Unnamed Federal Agency Compromised by Malicious Cyber Actor
The Cybersecurity and Infrastructure Security Agency (CISA) responded to a recent threat actor’s cyberattack on a federal agency’s enterprise network. Keep Reading
Election Security
FBI, CISA: Cyber Threats to Voting Process Could Slow But Not Prevent Voting
The FBI and CISA have not identified any incidents, to date, capable of preventing Americans from voting or changing vote tallies for the 2020 Elections. Any attempts tracked by FBI and CISA have remained localized and were blocked, minimal, or easily mitigated. Keep Reading
CISA Issues Alert on LokiBot Malware
LokiBot uses a credential- and information-stealing malware, often sent as a malicious attachment and known for being simple, yet effective, making it an attractive tool for a broad range of cyber actors. Keep Reading
Election Security
FBI, CISA Warn Foreign Actors and Cybercriminals Likely to Spread Disinformation Regarding 2020 Election Results
Intent is to spread false information in an attempt to discredit the electoral process and undermine confidence in U.S. democratic institutions. Keep Reading
Drupal Releases Security Updates
Drupal has released security updates to address vulnerabilities in Drupal 7.x, 8.8.x, 8.9.x, and 9.0.x. An attacker could exploit some of these vulnerabilities to obtain sensitive information or leverage the way HTML is rendered. Keep Reading
Samba Releases Security Update for CVE-2020-1472
The Samba Team has released a security update to address a critical vulnerability—CVE-2020-1472—in multiple versions of Samba. This vulnerability could allow a remote attacker to take control of an affected system. Keep Reading
CISA Releases Emergency Directive on Microsoft Windows Netlogon Remote Protocol
An unauthenticated attacker with network access to a domain controller could exploit this vulnerability to compromise all Active Directory identity services. Keep Reading
Wray Details FBI Strategy to ‘Impose Risk and Consequences on Cyber Adversaries’
Wray that relationships with other federal agencies, other nations, and the private sector will be critical to the strategy as the FBI will "not only pursue our own actions," but "enable our partners to defend networks, attribute malicious activity, sanction bad behavior, and take the fight to our adversaries overseas." Keep Reading
Chinese Government-Affiliated Malicious Cyber Actors Targeting U.S. Government Agencies
The Cybersecurity and Infrastructure Security Agency (CISA) has consistently observed Chinese Ministry of State Security (MSS)-affiliated cyber threat actors using publicly available information sources and common, well-known tactics, techniques, and procedures (TTPs) to target U.S. Government agencies. Keep Reading
Election Security
CISA Insights: Actions to Counter Email-Based Attacks on Elections-Related Entities
Malicious cyber actors have been known to use sophisticated phishing operations to target political parties and campaigns, think tanks, civic organizations, and associated individuals. Keep Reading
State of the Homeland Address: Wolf Focuses on ‘Operational Flexibility,’ Protest Response
He criticized "a vocal and ill-informed minority" that "has clamored to paint recent DHS actions as examples of mission drift." Keep Reading
DoS and DDoS Attacks Against Multiple Sectors
The Cybersecurity and Infrastructure Security Agency (CISA) is aware of open-source reporting of targeted denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks against finance and business organizations worldwide. Keep Reading
National Preparedness Month
DHS Prep for EMP Includes Upcoming FEMA Exercise, Possible Program Office
"As funding becomes available" S&T, in coordination with CISA, will conduct vulnerability testing for electromagnetic pulse. Keep Reading
CISA Issues Final Vulnerability Disclosure Policy Directive for Federal Agencies
This BOD is part of CISA’s agency-wide priority to make 2020 the “year of vulnerability management,” with a particular focus on making vulnerability disclosure to the civilian executive branch easier for the public. Keep Reading
Five Eyes Countries Release Joint Guidance for Spotting, Responding to Malicious Cyber Activity
The guide covers technical approaches to uncover malicious activity, recommended artifact and information collection, common mistakes in incident handling, mitigation measures, and general recommendations and best practices prior to an incident. Keep Reading
Cisco Releases Security Advisory for DVMRP Vulnerability in IOS XR Software
A remote attacker could exploit this vulnerability to exhaust process memory of an affected device. This vulnerability was detected in exploits in the wild. Keep Reading
Insider Threat Month
National Insider Threat Awareness Month 2020: Resilience
September is National Insider Threat Awareness Month (NIATM), which is a collaborative effort that will focus on “Resilience” by promoting personal and organizational resilience to mitigate risks posed by insider threats. Keep Reading
Brian Harrell Joins AVANGRID as Company’s VP and Chief Security Officer
Harrell was assistant director for infrastructure at the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency when he submitted his resignation to President Trump on Aug. 20 Keep Reading
CISA, Treasury, FBI and USCYBERCOM Release Cyber Alert on Latest North Korea Bank Robbing Scheme
The joint alert provides important, new details about the resumption of a North Korean cyber-enabled bank robbery scheme targeting banks in multiple countries to initiate fraudulent international money transfers and ATM cash outs. Keep Reading
CISA’s John Felker Announces Retirement
John Felker, an instrumental player in building the Cybersecurity and Infrastructure Security Agency (CISA) mission, has announced that he plans to retire on September 25. Keep Reading