabling admins to enforce two-factor authentication for application logins and users to reset their passwords.

Both Microsoft and federal cybersecurity officials are urging organizations to use mitigations to combat a zero-day remote control execution vulnerability in Windows that allows attackers to craft malicious Microsoft Office documents. Microsoft has not revealed much about the MSHTML bug, tracked as CVE-2021-40444, beyond that it is "Aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents," according to an advisory released Tuesday.

On Tuesday, the FBI and CISA released an advisory, warning organizations to "Remain vigilant" to cybersecurity threats heading toward the holiday weekend. The federal advisory makes note of "Recent holiday targeting," stating that "Cyber actors have conducted increasingly impactful attacks against U.S. entities on or around holiday weekends." Neither FBI nor CISA has information about a cyberattack "Coinciding with upcoming holidays and weekends," per the advisory, but the document says cybercriminals may see holidays and weekends as "As attractive timeframes" to "Target potential victims."

The U.S. Cybersecurity and Infrastructure Security Agency on Monday added single-factor authentication to the short list of "Exceptionally risky" cybersecurity practices that could expose critical infrastructure as well as government and the private sector entities to devastating cyberattacks. With the latest development, the list of bad practices now encompasses -.

The FBI and CISA urged organizations not to let down their defenses against ransomware attacks during weekends or holidays in a joint cybersecurity advisory issued earlier today.While the FBI and CISA do not have any info regarding potential attacks within upcoming holidays and weekends, they gave as examples the attacks on the networks of Colonial Pipeline, JBS, and Kaseya.