Security News

The Cybersecurity and Infrastructure Security Agency has issued a notification regarding the critical PrintNightmare zero-day vulnerability and advises admins to disable the Windows Print Spooler service on servers not used for printing. "CISA encourages administrators to disable the Windows Print spooler service in Domain Controllers and systems that do not print," the US federal agency said.

The U.S. Cybersecurity and Infrastructure Security Agency on Wednesday announced the release of a new module for its Cyber Security Evaluation Tool, namely the Ransomware Readiness Assessment. A Department of Homeland Security product, CSET was designed to help organizations assess their security posture, and is applicable to both IT and industrial control system networks.

The US Cybersecurity and Infrastructure Security Agency has released the Ransomware Readiness Assessment, a new module for its Cyber Security Evaluation Tool. RRA is a security audit self-assessment tool for organizations that want to understand better how well they are equipped to defend against and recover from ransomware attacks targeting their information technology, operational technology, or industrial control system assets.

Following the devastating attack on Colonial Pipeline, the largest refined products pipeline in the United States, the Cybersecurity and Infrastructure Security Agency released a fact sheet focusing on the threat posed by ransomware to operational technology assets and industrial control systems. Learn more about threats to industrial systems at SecurityWeek's ICS Cyber Security Conference and SecurityWeek's Security Summits virtual event series.

The Cybersecurity and Infrastructure Security Agency, a federal agency of the US government, has selected Bugcrowd to launch its first federal civilian enterprise-wide crowdsourced vulnerability disclosure policy platform in support of Binding Operational Directive 20-01. CISA will offer this VDP platform service to Federal Civilian Executive Branch agencies which will set a new precedent for federal civilian enterprise-wide security.

The U.S. Cybersecurity and Infrastructure Security Agency today announced that it has partnered with the crowdsourced cybersecurity community for the launch of its vulnerability disclosure policy platform. Working in collaboration with bug bounty platform Bugcrowd and government technology contractor Endyna, CISA introduced its VDP platform to help Federal Civilian Executive Branch agencies identify and address vulnerabilities in critical systems.

The U.S. Cybersecurity and Infrastructure Security Agency on Wednesday announced the availability of a new guide for cyber threat intelligence analysts on the use of the MITRE ATT&CK framework. The MITRE ATT&CK knowledge base of adversary tactics and techniques is widely used by security teams, but recent studies cited by CISA showed that many cybersecurity professionals don't use it to its full potential.

An alert released on Friday by the FBI and the DHS's Cybersecurity and Infrastructure Security Agency revealed that the number of organizations targeted in a recent attack abusing a legitimate email marketing service was higher than initially reported. Microsoft reported last week that the Russia-linked threat actor it tracks as Nobelium, which is believed to be responsible for the SolarWinds supply chain attack, had been abusing a legitimate mass email service named Constant Contact to target government and other types of organizations in the United States and a dozen other countries.

The United States Cybersecurity and Infrastructure Security Agency has published guidance detailing the steps that organizations affected by the SolarWinds attack should take to ensure they evict the attackers from compromised environments. Tailored for federal agencies that used affected versions of SolarWinds Orion and which discovered adversary activity within their environments, the newly published analysis report, AR21-134A, details resource-intensive and highly complex steps that will require disconnecting the enterprise network from the internet for three to five days.

The U.S. Cybersecurity and Infrastructure Security Agency has published an analysis of the FiveHands ransomware, roughly one week after FireEye's Mandiant security researchers reported seeing the malware in recent attacks. Written in C++, the FiveHands ransomware appears to be the successor of DeathRansom, based on code similarities between the two.