Security News

The Cybersecurity and Infrastructure Security Agency warned critical infrastructure organizations today to strengthen their cybersecurity defenses against potential and ongoing threats. "In the lead up to the holidays and in light of persistent and ongoing cyber threats, CISA urges critical infrastructure owners and operators to take immediate steps to strengthen their computer network defenses against potential malicious cyber attacks," the cybersecurity agency said [PDF].

The Cybersecurity and Infrastructure Security Agency has ordered federal agencies to patch systems against the critical Log4Shell vulnerability and released mitigation guidance in response to active exploitation. CISA has now created a dedicated page with technical details about the Apache Log4j logging library flaw and patching information for vendors and impacted organizations.

The U.S. Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency are warning of active exploitation of a newly patched flaw in Zoho's ManageEngine ServiceDesk Plus product to deploy web shells and carry out an array of malicious activities.Tracked as CVE-2021-44077, the issue relates to an unauthenticated, remote code execution vulnerability affecting ServiceDesk Plus versions up to, and including, 11305 that if left unfixed "Allows an attacker to upload executable files and place web shells that enable post-exploitation activities, such as compromising administrator credentials, conducting lateral movement, and exfiltrating registry hives and Active Directory files," CISA said.

Each agency has its own operational and technology teams that are not under the direct control of CISA - and that's where the CISA directives come in. A CISA directive is intended to compel tech teams at federal agencies to take certain actions that CISA deems necessary to ensure safe cybersecurity operations.

The Iranian APT has been exploiting Fortinet vulnerabilities since at least March 2021 and a Microsoft Exchange ProxyShell vulnerability since at least October 2021, according to the alert. In keeping with what CISA described on Wednesday, MSTIC has seen the Iran-linked Phosphorous group - aka a number of names, including Charming Kitten, TA453, APT35, Ajax Security Team, NewsBeef and Newscaster - globally target the Exchange and Fortinet flaws "With the intent of deploying ransomware on vulnerable networks."

The Cybersecurity and Infrastructure Security Agency has released new cybersecurity response plans for federal civilian executive branch agencies.The playbooks standardize the response process and aim to reduce associated risks across the federal government, private and public sectors.

Researchers have released public exploit code and a proof of concept tool to test Bluetooth devices against System-on-a-Chip security bugs impacting multiple vendors, including Intel, Qualcomm, Texas Instruments, and Cypress. CISA warned vendors Thursday to patch these vulnerabilities after the security researchers released the proof of concept tool to test Bluetooth devices against BrakTooth exploits.

CISA has issued this year's first binding operational directive ordering federal civilian agencies to mitigate security vulnerabilities exploited in the wild within an aggressive timeline. "BIG step forward today in protecting Federal Civilian Networks-Binding Operational Directive 22-01 establishes timeframes for mitigation of known exploited vulnerabilities and requires improvements in vulnerability management programs," said CISA Director Jen Easterly.

CISA and the NSA shared guidance on securing cloud-native 5G networks from attacks seeking to compromise information or deny access by taking down cloud infrastructure. The two federal agencies issued these recommendations for service providers and system integrators that build and configure 5G cloud infrastructure, including cloud service providers, core network equipment vendors, and mobile network operators.

Discourse - the ultra-popular, widely deployed open-source community forum and mailing list management platform - has a critical remote code-execution bug that was fixed in an urgent update on Friday. Discourse is widely used and wildly popular, being known for topping competing forum software platforms in terms of usability.