The Hacker News Logo
Subscribe to Newsletter
CrowdSec

The Hacker News - Most Trusted Cyber Security and Computer Security Analysis: CISA

FBI, CISA, and NSA Reveal How Hackers Targeted a Defense Industrial Base Organization

FBI, CISA, and NSA Reveal How Hackers Targeted a Defense Industrial Base Organization

October 05, 2022Ravie Lakshmanan
U.S. cybersecurity and intelligence agencies on Tuesday disclosed that multiple nation-state hacking groups potentially targeted a "Defense Industrial Base (DIB) Sector organization's enterprise network" as part of a cyber espionage campaign. "[Advanced persistent threat] actors used an open-source toolkit called  Impacket  to gain their foothold within the environment and further compromise the network, and also used a custom data exfiltration tool, CovalentStealer, to steal the victim's sensitive data," the authorities  said . The  joint advisory , which was authored by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA), said the adversaries likely had long-term access to the compromised environment. The findings are the result of CISA's incident response efforts in collaboration with a trusted third-party security firm from November 2021 through January 20
CISA Orders Federal Agencies to Regularly Track Network Assets and Vulnerabilities

CISA Orders Federal Agencies to Regularly Track Network Assets and Vulnerabilities

October 04, 2022Ravie Lakshmanan
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a new Binding Operational Directive (BOD) that directs federal agencies in the country to keep track of assets and vulnerabilities on their networks six months from now. To that end, Federal Civilian Executive Branch (FCEB) enterprises have been tasked with two sets of activities: Asset discovery and vulnerability enumeration, which are seen as essential steps to gain "greater visibility into risks facing federal civilian networks." This  involves  carrying out automated asset discovery every seven days and initiating vulnerability enumeration across those discovered assets every 14 days by April 3, 2023, in addition to having the capabilities to do so on an on-demand basis within 72 hours of receiving a request from CISA. Similar baseline vulnerability enumeration obligations have also been put in place for Android and iOS devices as well as other devices that reside outside of agency on-premise
CISA Warns of Hackers Exploiting Recent Zoho ManageEngine Vulnerability

CISA Warns of Hackers Exploiting Recent Zoho ManageEngine Vulnerability

September 23, 2022Ravie Lakshmanan
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday  added  a recently disclosed security flaw in Zoho ManageEngine to its Known Exploited Vulnerabilities ( KEV ) Catalog, citing evidence of active exploitation. "Zoho ManageEngine PAM360, Password Manager Pro, and Access Manager Plus contain an unspecified vulnerability which allows for remote code execution," the agency said in a notice. The  critical vulnerability , tracked as  CVE-2022-35405 , is rated 9.8 out of 10 for severity on the CVSS scoring system, and was patched by Zoho as part of updates released on June 24, 2022. Although the exact nature of the flaw remains unknown, the India-based enterprise solutions company  said  it addressed the issue by removing the vulnerable components that could lead to the remote execution of arbitrary code. Zoho has also warned of the public availability of a proof-of-concept (PoC) exploit for the vulnerability, making it imperative that customers move
Critical Remote Hack Flaws Found in Dataprobe's Power Distribution Units

Critical Remote Hack Flaws Found in Dataprobe's Power Distribution Units

September 21, 2022Ravie Lakshmanan
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday released an industrial control systems (ICS) advisory warning of seven security flaws in Dataprobe's iBoot-PDU power distribution unit product, mostly used in industrial environments and data centers. "Successful exploitation of these vulnerabilities could lead to unauthenticated remote code execution on the Dataprobe iBoot-PDU device," the agency  said  in a notice. Credited with disclosing the flaws is industrial cybersecurity firm Claroty, which  said  the weaknesses could be remotely triggered "either through a direct web connection to the device or via the cloud." iBoot-PDU  is a power distribution unit (PDU) that provides users with real-time monitoring capabilities and sophisticated alerting mechanisms via a web interface so as to control the power supply to devices and other equipment in an OT environment. The vulnerabilities assume new significance when taking into consid
Warning: PyPI Feature Executes Code Automatically After Python Package Download

