Security News

The U.S. Cybersecurity and Infrastructure Security Agency today announced that it has partnered with the crowdsourced cybersecurity community for the launch of its vulnerability disclosure policy platform. Working in collaboration with bug bounty platform Bugcrowd and government technology contractor Endyna, CISA introduced its VDP platform to help Federal Civilian Executive Branch agencies identify and address vulnerabilities in critical systems.

The U.S. Cybersecurity and Infrastructure Security Agency on Wednesday announced the availability of a new guide for cyber threat intelligence analysts on the use of the MITRE ATT&CK framework. The MITRE ATT&CK knowledge base of adversary tactics and techniques is widely used by security teams, but recent studies cited by CISA showed that many cybersecurity professionals don't use it to its full potential.

An alert released on Friday by the FBI and the DHS's Cybersecurity and Infrastructure Security Agency revealed that the number of organizations targeted in a recent attack abusing a legitimate email marketing service was higher than initially reported. Microsoft reported last week that the Russia-linked threat actor it tracks as Nobelium, which is believed to be responsible for the SolarWinds supply chain attack, had been abusing a legitimate mass email service named Constant Contact to target government and other types of organizations in the United States and a dozen other countries.

The United States Cybersecurity and Infrastructure Security Agency has published guidance detailing the steps that organizations affected by the SolarWinds attack should take to ensure they evict the attackers from compromised environments. Tailored for federal agencies that used affected versions of SolarWinds Orion and which discovered adversary activity within their environments, the newly published analysis report, AR21-134A, details resource-intensive and highly complex steps that will require disconnecting the enterprise network from the internet for three to five days.

The U.S. Cybersecurity and Infrastructure Security Agency has published an analysis of the FiveHands ransomware, roughly one week after FireEye's Mandiant security researchers reported seeing the malware in recent attacks. Written in C++, the FiveHands ransomware appears to be the successor of DeathRansom, based on code similarities between the two.

In a letter to the United States House Committee on Appropriations, two members of the Cyberspace Solarium Commission are asking for an increase in funding for the Cybersecurity and Infrastructure Security Agency in fiscal year 2022. Representatives Jim Langevin and Mike Gallagher are pressing for an allocation increase of at least $400 million to the Homeland Security Subcommittee, to support CISA's budget, arguing that the funding is necessary to ensure timely implementation of "Key authorities Congress just passed to strengthen CISA.".

The U.S. Cybersecurity and Infrastructure Security Agency, Department of Homeland Security, and the Federal Bureau of Investigation on Monday published a new joint advisory as part of their latest attempts to expose the tactics, techniques, and procedures adopted by the Russian Foreign Intelligence Service in its attacks targeting the U.S and foreign entities. By employing "Stealthy intrusion tradecraft within compromised networks," the intelligence agencies said, "The SVR activity-which includes the recent SolarWinds Orion supply chain compromise-primarily targets government networks, think tank and policy analysis organizations, and information technology companies and seeks to gather intelligence information."

Following attribution of the SolarWinds supply chain attack to Russia's APT29, the US CISA infosec agency has published a list of the spies' known tactics - including a penchant for using a naughtily named email provider. APT29* is the Western infosec world's codename for what we now know is the Russian Foreign Intelligence Service, known by its Russian acronym SVR. As well as publishing a list of things US counterintelligence know about their Russian offensive counterparts, CISA has also added some advice on how to avoid these common Russian intelligence compromise tactics.

The software supply chain is part of the information and communications technology supply chain framework, which represents "The network of retailers, distributors, and suppliers that participate in the sale, delivery, and production of hardware, software, and managed services," CISA and NIST explain. Aside from the SolarWinds incident, other notorious supply chain attacks over the past several years include the CCleaner malware campaign, the MeDoc compromise leading to NotPetya, Operation ShadowHammer, the infection of IoT devices running Windows 7, and the abuse of Kaspersky Lab software to steal NSA files.

The US Cybersecurity and Infrastructure Security Agency has issued a new emergency directive ordering federal agencies to mitigate an actively exploited vulnerability in Pulse Connect Secure VPN appliances on their networks by Friday. CISA issued the Emergency Directive 21-03 Tuesday after Pulse Secure confirmed a FireEye report saying that at least two state-backed threat groups exploited the bug to breach government and defense organizations in the US and across the globe.