#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

CISA | Breaking Cybersecurity News | The Hacker News

North Korean Maui Ransomware Actively Targeting U.S. Healthcare Organizations

North Korean Maui Ransomware Actively Targeting U.S. Healthcare Organizations

Jul 07, 2022
In a new joint cybersecurity advisory, U.S. cybersecurity and intelligence agencies have warned about the use of Maui ransomware by North Korean government-backed hackers to target the healthcare sector since at least May 2021. "North Korean state-sponsored cyber actors used Maui ransomware in these incidents to encrypt servers responsible for healthcare services—including electronic health records services, diagnostics services, imaging services, and intranet services," the authorities  noted . The  alert  comes courtesy of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of the Treasury. Cybersecurity firm Stairwell, whose findings formed the basis of the advisory, said the lesser-known ransomware family stands out because of a lack of several key features commonly associated with ransomware-as-a-service (RaaS) groups. This includes the absence of "embedded ransom note to provide recov
Log4Shell Still Being Exploited to Hack VMWare Servers to Exfiltrate Sensitive Data

Log4Shell Still Being Exploited to Hack VMWare Servers to Exfiltrate Sensitive Data

Jun 24, 2022
The U.S. Cybersecurity and Infrastructure Security Agency (CISA), along with the Coast Guard Cyber Command (CGCYBER), on Thursday released a joint advisory warning of continued attempts on the part of threat actors to exploit the Log4Shell flaw in VMware Horizon servers to breach target networks. "Since December 2021, multiple threat actor groups have exploited Log4Shell on unpatched, public-facing VMware Horizon and [Unified Access Gateway] servers," the agencies  said . "As part of this exploitation, suspected APT actors implanted loader malware on compromised systems with embedded executables enabling remote command-and-control (C2)." In one instance, the adversary is said to have been able to move laterally inside the victim network, obtain access to a disaster recovery network, and collect and exfiltrate sensitive law enforcement data. Log4Shell , tracked as  CVE-2021-44228  (CVSS score: 10.0), is a remote code execution vulnerability affecting the Apache
How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

Mar 21, 2024SaaS Security / Endpoint Security
In today's digital-first business environment dominated by SaaS applications, organizations increasingly depend on third-party vendors for essential cloud services and software solutions. As more vendors and services are added to the mix, the complexity and potential vulnerabilities within the  SaaS supply chain  snowball quickly. That's why effective vendor risk management (VRM) is a critical strategy in identifying, assessing, and mitigating risks to protect organizational assets and data integrity. Meanwhile, common approaches to vendor risk assessments are too slow and static for the modern world of SaaS. Most organizations have simply adapted their legacy evaluation techniques for on-premise software to apply to SaaS providers. This not only creates massive bottlenecks, but also causes organizations to inadvertently accept far too much risk. To effectively adapt to the realities of modern work, two major aspects need to change: the timeline of initial assessment must shorte
U.S. Agencies Warn About Chinese Hackers Targeting Telecoms and Network Service Providers

U.S. Agencies Warn About Chinese Hackers Targeting Telecoms and Network Service Providers

Jun 08, 2022
U.S. cybersecurity and intelligence agencies have  warned  about China-based state-sponsored cyber actors leveraging network vulnerabilities to exploit public and private sector organizations since at least 2020. The widespread intrusion campaigns aim to exploit publicly identified security flaws in network devices such as Small Office/Home Office (SOHO) routers and Network Attached Storage (NAS) devices with the goal of gaining deeper access to victim networks. In addition, the actors used these compromised devices as route command-and-control (C2) traffic to break into other targets at scale, the U.S. National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI)  said  in a joint advisory. The perpetrators, besides shifting their tactics in response to public disclosures, are known to employ a mix of open-source and custom tools for reconnaissance and vulnerability scanning as well as to obscure and ble
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
CISA Warned About Critical Vulnerabilities in Illumina's DNA Sequencing Devices

CISA Warned About Critical Vulnerabilities in Illumina's DNA Sequencing Devices

Jun 06, 2022
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Food and Drug Administration (FDA) have issued an advisory about critical security vulnerabilities in Illumina's next-generation sequencing ( NGS ) software. Three of the flaws are rated 10 out of 10 for severity on the Common Vulnerability Scoring System ( CVSS ), with two others having severity ratings of 9.1 and 7.4. The issues impact software in medical devices used for "clinical diagnostic use in sequencing a person's DNA or testing for various genetic conditions, or for research use only,"  according to the FDA . "Successful exploitation of these vulnerabilities may allow an unauthenticated malicious actor to take control of the affected product remotely and take any action at the operating system level," CISA  said  in an alert. "An attacker could impact settings, configurations, software, or data on the affected product and interact through the affected product with the c
CISA Urges Organizations to Patch Actively Exploited F5 BIG-IP Vulnerability

CISA Urges Organizations to Patch Actively Exploited F5 BIG-IP Vulnerability

May 12, 2022
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has  added  the recently disclosed F5 BIG-IP flaw to its  Known Exploited Vulnerabilities Catalog  following reports of  active abuse  in the wild. The flaw, assigned the identifier  CVE-2022-1388  (CVSS score: 9.8), concerns a  critical bug  in the BIG-IP iControl REST endpoint that provides an unauthenticated adversary with a method to execute arbitrary system commands. "An attacker can use this vulnerability to do just about anything they want to on the vulnerable server," Horizon3.ai  said  in a report. "This includes making configuration changes, stealing sensitive information and moving laterally within the target network." Patches and mitigations for the flaw were announced by F5 on May 4, but it has been  subjected  to  in-the-wild   exploitation  over the past week, with attackers attempting to install a web shell that grants backdoor access to the targeted systems. "Due to the ease
SHIELDS UP in bite sized chunks

SHIELDS UP in bite sized chunks

May 09, 2022
Unless you are living completely off the grid, you know the horrifying war in Ukraine and the related geopolitical tensions have dramatically increased cyberattacks and the threat of even more to come. The Cybersecurity and Infrastructure Security Agency (CISA) provides guidance to US federal agencies in their fight against cybercrime, and the agency's advice has proven so valuable that it's been widely adopted by commercial organizations too. In February, CISA responded to the current situation by issuing an unusual " SHIELDS UP! " warning and advisory. According to CISA, "Every organization—large and small—must be prepared to respond to disruptive cyber incidents." The announcement from CISA consisted of a range of recommendations to help organizations and individuals reduce the likelihood of a successful attack and limit damage in case the worst happens. It also contains general advice for C-level leaders, as well as a tip sheet on how to respond to r
U.S. Cybersecurity Agency Lists 2021's Top 15 Most Exploited Software Vulnerabilities

U.S. Cybersecurity Agency Lists 2021's Top 15 Most Exploited Software Vulnerabilities

Apr 28, 2022
Log4Shell ,  ProxyShell ,  ProxyLogon ,  ZeroLogon , and flaws in  Zoho ManageEngine AD SelfService Plus ,  Atlassian Confluence , and  VMware vSphere Client  emerged as some of the top exploited security vulnerabilities in 2021. That's according to a " Top Routinely Exploited Vulnerabilities " report released by cybersecurity authorities from the Five Eyes nations Australia, Canada, New Zealand, the U.K., and the U.S. Other frequently weaponized flaws included a remote code execution bug in Microsoft Exchange Server ( CVE-2020-0688 ), an arbitrary file read vulnerability in Pulse Secure Pulse Connect Secure ( CVE-2019-11510 ), and a path traversal defect in Fortinet FortiOS and FortiProxy ( CVE-2018-13379 ). Nine of the top 15 routinely exploited flaws were remote code execution vulnerabilities, followed by two privilege escalation weaknesses, and one each of security feature bypass, arbitrary code execution, arbitrary file read, and path traversal flaws. "G
Five Eyes Nations Warn of Russian Cyber Attacks Against Critical Infrastructure

