CISA Issues Advisory for High-Severity Vulnerabilities in Fuji Electric HMI Products
Earlier this week, the US Cybersecurity and Infrastructure Security Agency (CISA) released an advisory informing industrial organizations that there is a critical flaw in SCADA/HMI products made by Fuji Electric, a Japanese electrical equipment company. This means that some organizations are facing a security threat due to potentially serious vulnerabilities.
SolarWinds Hackers “Impacting” State and Local Governments
The Cybersecurity and Infrastructure Security Agency (CISA) recently issued a warning regarding the impact of the recent SolarWinds Orion software government espionage campaign likely conducted by Russia. The hack consisted of Russian nation-state hackers compromising SolarWinds’s popular Orion software supply chain, effectively installing a backdoor into hundreds of high profile
CISA Warns About Iran’s Offensive Cyber Capabilities
The CISA recently issued a warning centered on the capabilities of Iranian hackers, advising companies to stay alert in terms of detecting suspicious activity. The alert states that Iran continues to engage in more conventional offensive cyber activities, such as website defacement, distributed denial of service attacks, information theft, destructive
The NSA Warns That Russia Is Attacking Remote Work Platforms
The COVID-19 pandemic has created a massive movement towards working from home, inadvertently also creating more opportunities for hackers. The National Security Agency (NSA) released an advisory warning that Russian-state sponsored hackers have been actively attacking a vulnerability in remote-work platforms developed by VMware. The agency also released a security
Think-Tanks Under Attack by Foreign APTs, CISA Warns
The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have issued a joint advisory warning of persistent cyberattacks targeting US think-tanks, with the goal of stealing intellectual property. The two agencies stated that they have witnessed an uptick in cyberattacks intentionally targeting think tanks, utilizing phishing and VPN exploit
Zerologon Attacks Against Microsoft DCs Snowball in a Week
Last week, the first active exploits of the Microsoft Zerologon vulnerability (CVE-2020-1472) were flagged. Now, just over a week later, threat actors are leveraging the bug to attempt to take over Active Directory identity services as security researchers observe a massive spike in the bug’s exploitation attempts. Researchers at Cisco
FBI says hackers want to stoke doubt about the 2020 election
Misinformation campaigns have plagued the US Presidental Elections for years, and on Monday the FBI and Cybersecurity and Infrastructure Agency (CISA) warned the public about the potential of foreign-produced disinformation aiming to cast doubt about the legitimacy of the upcoming election. Foreign actors may be trying to spread false claims
Federal Agency Compromised by Malicious Cyber Actor
The Cybersecurity and Infrastructure Security Agency (CISA) released an analysis report yesterday detailing a recent cyberattack on a federal agency’s network that was achieved through leveraging compromised employee credentials. The cyberattacker was then able to drop harmful and sophisticated malware onto the agency’s system. This malware was able to effectively
FBI and CISA Alert: Foreign Actors and Cybercriminals Likely to Spread Disinformation Regarding 2020 Election Results
Earlier this week, the FBI and Cybersecurity and Infrastructure Security Agency (CISA) issued an announcement to alert the public to the potential threat of foreign interference in reporting 2020 election results and disinformation campaigns. According to the government agencies, foreign actors and cybercriminals may create or alter websites, and share
Agencies Must Patch Zerologon Bug by Monday says US CISA
Earlier this week, the US Department of Homeland Security issued an emergency directive that calls for all civilian government agencies to patch a Windows vulnerability that has been categorized as high-risk. The bug, CVE-2020-1472, is a new form of a privilege bug that occurs when an attacker uses the Netlogon