Security News

CISA Issues ICS Advisory for New Vulnerabilities in Treck TCP/IP Stack
2020-12-22 13:47

Security updates available for the Treck TCP/IP stack address two critical vulnerabilities leading to remote code execution or denial-of-service. A low-level TCP/IP software library, the Treck TCP/IP stack is specifically designed for embedded systems, featuring small critical sections and a small code footprint.

SolarWinds-related cyberattacks pose grave risk to government and private sector, says CISA
2020-12-18 18:40

State-sponsored hackers who exploited a security hole in a SolarWinds monitoring tool to infiltrate government and business networks have apparently left a long line of victims in their wake. Asserting that this threat "Poses a grave risk" to the federal, state, and local governments as well as to critical infrastructure providers and the private sector, CISA sees the removal of the attackers from compromised networks as a highly complex and challenging endeavor.

Supply Chain Attack: CISA Warns of New Initial Attack Vectors Posing 'Grave Risk'
2020-12-17 18:17

The U.S. government on Thursday added a new wrinkle to the global emergency response to the SolarWinds software supply chain attack, warning there are "Additional initial access vectors" that have not yet been documented. As the incident response and threat hunting world focuses on the SolarWinds Orion products as the initial entry point for the attacks, the Cybersecurity and Infrastructure Security Agency added a note to its advisory to warn of the new information.

FBI, CISA, ODNI Describe Response to SolarWinds Attack
2020-12-17 16:02

The FBI has been tasked with collecting intelligence that can help attribute the attack to a threat actor and disrupt their activities. The agency is also working with victims to obtain information that can be useful to the government and network defenders.

CISA: Hackers breached US govt using more than SolarWinds backdoor
2020-12-17 12:48

The US Cybersecurity and Infrastructure Security Agency said that the APT group behind the recent compromise campaign targeting US government agencies used more than one initial access vector. "CISA has evidence of additional initial access vectors, other than the SolarWinds Orion platform; however, these are still being investigated. CISA will update this Alert as new information becomes available," the agency said.

CISA: APT group behind US govt hacks used multiple access vectors
2020-12-17 12:48

The US Cybersecurity and Infrastructure Security Agency said that the APT group behind the recent compromise campaign targeting US government agencies used more than one initial access vector. "CISA has evidence of additional initial access vectors, other than the SolarWinds Orion platform; however, these are still being investigated. CISA will update this Alert as new information becomes available," the agency said.

FBI, CISA officially confirm US govt hacks after SolarWinds breach
2020-12-17 09:39

The compromise of multiple US federal networks following the SolarWinds breach was officially confirmed for the first time in a joint statement released earlier today by the FBI, DHS-CISA, and the Office of the Director of National Intelligence. The National Security Council has established a Cyber Unified Coordination Group following the SolarWinds breach to help the intelligence agencies better coordinate the US government's response efforts surrounding this ongoing espionage campaign.

FBI, CISA and MS-ISAC Warn of Cyberattacks Targeting K-12 Schools
2020-12-11 18:52

Threat actors are targeting K-12 educational institutions in the United States to deploy ransomware, steal data, or disrupt distance learning services. In a joint alert this week, the Federal Bureau of Investigation, the Cybersecurity and Infrastructure Security Agency, and the Multi-State Information Sharing and Analysis Center warned of continuous attacks targeting K-12 educational institutions.

DHS-CISA urges admins to patch OpenSSL DoS vulnerability
2020-12-09 12:25

U.S. DHS Cybersecurity and Infrastructure Security Agency has warned admins to upgrade their vulnerable OpenSSL instances immediately. OpenSSL advisory states, one place where the GENERAL NAME cmp function is used is when OpenSSL validates a certificate's CRL distribution point field.

Think-Tanks Under Attack by Foreign APTs, CISA Warns
2020-12-02 21:21

"Unfortunately, despite some of the conveniences and efficiencies that remote work can provide, it has greatly expanded the attack surface for all businesses, including think-tanks," Banda said. In late October, CISA warned that the North Korean APT group known as Kimsuky is actively attacking think-tanks, commercial-sector businesses and others, often by posing as South Korean reporters.