CISA and FBI Advisory on Darkside Ransomware - Updated July 13, 2021
July 13, 2021
Cybersecurity
SolarWinds Issues Patch for Serv-U Vulnerability
Microsoft identified a new zero-day vulnerability (tracked as CVE-2021-35211) impacting SolarWinds Serv-U Managed File Transfer and Serv-U Secure FTP products – this vulnerability is not related to SUNBURST. The Serv-U vulnerability enables remote code execution (RCE) with privileges following successful exploitation.
CISA’s Analysis of FY20 Risk and Vulnerability Assessments
The U.S. Department of Homeland Security Cybersecurity and Information Security Agency (CISA) released its Analysis of FY20 Risk and Vulnerability Assessments along with an infographic mapping from 37 of its Risk and Vulnerability Assessments (RVAs) conducted in Fiscal Year 2020 to the MITRE ATT&CK® Framework. The report identifies routinely successful attack paths CISA observed during RVAs conducted across multiple sectors.
OT/ICS Security – What Threats are Impacting ICS Endpoints?
Based on its extensive visibility into OT environments, TrendMicro recently released a report highlighting the threats to ICS endpoints. The 2020 Report: ICS Endpoints as Starting Points for Threats shares the status of global industrial systems in terms of security against both known and new threats that hound ICS endpoints. TrendMicro looked at the data from ICS endpoints that are part of the IT/OT network, specifically industrial automation suites and Engineering Workstations.
Microsoft Reports Highly Targeted Attacks from Nobelium
Microsoft has detected recent limited activity emanating from the threat tracked as Nobelium which was originally responsible for the compromise of SolarWinds Orion in December. According to Microsoft, this recent activity was targeted at specific customers, primarily IT companies (57%), followed by government (20%). Microsoft is contacting all customers that were compromised or targeted through its nation-state notification process.
Cybersecurity Awareness/Hygiene – Proofpoint BEC Taxonomy Series - Updated June 24, 2021
Proofpoint BEC Taxonomy Series: Lures and Tasks (Part 5)
More Cyber Resources from MITRE!
So much from MITRE, so little time!! The NSA has announced plans to fund the development of a new MITRE project called D3FEND. The goal of D3FEND is to provide a knowledge base of defensive countermeasures and their relationships to offensive/adversary techniques. D3FEND has a similar look and feel, and is a complement to the MITRE ATT&CK® Framework knowledgebase of cyber adversary behavior.
Ransomware Roundup (Overload) Continues – June 24, 2021
With much focus on ransomware in recent weeks, it seems prudent to continue including some of the more notable developments for awareness. Today’s roundup includes threats, incidents, musings, and recent response guidance resources.
Threats
Security Awareness – Now’s a Good Time to Review your Phishing Defenses
With all of the attention on ransomware lately, we can’t forget about phishing. Given the propensity for phishing to be the leading attack vector resulting in compromises – including ransomware – organizations need to continuously review their defense in depth strategies to combat phishing. Perry Carpenter, Chief Evangelist and Strategy Officer at KnowBe4, reviews three key elements of a good phishing defense approach that includes: policies, procedures and documentation; technical defenses; and security awareness training.
Even More Ransomware Roundups – June 22, 2021
From ransomware attacks to analysis of threats, we have more notables on ransomware activity plaguing the threat landscape. Understanding the behaviors and traits of ransomware groups helps us improve our defenses and not be sitting ducks.
Pages