Five Eyes Nations Warn of Russian Cyber Attacks Against Critical Infrastructure

Apr 21, 2022
The Five Eyes nations have released a  joint cybersecurity advisory  warning of increased  malicious attacks  from Russian state-sponsored actors and criminal groups targeting critical infrastructure organizations amidst the ongoing military siege on Ukraine. "Evolving intelligence indicates that the Russian government is exploring options for potential cyberattacks," authorities from Australia, Canada, New Zealand, the U.K., and the U.S.  said . "Russia's invasion of Ukraine could expose organizations both within and beyond the region to increased malicious cyber activity. This activity may occur as a response to the unprecedented economic costs imposed on Russia as well as material support provided by the United States and U.S. allies and partners." The  advisory  follows  another alert  from the U.S. government cautioning of nation-state actors deploying specialized malware to maintain access to industrial control systems (ICS) and supervisory control an
FBI, U.S. Treasury and CISA Warn of North Korean Hackers Targeting Blockchain Companies

FBI, U.S. Treasury and CISA Warn of North Korean Hackers Targeting Blockchain Companies

Apr 19, 2022
The U.S. Cybersecurity and Infrastructure Security Agency (CISA), along with the Federal Bureau of Investigation (FBI) and the Treasury Department, warned of a new set of ongoing cyber attacks carried out by the Lazarus Group targeting blockchain companies. Calling the activity cluster  TraderTraitor , the infiltrations involve the North Korean state-sponsored advanced persistent threat (APT) actor striking entities operating in the Web3.0 industry since at least 2020. Targeted organizations include cryptocurrency exchanges, decentralized finance (DeFi) protocols, play-to-earn cryptocurrency video games, cryptocurrency trading companies, venture capital funds investing in cryptocurrency, and individual holders of large amounts of cryptocurrency or valuable non-fungible tokens (NFTs). The attack chains commence with the threat actor reaching out to victims via different communication platforms to lure them into downloading weaponized cryptocurrency apps for Windows and macOS, subse
U.S. Warns of APT Hackers Targeting ICS/SCADA Systems with Specialized Malware

U.S. Warns of APT Hackers Targeting ICS/SCADA Systems with Specialized Malware

Apr 14, 2022
The U.S. government on Wednesday warned of nation-state actors deploying specialized malware to maintain access to industrial control systems (ICS) and supervisory control and data acquisition (SCADA) devices. "The APT actors have developed custom-made tools for targeting ICS/SCADA devices," multiple U.S. agencies  said  in an alert. "The tools enable them to scan for, compromise, and control affected devices once they have established initial access to the operational technology (OT) network." The joint federal advisory comes courtesy of the U.S. Department of Energy (DoE), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI). The custom-made tools are specifically designed to single out Schneider Electric programmable logic controllers (PLCs), OMRON Sysmac NEX PLCs, and Open Platform Communications Unified Architecture (OPC UA) servers. On top of that, the unnamed actors
CISA Warns of Active Exploitation of Critical Spring4Shell Vulnerability

CISA Warns of Active Exploitation of Critical Spring4Shell Vulnerability

Apr 05, 2022
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added the recently disclosed remote code execution (RCE) vulnerability affecting the Spring Framework, to its  Known Exploited Vulnerabilities Catalog  based on "evidence of active exploitation." The critical severity flaw, assigned the identifier  CVE-2022-22965  (CVSS score: 9.8) and dubbed "Spring4Shell", impacts Spring model–view–controller (MVC) and Spring WebFlux applications running on Java Development Kit 9 and later. "Exploitation requires an endpoint with DataBinder enabled (e.g., a POST request that decodes data from the request body automatically) and depends heavily on the servlet container for the application," Praetorian researchers Anthony Weems and Dallas Kaman noted last week. Although exact details of in-the-wild abuse remain unclear, information security company SecurityScorecard  said  "active scanning for this vulnerability has been observed coming fro
CISA Warns of Ongoing Cyber Attacks Targeting Internet-Connected UPS Devices

CISA Warns of Ongoing Cyber Attacks Targeting Internet-Connected UPS Devices

Mar 30, 2022
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Energy (DoE) are jointly warning of attacks against internet-connected uninterruptible power supply (UPS) devices by means of default usernames and passwords. "Organizations can mitigate attacks against their UPS devices, which provide emergency power in a variety of applications when normal power sources are lost, by removing management interfaces from the internet," the agencies  said  in a bulletin published Tuesday. UPS devices, in addition to offering power backups in mission-critical environments, are also equipped with an internet of things (IoT) capability, enabling the administrators to carry out power monitoring and routine maintenance. But as is often the case, such features can also open the door to malicious attacks. To mitigate against such threats, CISA and DoE are advising organizations to enumerate and disconnect all UPS systems from the internet and gate them behind a
FBI, CISA Warn of Russian Hackers Exploiting MFA and PrintNightmare Bug

