Security News

Image: CISA. The Cybersecurity and Infrastructure Security Agency has released a companion Splunk-based dashboard that helps review post-compromise activity in Microsoft Azure Active Directory, Office 365, and Microsoft 365 environments. CISA's new tool, dubbed Aviary, helps security teams visualize and analyze data outputs generated using Sparrow, an open-source PowerShell-based tool for detecting potentially compromised applications and accounts in Azure and Microsoft 365.

The U.S. government is warning that Advanced Persistent Threat actors are exploiting vulnerabilities in Fortinet FortiOS in ongoing attacks targeting commercial, government, and technology services networks. The warning, issued in a joint advisory by FBI and the Cybersecurity and Infrastructure Security Agency, follows the recent release of security patches covering serious security flaws in Fortinet's flagship FortiOS product.

The Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency warn of advanced persistent threat actors targeting Fortinet FortiOS servers using multiple exploits. In the Joint Cybersecurity Advisory published today, the agencies warn admins and users that the state-sponsored hacking groups are "Likely" exploiting Fortinet FortiOS vulnerabilities CVE-2018-13379, CVE-2020-12812, and CVE-2019-5591.

The Cybersecurity and Infrastructure Security Agency has ordered federal agencies to scan their networks again for any signs of compromised on-premises Microsoft Exchange servers and report their findings within five days. CISA issued another directive ordering federal agencies to urgently update or disconnect their Exchange on-premises servers after Microsoft released security updates for zero-day bugs collectively dubbed ProxyLogon.

The U.S. Cybersecurity & Infrastructure Security Agency is warning of critical-severity security flaws in GE's Universal Relay family of power management devices. GE's UR devices are the "Basis of simplified power management for the protection of critical assets," according to the company.

The Cybersecurity and Infrastructure Security Agency has released a new tool to detect post-compromise malicious activity associated with the SolarWinds hackers in on-premises enterprise environments. CISA Hunt and Incident Response Program, the new forensics collection tool, is a Python-based tool that helps detect SolarWinds malicious activity IOCs on Windows operating systems.

Attacks employing the TrickBot malware continue, leveraging phishing emails as the initial infection vector, the Cybersecurity and Infrastructure Security Agency and Federal Bureau of Investigation warn. In a joint advisory published on Wednesday, the two agencies revealed that a sophisticated group of cybercrime actors is leveraging a traffic infringement phishing scheme to lure victims into downloading the TrickBot malware.

CISA officials said that, so far, there is no evidence of US federal civilian agencies compromised during ongoing attacks targeting Microsoft Exchange servers. "At this point in time, there are no federal civilian agencies that are confirmed to be compromised by this campaign," Eric Goldstein, CISA executive assistant director for cybersecurity, said in a testimony before the Homeland Security Subcommittee.

F5 Networks is warning users to patch four critical remote command execution flaws in its BIG-IP and BIG-IQ enterprise networking infrastructure. The company released an advisory, Wednesday, on seven bugs in total, with two others rated as high risk and one rated as medium risk, respectively.

GOV top-level domain as its new policy and management authority starting next month. GOV top-level domain and makes such domains available to US government organizations, from local municipalities to federal agencies.