Security News

Threat actors are expected to launch disinformation campaigns targeting the results of the 2020 elections in the United States, the Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency said in an alert this week. Spreading disinformation on the results of the elections represents a threat to the credibility of the electoral process, meant to undermine confidence in the democratic institutions in the United States, the alert reads.

If you had any doubts about the criticality of the Zerologon vulnerability affecting Windows Server, here is a confirmation: the US Cybersecurity and Infrastructure Security Agency has issued on Friday an emergency directive instructing federal agencies to "Immediately apply the Windows Server August 2020 security update to all domain controllers" - and to do so by the end of Monday. "If affected domain controllers cannot be updated, ensure they are removed from the network," CISA advised.

The U.S. Cybersecurity and Infrastructure Security Agency has been named a Top-Level Root CVE Numbering Authority and it will be overseeing CNAs that assign CVE identifiers for vulnerabilities in industrial control systems and medical devices. A Top-Level Root CNA can not only assign CVEs, but it's also tasked with managing CNAs in a specific domain or community.

The U.S. Cybersecurity and Infrastructure Security Agency this week released a malware analysis report detailing web shells employed by Iranian hackers. Web shells provide the hackers with the ability to execute code on the victim systems, enumerate directories, deploy additional payloads, steal data, and navigate the victim network.

The US Cybersecurity and Infrastructure Security Agency issued a new advisory on Monday about a wave of cyberattacks carried by Chinese nation-state actors targeting US government agencies and private entities. "CISA has observed Chinese -affiliated cyber threat actors operating from the People's Republic of China using commercially available information sources and open-source exploitation tools to target US Government agency networks," the cybersecurity agency said.

The U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency has published details on its strategy for the secure deployment of 5G networks within the country. Last year, over 30 countries developed The Prague Proposals, a document that identifies recommendations on 5G roll-out, which the US used to develop the National Strategy to Secure 5G, a document that details the manner in which the U.S. will secure 5G infrastructure domestically and abroad. CISA's own 5G strategy aligns with this document, providing information on five strategic initiatives aimed at ensuring that secure and resilient 5G infrastructure is being deployed.

The Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation have issued an alert to warn of a voice phishing campaign targeting the employees of multiple organizations. According to the two agencies, the attackers used social media, recruiter and marketing tools, open-source research, and publicly available background check services to harvest information on employees at the targeted organizations, including their names, addresses, and phone numbers, along with information on their position and duration at the company.

The Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency on Thursday issued a joint alert to warn about the growing threat from voice phishing or "Vishing" attacks targeting companies. "In mid-July 2020, cybercriminals started a vishing campaign-gaining access to employee tools at multiple companies with indiscriminate targeting - with the end goal of monetizing the access."

The indiscriminate use of destructive exploits in NotPetya networks and halted operations) revealed to security professionals just how poor the cyber risk posture of their OT networks is and prompted swift actions in many of the largest companies. For years now, the government has been warning openly and clearly that: "Since at least March 2016, Russian government cyber actors-hereafter referred to as 'threat actors'-targeted government entities and multiple U.S. critical infrastructure sectors, including the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors." A new alert, issued by the U.S. National Security Agency and Cybersecurity and Infrastructure Security Agency, couldn't be more clear: "We are in a state of heightened tensions and additional risk and exposure."

The Cybersecurity and Infrastructure Security Agency has published an alert to provide information on attacks delivering the KONNI remote access Trojan. Active since at least 2014 but remaining unnoticed for over three years, KONNI has been used in highly targeted attacks only, including ones aimed at the United Nations, UNICEF, and entities linked to North Korea.