US CERT

CISA Adds One Known Exploited Vulnerability in Microsoft Sharepoint Server to Catalog

The vulnerability, tracked as CVE-2023-24955 (CVSS score: 7.2), is a critical remote code execution flaw that allows an authenticated attacker with Site Owner privileges to execute arbitrary code.

CISA Adds Three Known Exploited Vulnerabilities to its Catalog

This includes CVE-2023-48788 in Fortinet FortiClient EMS, CVE-2021-44529 in Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA), and CVE-2019-7256 in Nice Linear eMerge E3-Series.

US Agencies Warn of ALPHV/Blackcat Ransomware Threat to Healthcare Providers

ALPHV/Blackcat ransomware affiliates use advanced social engineering techniques and open-source research to gain initial access to victim networks, posing as IT or helpdesk staff to obtain credentials.

Russian SVR-Linked APT29 Threat Actors Adapt Their Tactics for Initial Cloud Access

The Russian Foreign Intelligence Service (SVR) cyber actors, also known as APT29 or Cozy Bear, have shifted their tactics to target cloud environments as organizations increasingly move to cloud-based infrastructure.

CISA Partners with OpenSSF to Release Principles for Package Repository Security Framework

This initiative aligns with CISA's Open Source Software Security Roadmap's objective of collaborating with relevant working groups to develop security principles for package managers.

Chinese State-Sponsored Actors Compromised and Maintained Persistent Access to U.S. Critical Infrastructure for Five Years

Volt Typhoon's tactics involve extensive pre-compromise reconnaissance, targeting of public-facing network appliances, exploitation of vulnerabilities, and use of living off the land (LOTL) techniques to maintain long-term undiscovered persistence.

US Agencies Warn of Androxgh0st Malware Botnet Stealing AWS, Microsoft credentials

Organizations are advised to implement mitigations such as keeping systems updated, securing cloud credentials, and scanning for unrecognized PHP files to reduce the risk of Androxgh0st infections.

FBI, CISA, and ACSC Release Joint Advisory on Play Ransomware

The Play ransomware group has been targeting businesses and critical infrastructure in North America, South America, and Europe since June 2022. They use a double-extortion model, encrypting systems after exfiltrating data.

Insights from the CISA Healthcare and Public Health Sector Risk and Vulnerability Assessment

The external assessment did not identify any significant vulnerabilities that would allow easy access to the organization's network, but the internal assessment revealed multiple weaknesses that led to domain compromise.

FBI, CISA, Treasury, and FinCEN Released Joint Advisory on Karakurt Data Extortion Group

Karakurt uses various tactics to steal data and extort victims for ransom. They contact victims' employees, business partners, and clients to pressure them into paying the ransom.

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags