Security News

GOV top-level domain as its new policy and management authority starting next month. GOV top-level domain and makes such domains available to US government organizations, from local municipalities to federal agencies.

Following Microsoft's release of out-of-band patches to address multiple zero-day flaws in on-premises versions of Microsoft Exchange Server, the U.S. Cybersecurity and Infrastructure Security Agency has issued an emergency directive warning of "Active exploitation" of the vulnerabilities. The alert comes on the heels of Microsoft's disclosure that China-based hackers were exploiting unknown software bugs in Exchange server to steal sensitive data from select targets, marking the second time in four months that the U.S. has scrambled to address a widespread hacking campaign believed to be the work of foreign threat actors.

"CISA has determined that this exploitation of Microsoft Exchange on-premises products poses an unacceptable risk to Federal Civilian Executive Branch agencies and requires emergency action," reads the March 3 alert. "With organizations migrating to Microsoft Office 365 en masse over the last few years, it's easy to forget that on-premises Exchange servers are still in service," Saryu Nayyar, CEO, Gurucul, said via email.

The U.S. Cybersecurity and Infrastructure Security Agency says many of the victims of the threat group that targeted Texas-based IT management firm SolarWinds were not directly linked to SolarWinds. "While the supply chain compromise of SolarWinds first highlighted the significance of this cyber incident, our response has identified the use of multiple additional initial infection vectors. We have found that significant numbers of both the private-sector and government victims linked to this campaign had no direct connection to SolarWinds," a CISA spokesperson told SecurityWeek.

Companies are most vulnerable when employees work from home or use a combination of company and personal devices.

The U.S. Cybersecurity and Infrastructure Security Agency this week released an advisory to inform industrial organizations that some SCADA/HMI products made by Japanese electrical equipment company Fuji Electric are affected by potentially serious vulnerabilities. The vulnerabilities, reported to Fuji Electric by various researchers through Trend Micro's Zero Day Initiative and CISA, have been described as buffer overflow, out-of-bounds read/write and uninitialized pointer issues that can be exploited for arbitrary code execution.

In light of successful cyberattacks targeting organizations' cloud services, the U.S. Cybersecurity and Infrastructure Security Agency has published a series of recommendations on how businesses can improve their cloud security. The attacks observed by CISA exploit poor cyber hygiene practices within cloud services configurations, and the agency says the activity is not tied to a specific threat actor or the recent SolarWinds attack.

The US Cybersecurity and Infrastructure Security Agency said today that threat actors bypassed multi-factor authentication authentication protocols to compromise cloud service accounts. While threat actors tried gaining access to some of their targets' cloud assets via brute force attacks, they failed due to their inability to guess the correct credentials or because the attacked organization had MFA authentication enabled.

Following a significant security incident that sent shockwaves through the global cybersecurity community, SolarWinds has hired a newly formed cybersecurity consulting firm founded by Chris Krebs, former director of the U.S. Cybersecurity and Infrastructure Security Agency and Alex Stamos, former security chief at Facebook and Yahoo. Generically named the Krebs Stamos Group, its website currently shows limited information about the firm, saying its goal is to "Help organizations turn their greatest cybersecurity challenges into triumphs."

The U.S. government on Tuesday formally pointed fingers at the Russian government for orchestrating the massive SolarWinds supply chain attack that came to light early last month. The FBI, CISA, ODNI, and NSA are members of the Cyber Unified Coordination Group, a newly-formed task force put in place by the White House National Security Council to investigate and lead the response efforts to remediate the SolarWinds breach.