Warning: PyPI Feature Executes Code Automatically After Python Package Download

September 02, 2022Ravie Lakshmanan
In another finding that could expose developers to increased risk of a supply chain attack, it has emerged that nearly one-third of the packages in PyPI, the Python Package Index, trigger automatic code execution upon downloading them. "A worrying feature in pip/PyPI allows code to automatically run when developers are merely downloading a package," Checkmarx researcher Yehuda Gelb  said  in a technical report published this week. "Also, this feature is alarming due to the fact that a great deal of the malicious packages we are finding in the wild use this feature of code execution upon installation to achieve higher infection rates." One of the ways by which packages can be installed for Python is by executing the " pip install " command, which, in turn, invokes a file called "setup.py" that comes bundled along with the module. "setup.py," as the name implies, is a  setup script  that's used to specify metadata associated wit
CISA Adds 10 New Known Actively Exploited Vulnerabilities to its Catalog

CISA Adds 10 New Known Actively Exploited Vulnerabilities to its Catalog

August 29, 2022Ravie Lakshmanan
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added 10 new actively exploited vulnerabilities to its  Known Exploited Vulnerabilities (KEV) Catalog , including a high-severity security flaw affecting industrial automation software from Delta Electronics. The issue, tracked as  CVE-2021-38406  (CVSS score: 7.8), impacts DOPSoft 2 versions 2.00.07 and prior. A successful exploitation of the flaw may lead to arbitrary code execution. "Delta Electronics DOPSoft 2 lacks proper validation of user-supplied data when parsing specific project files (improper input validation) resulting in an out-of-bounds write that allows for code execution," CISA said in an alert. It's worth noting that CVE-2021-38406 was originally disclosed as part of an industrial control systems (ICS) advisory  published  in September 2021. However, there are no patches that address the vulnerability, with CISA noting that the "impacted product is end-of-life and shoul
CISA Warns of Active Exploitation of Palo Alto Networks' PAN-OS Vulnerability

CISA Warns of Active Exploitation of Palo Alto Networks' PAN-OS Vulnerability

August 23, 2022Ravie Lakshmanan
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday  added  a security flaw impacting Palo Alto Networks PAN-OS to its  Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. The high-severity vulnerability, tracked as  CVE-2022-0028  (CVSS score: 8.6), is a URL filtering policy misconfiguration that could allow an unauthenticated, remote attacker to carry out reflected and amplified TCP denial-of-service (DoS) attacks. "If exploited, this issue would not impact the confidentiality, integrity, or availability of our products," Palo Alto Networks said in an alert. "However, the resulting denial-of-service (DoS) attack may help obfuscate the identity of the attacker and implicate the firewall as the source of the attack. The weakness impacts the following product versions and has been addressed as part of updates released this month - PAN-OS 10.2 (version < 10.2.2-h2) PAN-OS 10.1 (version < 10.1.6-h6) PAN-O
CISA Adds 7 New Actively Exploited Vulnerabilities to Catalog

CISA Adds 7 New Actively Exploited Vulnerabilities to Catalog

August 20, 2022Ravie Lakshmanan
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday moved to add a  critical SAP security flaw  to its  Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. The issue in question is  CVE-2022-22536 , which has received the highest possible risk score of 10.0 on the CVSS vulnerability scoring system and was addressed by SAP as part of its Patch Tuesday updates for February 2022. Described as an HTTP request smuggling vulnerability, the shortcoming impacts the following product versions - SAP Web Dispatcher (Versions - 7.49, 7.53, 7.77, 7.81, 7.85, 7.22EXT, 7.86, 7.87) SAP Content Server (Version - 7.53) SAP NetWeaver and ABAP Platform (Versions - KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT, 7.49) "An unauthenticated attacker can prepend a victim's request with arbitrary data, allowing for function execution impersonating the victim
CISA Adds Zimbra Email Vulnerability to its Exploited Vulnerabilities Catalog

