You are here

Home » Cybersecurity

Cybersecurity

FBI Portal Suffers Compromise

The notion that every organization is vulnerable to a cyber attack gained further credence this weekend when the FBI suffered a breach to one of its email servers. On Friday, a threat actor exploited a software vulnerability in the FBI’s Law Enforcement Enterprise Portal (LEEP), which is used for communication with state and local law enforcement partners, disseminating over 100,000 fraudulent emails. The adversary discovered the misconfiguration in the LEEP portal’s registration process, allowing them to send out emails from an fbi.gov address.

Threat Actor Provided APT and Ransomware Gangs Initial Access to Australian Businesses, according to BlackBerry Report

A recent report from security researchers at Blackberry has discovered an initial access broker, identified as Zebra2104, with links to cyber criminal groups and advanced persistent threat (APT) actors involved in ransomware and phishing activities. The report notes that after Zebra2104 gained initial access to a victim’s device or network and established a reliable backdoor into the network. The actor then advertised their access to these compromised systems on the Dark Web. Zebra2104 provided access to ransomware groups such as MountLocker and Phobos as well as the StrongPity APT.

Threat Actor Exploiting ZOHO ManageEngine ADSelfService Plus

Security researchers at Palo Alto Unit 42 and Microsoft have uncovered an unknown threat actor, tracked as DEV-0322, compromising systems using the ZOHO ManageEngine ADSelfService Plus software versions vulnerable to CVE-2021-40539 in a targeted campaign. The threat actor has successfully compromised at least nine global organizations in the energy and defense sectors, among others.

Microsoft Exchange ProxyShell Exploits Used to Deploy Babuk Ransomware

Microsoft Exchange ProxyShell vulnerabilities are once again being exploited by threat actors to conduct ransomware attacks. Recently, researchers at Cisco Talos have observed a campaign of Babuk ransomware targeting victims via vulnerabilities in their Microsoft Exchange servers. The unknown threat actor, who researchers label “Tortilla,” has infected systems worldwide but has predominantly attacked U.S.-based entities. Typically, a Babuk ransomware attack begins with a DLL, or .NET executable loaded on the Exchange server via the ProxyShell vulnerability.

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - November 4, 2021

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:

ICS Vulnerability Advisories:

Alerts, Updates, and Bulletins:

CISA Issues Binding Operational Directive (BOD) 22-01 to Address Known Exploited Vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) announced a new Binding Operational Directive (BOD) 22-01, Reducing the Significant Risk of Known Exploited Vulnerabilities. The intent of the BOD is to address the remediation of vulnerabilities which are being actively exploited by adversaries. CISA has also created a public catalog of pertinent vulnerabilities. The catalog will be updated regularly and members are encouraged to register to receive notification when new vulnerabilities are added.

Security Awareness – Phishing Scams Targeting Smartphones Impacting Energy Sector

Researchers at the cybersecurity firm Lookout have observed a notable uptick in mobile phishing attacks over the past year, specifically in the energy sector. Since the second half of last year, “there’s been a 161 [percent] increase in mobile phishing attacks targeting the energy sector,” and the energy sector accounts for around 17 percent of all mobile phishing attacks globally. The possibility of energy providers being compromised, and services rendered non-operational represents a risk across the critical infrastructure community because of cross-sector reliance on power.

Pages

Subscribe to Cybersecurity