Security News

The Cybersecurity and Infrastructure Security Agency has released a new tool to detect post-compromise malicious activity associated with the SolarWinds hackers in on-premises enterprise environments. CISA Hunt and Incident Response Program, the new forensics collection tool, is a Python-based tool that helps detect SolarWinds malicious activity IOCs on Windows operating systems.

Attacks employing the TrickBot malware continue, leveraging phishing emails as the initial infection vector, the Cybersecurity and Infrastructure Security Agency and Federal Bureau of Investigation warn. In a joint advisory published on Wednesday, the two agencies revealed that a sophisticated group of cybercrime actors is leveraging a traffic infringement phishing scheme to lure victims into downloading the TrickBot malware.

CISA officials said that, so far, there is no evidence of US federal civilian agencies compromised during ongoing attacks targeting Microsoft Exchange servers. "At this point in time, there are no federal civilian agencies that are confirmed to be compromised by this campaign," Eric Goldstein, CISA executive assistant director for cybersecurity, said in a testimony before the Homeland Security Subcommittee.

F5 Networks is warning users to patch four critical remote command execution flaws in its BIG-IP and BIG-IQ enterprise networking infrastructure. The company released an advisory, Wednesday, on seven bugs in total, with two others rated as high risk and one rated as medium risk, respectively.

GOV top-level domain as its new policy and management authority starting next month. GOV top-level domain and makes such domains available to US government organizations, from local municipalities to federal agencies.

Following Microsoft's release of out-of-band patches to address multiple zero-day flaws in on-premises versions of Microsoft Exchange Server, the U.S. Cybersecurity and Infrastructure Security Agency has issued an emergency directive warning of "Active exploitation" of the vulnerabilities. The alert comes on the heels of Microsoft's disclosure that China-based hackers were exploiting unknown software bugs in Exchange server to steal sensitive data from select targets, marking the second time in four months that the U.S. has scrambled to address a widespread hacking campaign believed to be the work of foreign threat actors.

"CISA has determined that this exploitation of Microsoft Exchange on-premises products poses an unacceptable risk to Federal Civilian Executive Branch agencies and requires emergency action," reads the March 3 alert. "With organizations migrating to Microsoft Office 365 en masse over the last few years, it's easy to forget that on-premises Exchange servers are still in service," Saryu Nayyar, CEO, Gurucul, said via email.

The U.S. Cybersecurity and Infrastructure Security Agency says many of the victims of the threat group that targeted Texas-based IT management firm SolarWinds were not directly linked to SolarWinds. "While the supply chain compromise of SolarWinds first highlighted the significance of this cyber incident, our response has identified the use of multiple additional initial infection vectors. We have found that significant numbers of both the private-sector and government victims linked to this campaign had no direct connection to SolarWinds," a CISA spokesperson told SecurityWeek.

Companies are most vulnerable when employees work from home or use a combination of company and personal devices.

The U.S. Cybersecurity and Infrastructure Security Agency this week released an advisory to inform industrial organizations that some SCADA/HMI products made by Japanese electrical equipment company Fuji Electric are affected by potentially serious vulnerabilities. The vulnerabilities, reported to Fuji Electric by various researchers through Trend Micro's Zero Day Initiative and CISA, have been described as buffer overflow, out-of-bounds read/write and uninitialized pointer issues that can be exploited for arbitrary code execution.