CISA Adds Zimbra Email Vulnerability to its Exploited Vulnerabilities Catalog

August 05, 2022Ravie Lakshmanan
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a recently disclosed high-severity vulnerability in the Zimbra email suite to its  Known Exploited Vulnerabilities Catalog , citing  evidence of active exploitation . The issue in question is  CVE-2022-27924  (CVSS score: 7.5), a command injection flaw in the platform that could lead to the execution of arbitrary Memcached commands and theft of sensitive information. "Zimbra Collaboration (ZCS) allows an attacker to inject memcached commands into a targeted instance which causes an overwrite of arbitrary cached entries," CISA said. Specifically, the bug relates to a case of insufficient validation of user input that, if successfully exploited, could enable attackers to steal cleartext credentials from users of targeted Zimbra instances. The issue was  disclosed  by SonarSource in June, with  patches  released by Zimbra on May 10, 2022, in versions 8.8.15 P31.1 and 9.0.0 P24.1. CISA hasn
CISA Warns of Atlassian Confluence Hard-Coded Credential Bug Exploited in Attacks

CISA Warns of Atlassian Confluence Hard-Coded Credential Bug Exploited in Attacks

July 30, 2022Ravie Lakshmanan
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday  added  the recently disclosed Atlassian security flaw to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. The vulnerability, tracked as  CVE-2022-26138 , concerns the use of hard-coded credentials when the Questions For Confluence app is enabled in Confluence Server and Data Center instances. "A remote unauthenticated attacker can use these credentials to log into Confluence and access all content accessible to users in the confluence-users group," CISA  notes  in its advisory. Depending on the page restrictions and the information a company has in Confluence, successful exploitation of the shortcoming could lead to the disclosure of sensitive information. Although the bug was addressed by the Australian software company last week in versions 2.7.38 and 3.0.5, it has since come under active exploitation , cybersecurity firm Rapid7 disclosed this week. &qu
North Korean Maui Ransomware Actively Targeting U.S. Healthcare Organizations

North Korean Maui Ransomware Actively Targeting U.S. Healthcare Organizations

July 07, 2022Ravie Lakshmanan
In a new joint cybersecurity advisory, U.S. cybersecurity and intelligence agencies have warned about the use of Maui ransomware by North Korean government-backed hackers to target the healthcare sector since at least May 2021. "North Korean state-sponsored cyber actors used Maui ransomware in these incidents to encrypt servers responsible for healthcare services—including electronic health records services, diagnostics services, imaging services, and intranet services," the authorities  noted . The  alert  comes courtesy of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of the Treasury. Cybersecurity firm Stairwell, whose findings formed the basis of the advisory, said the lesser-known ransomware family stands out because of a lack of several key features commonly associated with ransomware-as-a-service (RaaS) groups. This includes the absence of "embedded ransom note to provide recov
Log4Shell Still Being Exploited to Hack VMWare Servers to Exfiltrate Sensitive Data

Log4Shell Still Being Exploited to Hack VMWare Servers to Exfiltrate Sensitive Data

June 24, 2022Ravie Lakshmanan
The U.S. Cybersecurity and Infrastructure Security Agency (CISA), along with the Coast Guard Cyber Command (CGCYBER), on Thursday released a joint advisory warning of continued attempts on the part of threat actors to exploit the Log4Shell flaw in VMware Horizon servers to breach target networks. "Since December 2021, multiple threat actor groups have exploited Log4Shell on unpatched, public-facing VMware Horizon and [Unified Access Gateway] servers," the agencies  said . "As part of this exploitation, suspected APT actors implanted loader malware on compromised systems with embedded executables enabling remote command-and-control (C2)." In one instance, the adversary is said to have been able to move laterally inside the victim network, obtain access to a disaster recovery network, and collect and exfiltrate sensitive law enforcement data. Log4Shell , tracked as  CVE-2021-44228  (CVSS score: 10.0), is a remote code execution vulnerability affecting the Apache
U.S. Agencies Warn About Chinese Hackers Targeting Telecoms and Network Service Providers