FBI, CISA Warn of Russian Hackers Exploiting MFA and PrintNightmare Bug

Mar 16, 2022
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released a joint advisory warning that Russia-backed threat actors hacked the network of an unnamed non-governmental entity by exploiting a combination of flaws. "As early as May 2021, Russian state-sponsored cyber actors took advantage of a misconfigured account set to default [multi-factor authentication] protocols at a non-governmental organization (NGO), allowing them to enroll a new device for MFA and access the victim network," the agencies  said . "The actors then exploited a critical Windows Print Spooler vulnerability, 'PrintNightmare' ( CVE-2021-34527 ) to run arbitrary code with system privileges." The attack was pulled off by gaining initial access to the victim organization via compromised credentials – obtained by means of a brute-force password guessing attack – and enrolling a new device in the organization's  Duo MFA .
CISA Adds Another 95 Flaws to its Actively Exploited Vulnerabilities Catalog

CISA Adds Another 95 Flaws to its Actively Exploited Vulnerabilities Catalog

Mar 05, 2022
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week added 95 more security flaws to its  Known Exploited Vulnerabilities Catalog , taking the total number of actively exploited vulnerabilities to 478. "These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise," the agency  said  in an advisory published on March 3, 2022. Of the 95 newly added bugs, 38 relate to Cisco vulnerabilities, 27 for Microsoft, 16 for Adobe, seven impact Oracle, and one each corresponding to Apache Tomcat, ChakraCore, Exim, Mozilla Firefox, Linux Kernel, Siemens SIMATIC CP, and Treck TCP/IP stack. Included in the list are five issues discovered in Cisco RV routers, which CISA notes are being exploited in real-world attacks. The flaws, which  came to light  early last month, allow for the execution of arbitrary code with root privileges. Three of the vulnerabilities – CVE-2022-20699, CVE-2022-20
CISA adds recently disclosed Zimbra bug to its Exploited Vulnerabilities Catalog

CISA adds recently disclosed Zimbra bug to its Exploited Vulnerabilities Catalog

Mar 01, 2022
The U.S. Cybersecurity and Infrastructure Security Agency (CISA)  expanded  its Known Exploited Vulnerabilities Catalog to include a recently disclosed zero-day flaw in the Zimbra email platform citing evidence of active exploitation in the wild. Tracked as  CVE-2022-24682  (CVSS score: 6.1), the issue concerns a cross-site scripting (XSS) vulnerability in the Calendar feature in Zimbra Collaboration Suite that could be abused by an attacker to trick users into downloading arbitrary JavaScript code simply by clicking a link to exploit URLs in phishing messages. The Known Exploited Vulnerabilities Catalog is a  repository  of security flaws that have been seen abused by threat actors in attacks and that are required to be patched by Federal Civilian Executive Branch (FCEB) agencies. The vulnerability came to light on February 3, 2022, when cybersecurity firm Volexity  identified  a series of targeted spear-phishing campaigns aimed at European government and media entities that leve
CISA Warns of High-Severity Flaws in Schneider and GE Digital's SCADA Software

CISA Warns of High-Severity Flaws in Schneider and GE Digital's SCADA Software

Feb 28, 2022
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) last week published an industrial control system ( ICS ) advisory related to multiple vulnerabilities impacting Schneider Electric's  Easergy  medium voltage protection relays. "Successful exploitation of these vulnerabilities may disclose device credentials, cause a denial-of-service condition, device reboot, or allow an attacker to gain full control of the relay," the agency  said  in a bulletin on February 24, 2022. "This could result in loss of protection to your electrical network." The two high-severity weaknesses impact Easergy P3 versions prior to v30.205 and Easergy P5 versions before v01.401.101. Details of the flaws are as follows – CVE-2022-22722  (CVSS score: 7.5) – Use of hardcoded credentials that could be abused to observe and manipulate traffic associated with the device. CVE-2022-22723  and  CVE-2022-22725  (CVSS score: 8.8) – A buffer overflow vulnerability that could resu
CISA Alerts on Actively Exploited Flaws in Zabbix Network Monitoring Platform

