CISA Archives - Page 5 of 6

DHS issues new emergency guidance on SolarWinds Orion Code compromise

Cybersecurity Articles, Cybersecurity Attacks, Data Breach, Security Updates & Patches, Third-Party Security / Frank Crast / December 30, 2020 / CISA, CVE-2020-10148, DHS, malware, SolarWinds, Sunburst, Supernova, Zero-day

The Department of Homeland Security (DHS) has issued new emergency guidance on the SolarWinds Orion Code compromise and supply chain vulnerability.

DHS issues new emergency guidance on SolarWinds Orion Code compromise Read More »

CISA: Threat actors behind SolarWinds hack pose ‘grave risk’ (updated)

Cloud Security, Configuration Management, Cybersecurity Attacks, Data Breach, Malware, Security Updates & Patches, Third-Party Security, Vulnerabilities & Exploits / Frank Crast / December 19, 2020 / APT, CISA, Cisco, Emergency Directive, Equifax, FireEye, Microsoft, NNSA, NSA, Nuclear, SolarWinds, Sunburst, Supply Chain, Symantec, Teardrop, UNC2452

The Cybersecurity and Infrastructure Security Agency (CISA) has warned the recent compromise by threat actors of SolarWinds poses a ‘grave risk’ to critical infrastructure, government and private sector organizations.

CISA: Threat actors behind SolarWinds hack pose ‘grave risk’ (updated) Read More »

Hackers target 50K vulnerable Fortinet devices to steal passwords

Cybersecurity Attacks, Network Security, Password Management, Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / November 27, 2020 / CISA, CVE-2018-13379, Fortinet, FortiOS, VPN

Cybersecurity experts are warning hackers are targeting nearly 50,000 vulnerable unpatched Fortinet VPNs to steal passwords.

Hackers target 50K vulnerable Fortinet devices to steal passwords Read More »

Ryuk ransomware and Trickbot operators target U.S. hospitals and healthcare providers

Cybersecurity Attacks, Malware / Frank Crast / October 29, 2020 / banking, CISA, COVID-19, Emotet, FBI, healthcare, HHS, HPH, Ransomware, Ryuk, Trickbot, Trojan

According to U.S. government cybersecurity experts, Ryuk ransomware and Trickbot operators are targeting U.S. hospitals and healthcare providers.

Ryuk ransomware and Trickbot operators target U.S. hospitals and healthcare providers Read More »

APT actors exploit legacy internet-facing vulnerabilities in combination with Zerologon to target organizations

Cybersecurity Articles, Cybersecurity Attacks, Vulnerabilities & Exploits / Frank Crast / October 10, 2020 / BIG-IP, CISA, Citrix, CVE-2018-13379, CVE-2019-11510, CVE-2019-19781, CVE-2020-1472, CVE-2020-15505, CVE-2020-2021, CVE-2020-5902, F5, FortiGuard, FortiOS, MobileIron, Netscaler, Palo Alto Networks, Pulse Secure, Zerologon

Advanced persistent threat actors (APTs) are exploiting multiple legacy vulnerabilities in combination with newer “Zerologon” to target government networks, critical infrastructure, and elections organizations.

APT actors exploit legacy internet-facing vulnerabilities in combination with Zerologon to target organizations Read More »

SlothfulMedia: new malware variant used by “sophisticated actors”

Malware / Frank Crast / October 2, 2020 / C2, CISA, CNMF, DOD, mediaplayer, RAT, SlothfulMedia

Security experts warned of a new malware variant dubbed SlothfulMedia has been used by a “sophisticated cyber actor.”

SlothfulMedia: new malware variant used by “sophisticated actors” Read More »

BeagleBoyz cybercriminals launch “FASTCash 2.0” to rob banks

Cybersecurity Articles, Cybersecurity Attacks, Malware, Network Security, Security Monitoring, System Hardening / Frank Crast / August 29, 2020 / ATM, banking, BeagleBoyz, CISA, CROWDEDFLOUNDER, EccentricBandwagon, ElectricFish, FASTCash, FBI, Finance, HOPLIGHT, IOC, Treasury

North Korea’s BeagleBoyz cybercriminals have launched an automated teller machine (ATM) cash-out scheme, known as FASTCash 2.0. Cyber experts from the U.S. government have detected the cyber activity over the past five years that led to nearly $2B loss to financial institutions around the world.

BeagleBoyz cybercriminals launch “FASTCash 2.0” to rob banks Read More »

QSnatch malware targets QNAP NAS devices

Cybersecurity Attacks, Internet of Things (IoT), Malware, Vulnerabilities & Exploits / Frank Crast / July 27, 2020 / CISA, NAS, NCSC, QNAP, QSnatch, storage

Cyber criminals are using QSnatch malware to target vulnerable QNAP Network Attached Storage (NAS) devices.

QSnatch malware targets QNAP NAS devices Read More »

FBI and CISA warning of Chinese targeting COVID-19 research organizations

Cybersecurity Attacks, Password Management, Vulnerabilities & Exploits / Frank Crast / May 15, 2020 / CISA, Coronavirus, COVID-19, DHS, FBI, healthcare, Medical

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) issued a warning of likely targeting and compromise of U.S. COVID-19 research organizations by the People’s Republic of China (PRC).

FBI and CISA warning of Chinese targeting COVID-19 research organizations Read More »

Alert: Threat actors continue to exploit patched Pulse Secure VPN devices

Identity & Access Management, Network Security, Password Management, Vulnerabilities & Exploits / Frank Crast / April 17, 2020 / Active Directory, CISA, CVE-2019-11510, DHS, Juniper, passwords, Pulse Secure, VPN

Organizations that are running Pulse Security VPN devices may still be at risk of being exploited, even if previously patched, according to a new Department of Homeland Security (DHS) advisory. The risk is elevated if an actor previously exploited CVE-2019-11510 and stole AD credentials from the victim organization.

Alert: Threat actors continue to exploit patched Pulse Secure VPN devices Read More »