Security News

Emotet attacks have targeted multiple state and local governments in the U.S. as part of potentially targeted campaigns that have been ramping up since August, the Cybersecurity and Infrastructure Security Agency said in an alert published today. Since August, the two organizations "Have seen a significant increase in malicious cyber actors targeting state and local governments with Emotet phishing emails."

DDoS attacks would either slow down election-related public-facing websites or render them inaccessible, thus preventing voters from staying updated with voting information or from accessing voting results. "The public should be aware that if foreign actors or cyber criminals were able to successfully conduct DDoS attacks against election infrastructure, the underlying data and internal systems would remain uncompromised, and anyone eligible to vote would still be able to cast a ballot," the FBI and CISA note.

Threat actors are expected to spread false information regarding hacked voter information and voting systems, the Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency say in an alert. At the time, the agencies noted that disinformation campaigns might leverage websites, social media, and other venues to disseminate false information about voter suppression, cyber-attacks on election infrastructure, fraud, and other issues.

The U.S. Cybersecurity and Infrastructure Security Agency has issued an alert to warn of attackers actively targeting a recently addressed vulnerability in the Microsoft Windows Netlogon Remote Protocol. The vulnerability allows an unauthenticated attacker connected to a domain controller using Netlogon to gain domain administrator access.

A threat actor was able to compromise the network of a federal agency and create a reverse proxy and install malware, the Cybersecurity and Infrastructure Security Agency reported on Thursday. Following initial access, the threat actor started gathering information of interest from email accounts, enumerated the Active Directory and Group Policy key, modified a registry key for the Group Policy, and enumerated compromised systems.

The U.S. Cybersecurity and Infrastructure Security Agency is warning that the LokiBot info-stealing trojan is seeing a surge across the enterprise landscape. LokiBot targets Windows and Android endpoints, and spreads mainly through email.

The U.S. Cybersecurity and Infrastructure Security Agency is warning of a significant increase in the use of LokiBot malware over the past couple of months. Initially detailed in 2016 as a piece of malware targeting Android devices, LokiBot arrived on Windows in 2018 and has evolved into a prevalent threat, targeting corporate mailboxes and employing innovative distribution methods.

Threat actors are expected to launch disinformation campaigns targeting the results of the 2020 elections in the United States, the Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency said in an alert this week. Spreading disinformation on the results of the elections represents a threat to the credibility of the electoral process, meant to undermine confidence in the democratic institutions in the United States, the alert reads.

If you had any doubts about the criticality of the Zerologon vulnerability affecting Windows Server, here is a confirmation: the US Cybersecurity and Infrastructure Security Agency has issued on Friday an emergency directive instructing federal agencies to "Immediately apply the Windows Server August 2020 security update to all domain controllers" - and to do so by the end of Monday. "If affected domain controllers cannot be updated, ensure they are removed from the network," CISA advised.

The U.S. Cybersecurity and Infrastructure Security Agency has been named a Top-Level Root CVE Numbering Authority and it will be overseeing CNAs that assign CVE identifiers for vulnerabilities in industrial control systems and medical devices. A Top-Level Root CNA can not only assign CVEs, but it's also tasked with managing CNAs in a specific domain or community.