Cybersecurity

Reminder for Critical Infrastructure to Stay Vigilant Against Threats During Holidays and Weekends

As the holiday season approaches, many are focused on shopping, cooking, and visiting relatives – cybersecurity is often forgotten. Cybercriminals, however, are aware of and regularly leverage these distractions to conduct attacks while our minds are elsewhere. This year, the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI are making sure stakeholders are aware of the potential risks going into the holiday season, in a newly released advisory.

Read more about Reminder for Critical Infrastructure to Stay Vigilant Against Threats During Holidays and Weekends

Incident Notification – New GoDaddy Breach Impacts WordPress Data

Yesterday, GoDaddy filed a report with the Securities and Exchange Commission (SEC) for a security incident it discovered on November 17, 2021. The filing describes the discovery of unauthorized third-party access to their Managed WordPress hosting environment. According to the report, beginning on September 6, 2021 an unauthorized third party leveraged the vulnerability to gain access to the following customer information:

Read more about Incident Notification – New GoDaddy Breach Impacts WordPress Data

Think Tank Makes Far Reaching Federal Policy Recommendations for Water Sector Cybersecurity

Today, the Foundation for Defense of Democracies (FDD), a think tank aligned with the congressional Cyberspace Solarium Commission, released a research memo recommending a wide range of federal cybersecurity policy changes to improve water and wastewater cybersecurity. The memo, “Poor Cybersecurity Makes Water a Weak Link in Critical Infrastructure,” is expected to be translated into legislation for Congress to consider next year.

Read more about Think Tank Makes Far Reaching Federal Policy Recommendations for Water Sector Cybersecurity

Joint Cybersecurity Advisory Regarding Iranian APT – Another Threat Emphasizing the Importance of Patching

The FBI, CISA, ACSC, and NCSC released a joint Cybersecurity Advisory highlighting ongoing malicious cyber activity by an advanced persistent threat (APT) group believed to be associated with the government of Iran. Specifically, the FBI and CISA have observed this Iranian government-sponsored APT exploit Fortinet and Microsoft Exchange ProxyShell vulnerabilities to gain initial access to systems in advance of follow-on operations, which include deploying ransomware.

Read more about Joint Cybersecurity Advisory Regarding Iranian APT – Another Threat Emphasizing the Importance of Patching

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - November 18, 2021

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:

ICS Vulnerability Advisories:

Read more about CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - November 18, 2021

Security Awareness – Current Phishing Campaign Leverages Fake Outlook Web App

A new phishing scam is using the likeness of Microsoft Outlook Web App to steal credentials. Researchers at Mailguard observed a recent phishing campaign from an unknown group of cyber criminals seeking to gain access to user credentials. The email asks users to ‘validate your account’ by clicking on a nefarious link and entering your password. After clicking the link, victims are directed to a mimicked version of the Outlook Web App login page and asked to provide their username and password.

Read more about Security Awareness – Current Phishing Campaign Leverages Fake Outlook Web App

FBI FLASH: APT Group Exploiting 0-day in FatPipe WARP, MPVPN, and IPVPN Software

The FBI has published a TLP:WHITE FLASH examining the activities of an APT group exploiting a zero-day in FatPipe WARP, MPVPN, and IPVPN software. According to the FLASH, APT actors have been observed exploiting this vulnerability going back to at least May 2021. The vulnerability allowed the threat actors “to gain access to an unrestricted file upload function to drop a webshell for exploitation activity with root access, leading to elevated privileges and potential follow-on activity.” The FLASH includes further technical details regarding this activity and lists recommended mitigations.

Read more about FBI FLASH: APT Group Exploiting 0-day in FatPipe WARP, MPVPN, and IPVPN Software

Threat Awareness – Emotet, Everybody’s Email Enemy (Re)Emerges and Could Lead to More Ransomware

There are few things that are absolute. Cyber threats being fully eradicated isn’t one of them. Despite the globally coordinated law enforcement action in January and follow up mass uninstall effort in April to expunge this formidable foe, Emotet has awoke.

Read more about Threat Awareness – Emotet, Everybody’s Email Enemy (Re)Emerges and Could Lead to More Ransomware

The Top Domains that Threat Actors Prefer

Amidst thousands of top-level domains (TLD) available, researchers at Palo Alto Networks have identified the most widely exploited TLDs by threat actors. The researchers discovered threat actors prefer a small group of 25 TLDs, accounting for 90 percent of all malicious websites. Threat actors prefer exploiting .com and .net TLDs because they appear more legitimate to victims and thus improve success rates. The TLDs that spread the most malware include .ga, .xyz, .cf, ,tk, .org, and .ml.

Read more about The Top Domains that Threat Actors Prefer

CISA Publishes Cybersecurity Incident and Vulnerability Response Playbooks

The Cybersecurity and Infrastructure Security Agency (CISA) just released two playbooks for federal executive branch agencies to serve as guides on how “to respond to vulnerabilities and incidents” impacting their networks. The playbooks provide operational guidelines for planning and conducting cybersecurity incident and vulnerability response activities. Illustrated decision trees and step by step instructions for both incident and vulnerability response are also included. The new operational procedures fulfill the directives issued to CISA by the White House’s Executive Order 14028.

Read more about CISA Publishes Cybersecurity Incident and Vulnerability Response Playbooks

You are here

Cybersecurity

Reminder for Critical Infrastructure to Stay Vigilant Against Threats During Holidays and Weekends

Incident Notification – New GoDaddy Breach Impacts WordPress Data

Think Tank Makes Far Reaching Federal Policy Recommendations for Water Sector Cybersecurity

Joint Cybersecurity Advisory Regarding Iranian APT – Another Threat Emphasizing the Importance of Patching

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - November 18, 2021

Security Awareness – Current Phishing Campaign Leverages Fake Outlook Web App

FBI FLASH: APT Group Exploiting 0-day in FatPipe WARP, MPVPN, and IPVPN Software

Threat Awareness – Emotet, Everybody’s Email Enemy (Re)Emerges and Could Lead to More Ransomware

The Top Domains that Threat Actors Prefer

CISA Publishes Cybersecurity Incident and Vulnerability Response Playbooks

Pages

You are here

Cybersecurity

Pages

Footer Email Signup