CISA Alerts on Actively Exploited Flaws in Zabbix Network Monitoring Platform

Feb 24, 2022
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has  warned  of active exploitation of two security flaws impacting Zabbix open-source enterprise monitoring platform, adding them to its  Known Exploited Vulnerabilities Catalog . On top of that, CISA is also recommending that Federal Civilian Executive Branch (FCEB) agencies patch all systems against the vulnerabilities by March 8, 2022 to reduce their exposure to potential cyberattacks. Tracked as  CVE-2022-23131  (CVSS score: 9.8) and  CVE-2022-23134  (CVSS score: 5.3), the shortcomings could lead to the compromise of complete networks, enabling a malicious unauthenticated actor to escalate privileges and gain admin access to the Zabbix Frontend as well as make configuration changes. Thomas Chauchefoin from SonarSource has been credited with discovering and reporting the two flaws, which affect Zabbix Web Frontend versions up to and including 5.4.8, 5.0.18 and 4.0.36. The issues have since been addressed in vers
U.S. Cybersecurity Agency Publishes List of Free Security Tools and Services

U.S. Cybersecurity Agency Publishes List of Free Security Tools and Services

Feb 19, 2022
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday  published  a repository of free tools and services to enable organizations to mitigate, detect, and respond effectively to malicious attacks and further improve their security posture. The " Free Cybersecurity Services and Tools " resource hub comprises a mix of 101 services provided by CISA, open-source utilities, and other implements offered by private and public sector organizations across the cybersecurity community. "Many organizations, both public and private, are target rich and resource poor," CISA Director, Jen Easterly, said in a statement. "The resources on this list will help such organizations improve their security posture, which is particularly critical in the current heightened threat environment." The tools catalog is the latest in a string of initiatives launched by CISA to combat cyber threats and help organizations adopt foundational measures to maximize re
CISA Orders Federal Agencies to Patch Actively Exploited Windows Vulnerability

CISA Orders Federal Agencies to Patch Actively Exploited Windows Vulnerability

Feb 07, 2022
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is urging federal agencies to secure their systems against an actively exploited security vulnerability in Windows that could be abused to gain elevated permissions on affected hosts. To that end, the agency has added  CVE-2022-21882  (CVSS score: 7.0) to the  Known Exploited Vulnerabilities Catalog , necessitating that Federal Civilian Executive Branch (FCEB) agencies patch all systems against this vulnerability by February 18, 2022. "These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise," CISA  said  in an advisory published last week. CVE-2022-21882 , which has been tagged with an "Exploitation More Likely" exploitability index assessment, concerns a case of elevation of privilege vulnerability affecting the Win32k component. The bug was addressed by Microsoft as part of its January 2022  Patch Tu
FBI, NSA and CISA Warns of Russian Hackers Targeting Critical Infrastructure

FBI, NSA and CISA Warns of Russian Hackers Targeting Critical Infrastructure

Jan 12, 2022
Amid renewed tensions between the U.S. and Russia over  Ukraine  and  Kazakhstan , American cybersecurity and intelligence agencies on Tuesday released a joint advisory on how to detect, respond to, and mitigate cyberattacks orchestrated by Russian state-sponsored actors. To that end, the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and National Security Agency (NSA) have laid bare the tactics, techniques, and procedures (TTPs) adopted by the adversaries, including spear-phishing, brute-force, and  exploiting known vulnerabilities  to gain initial access to target networks. The list of flaws exploited by Russian hacking groups to gain an initial foothold, which the agencies said are "common but effective," are below — CVE-2018-13379  (FortiGate VPNs) CVE-2019-1653  (Cisco router) CVE-2019-2725  (Oracle WebLogic Server) CVE-2019-7609  (Kibana) CVE-2019-9670  (Zimbra software) CVE-2019-10149  (Exim Simple Mail Transf
Cybersecurity Resources