Security News

The U.S. Cybersecurity and Infrastructure Security Agency this week released a malware analysis report detailing web shells employed by Iranian hackers. Web shells provide the hackers with the ability to execute code on the victim systems, enumerate directories, deploy additional payloads, steal data, and navigate the victim network.

The US Cybersecurity and Infrastructure Security Agency issued a new advisory on Monday about a wave of cyberattacks carried by Chinese nation-state actors targeting US government agencies and private entities. "CISA has observed Chinese -affiliated cyber threat actors operating from the People's Republic of China using commercially available information sources and open-source exploitation tools to target US Government agency networks," the cybersecurity agency said.

The U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency has published details on its strategy for the secure deployment of 5G networks within the country. Last year, over 30 countries developed The Prague Proposals, a document that identifies recommendations on 5G roll-out, which the US used to develop the National Strategy to Secure 5G, a document that details the manner in which the U.S. will secure 5G infrastructure domestically and abroad. CISA's own 5G strategy aligns with this document, providing information on five strategic initiatives aimed at ensuring that secure and resilient 5G infrastructure is being deployed.

The Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation have issued an alert to warn of a voice phishing campaign targeting the employees of multiple organizations. According to the two agencies, the attackers used social media, recruiter and marketing tools, open-source research, and publicly available background check services to harvest information on employees at the targeted organizations, including their names, addresses, and phone numbers, along with information on their position and duration at the company.

The Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency on Thursday issued a joint alert to warn about the growing threat from voice phishing or "Vishing" attacks targeting companies. "In mid-July 2020, cybercriminals started a vishing campaign-gaining access to employee tools at multiple companies with indiscriminate targeting - with the end goal of monetizing the access."

The indiscriminate use of destructive exploits in NotPetya networks and halted operations) revealed to security professionals just how poor the cyber risk posture of their OT networks is and prompted swift actions in many of the largest companies. For years now, the government has been warning openly and clearly that: "Since at least March 2016, Russian government cyber actors-hereafter referred to as 'threat actors'-targeted government entities and multiple U.S. critical infrastructure sectors, including the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors." A new alert, issued by the U.S. National Security Agency and Cybersecurity and Infrastructure Security Agency, couldn't be more clear: "We are in a state of heightened tensions and additional risk and exposure."

The Cybersecurity and Infrastructure Security Agency has published an alert to provide information on attacks delivering the KONNI remote access Trojan. Active since at least 2014 but remaining unnoticed for over three years, KONNI has been used in highly targeted attacks only, including ones aimed at the United Nations, UNICEF, and entities linked to North Korea.

The U.S. Cybersecurity and Infrastructure Security Agency issued an alert on Friday to warn organizations about the risk posed by a recently patched vulnerability affecting F5 Networks' BIG-IP application delivery controller. The critical security hole, identified as CVE-2020-5902, allows an attacker with access to the product's Traffic Management User Interface configuration utility to obtain credentials and other sensitive data, intercept traffic, and execute arbitrary code or commands, resulting in the system getting completely compromised.

The U.S. National Security Agency and the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency have issued a joint alert urging critical infrastructure operators to take immediate measures to reduce the exposure of operational technology systems to cyberattacks. The NSA and CISA say it's imperative that critical infrastructure asset owners and operators secure industrial control systems and other OT systems due to the high risk of cyberattacks launched by foreign threat actors.

The Cybersecurity and Infrastructure Security Agency announced the addition of two leading cybersecurity experts to support the agency's COVID-19 response efforts. Corman and Arnold were both hired using authorities granted under the CARES Act, which allows agencies to hire staff to temporarily support the COVID-19 response.