U.S. Agencies Warn About Chinese Hackers Targeting Telecoms and Network Service Providers

June 08, 2022Ravie Lakshmanan
U.S. cybersecurity and intelligence agencies have  warned  about China-based state-sponsored cyber actors leveraging network vulnerabilities to exploit public and private sector organizations since at least 2020. The widespread intrusion campaigns aim to exploit publicly identified security flaws in network devices such as Small Office/Home Office (SOHO) routers and Network Attached Storage (NAS) devices with the goal of gaining deeper access to victim networks. In addition, the actors used these compromised devices as route command-and-control (C2) traffic to break into other targets at scale, the U.S. National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI)  said  in a joint advisory. The perpetrators, besides shifting their tactics in response to public disclosures, are known to employ a mix of open-source and custom tools for reconnaissance and vulnerability scanning as well as to obscure and ble
CISA Warned About Critical Vulnerabilities in Illumina's DNA Sequencing Devices

CISA Warned About Critical Vulnerabilities in Illumina's DNA Sequencing Devices

June 06, 2022Ravie Lakshmanan
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Food and Drug Administration (FDA) have issued an advisory about critical security vulnerabilities in Illumina's next-generation sequencing ( NGS ) software. Three of the flaws are rated 10 out of 10 for severity on the Common Vulnerability Scoring System ( CVSS ), with two others having severity ratings of 9.1 and 7.4. The issues impact software in medical devices used for "clinical diagnostic use in sequencing a person's DNA or testing for various genetic conditions, or for research use only,"  according to the FDA . "Successful exploitation of these vulnerabilities may allow an unauthenticated malicious actor to take control of the affected product remotely and take any action at the operating system level," CISA  said  in an alert. "An attacker could impact settings, configurations, software, or data on the affected product and interact through the affected product with the c
CISA Urges Organizations to Patch Actively Exploited F5 BIG-IP Vulnerability

CISA Urges Organizations to Patch Actively Exploited F5 BIG-IP Vulnerability

May 12, 2022Ravie Lakshmanan
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has  added  the recently disclosed F5 BIG-IP flaw to its  Known Exploited Vulnerabilities Catalog  following reports of  active abuse  in the wild. The flaw, assigned the identifier  CVE-2022-1388  (CVSS score: 9.8), concerns a  critical bug  in the BIG-IP iControl REST endpoint that provides an unauthenticated adversary with a method to execute arbitrary system commands. "An attacker can use this vulnerability to do just about anything they want to on the vulnerable server," Horizon3.ai  said  in a report. "This includes making configuration changes, stealing sensitive information and moving laterally within the target network." Patches and mitigations for the flaw were announced by F5 on May 4, but it has been  subjected  to  in-the-wild   exploitation  over the past week, with attackers attempting to install a web shell that grants backdoor access to the targeted systems. "Due to the ease
SHIELDS UP in bite sized chunks

SHIELDS UP in bite sized chunks

May 09, 2022The Hacker News
Unless you are living completely off the grid, you know the horrifying war in Ukraine and the related geopolitical tensions have dramatically increased cyberattacks and the threat of even more to come. The Cybersecurity and Infrastructure Security Agency (CISA) provides guidance to US federal agencies in their fight against cybercrime, and the agency's advice has proven so valuable that it's been widely adopted by commercial organizations too. In February, CISA responded to the current situation by issuing an unusual " SHIELDS UP! " warning and advisory. According to CISA, "Every organization—large and small—must be prepared to respond to disruptive cyber incidents." The announcement from CISA consisted of a range of recommendations to help organizations and individuals reduce the likelihood of a successful attack and limit damage in case the worst happens. It also contains general advice for C-level leaders, as well as a tip sheet on how to respond to r
U.S. Cybersecurity Agency Lists 2021's Top 15 Most Exploited Software Vulnerabilities

U.S. Cybersecurity Agency Lists 2021's Top 15 Most Exploited Software Vulnerabilities

April 28, 2022Ravie Lakshmanan
Log4Shell ,  ProxyShell ,  ProxyLogon ,  ZeroLogon , and flaws in  Zoho ManageEngine AD SelfService Plus ,  Atlassian Confluence , and  VMware vSphere Client  emerged as some of the top exploited security vulnerabilities in 2021. That's according to a " Top Routinely Exploited Vulnerabilities " report released by cybersecurity authorities from the Five Eyes nations Australia, Canada, New Zealand, the U.K., and the U.S. Other frequently weaponized flaws included a remote code execution bug in Microsoft Exchange Server ( CVE-2020-0688 ), an arbitrary file read vulnerability in Pulse Secure Pulse Connect Secure ( CVE-2019-11510 ), and a path traversal defect in Fortinet FortiOS and FortiProxy ( CVE-2018-13379 ). Nine of the top 15 routinely exploited flaws were remote code execution vulnerabilities, followed by two privilege escalation weaknesses, and one each of security feature bypass, arbitrary code execution, arbitrary file read, and path traversal flaws. "G
Five Eyes Nations Warn of Russian Cyber Attacks Against Critical Infrastructure

Five Eyes Nations Warn of Russian Cyber Attacks Against Critical Infrastructure

April 21, 2022Ravie Lakshmanan
The Five Eyes nations have released a  joint cybersecurity advisory  warning of increased  malicious attacks  from Russian state-sponsored actors and criminal groups targeting critical infrastructure organizations amidst the ongoing military siege on Ukraine. "Evolving intelligence indicates that the Russian government is exploring options for potential cyberattacks," authorities from Australia, Canada, New Zealand, the U.K., and the U.S.  said . "Russia's invasion of Ukraine could expose organizations both within and beyond the region to increased malicious cyber activity. This activity may occur as a response to the unprecedented economic costs imposed on Russia as well as material support provided by the United States and U.S. allies and partners." The  advisory  follows  another alert  from the U.S. government cautioning of nation-state actors deploying specialized malware to maintain access to industrial control systems (ICS) and supervisory control an
FBI, U.S. Treasury and CISA Warn of North Korean Hackers Targeting Blockchain Companies

FBI, U.S. Treasury and CISA Warn of North Korean Hackers Targeting Blockchain Companies

April 19, 2022Ravie Lakshmanan
The U.S. Cybersecurity and Infrastructure Security Agency (CISA), along with the Federal Bureau of Investigation (FBI) and the Treasury Department, warned of a new set of ongoing cyber attacks carried out by the Lazarus Group targeting blockchain companies. Calling the activity cluster  TraderTraitor , the infiltrations involve the North Korean state-sponsored advanced persistent threat (APT) actor striking entities operating in the Web3.0 industry since at least 2020. Targeted organizations include cryptocurrency exchanges, decentralized finance (DeFi) protocols, play-to-earn cryptocurrency video games, cryptocurrency trading companies, venture capital funds investing in cryptocurrency, and individual holders of large amounts of cryptocurrency or valuable non-fungible tokens (NFTs). The attack chains commence with the threat actor reaching out to victims via different communication platforms to lure them into downloading weaponized cryptocurrency apps for Windows and macOS, subse
U.S. Warns of APT Hackers Targeting ICS/SCADA Systems with Specialized Malware

U.S. Warns of APT Hackers Targeting ICS/SCADA Systems with Specialized Malware

April 14, 2022Ravie Lakshmanan
The U.S. government on Wednesday warned of nation-state actors deploying specialized malware to maintain access to industrial control systems (ICS) and supervisory control and data acquisition (SCADA) devices. "The APT actors have developed custom-made tools for targeting ICS/SCADA devices," multiple U.S. agencies  said  in an alert. "The tools enable them to scan for, compromise, and control affected devices once they have established initial access to the operational technology (OT) network." The joint federal advisory comes courtesy of the U.S. Department of Energy (DoE), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI). The custom-made tools are specifically designed to single out Schneider Electric programmable logic controllers (PLCs), OMRON Sysmac NEX PLCs, and Open Platform Communications Unified Architecture (OPC UA) servers. On top of that, the unnamed actors
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.