The DHS CISA is requesting providers strengthen the security of operating systems, software, and firmware to “ensure robust vulnerability management and patching practices are in place given our current geo-political environment. These vulnerabilities carry significant risk to federal agencies as well as public and private sectors entities.
Threat Alerts Articles
US Spy Agency Probes Sabotage of Satellite Internet During Russian Invasion
Western intelligence agencies are investigating a cyberattack by unidentified hackers that disrupted broadband satellite internet access in Ukraine coinciding with Russia’s invasion, according to three people with direct knowledge of the incident.
Report: Senate Approves New Cyber Incident Reporting Rules
Amid Russia’s invasion of Ukraine and escalating concerns about potential cyberattacks, the Senate last week unanimously approved a package of cybersecurity legislation that includes provisions that would require certain critical infrastructure owners and operators to promptly report cyber intrusions to DHS.
16 High Impact Vulnerabilities Discovered in HP Devices
Everything needs to be replaced! Binarly’s security research lab has discovered 16 highly-severe vulnerabilities in its UEFI firmware affecting multiple enterprise products from HP including laptops, desktops, POS systems and edge computing nodes.
Kapersky Discovers New UEFI Firmware Boot Kit for FinSpy Spyware
Kaspersky has been tracking deployments of the spyware known as FinSpy (also known as FinFisher or Wingbird) since 2011. This infamous surveillance toolset has been historically implanted through a single-stage installer on Windows machines. Recently the Kapersky team reported several findings that focused on suspicious installers of legitimate applications that had been backdoored with a relatively small obfuscated downloader. Read more about their investigation and findings below.
New iPhone Cable Gives Hackers Access to Passwords up to 1 Mile Away
New phone cable mimicking an Apple lightning cable is now on sale that can record anything users type and send the data to a hacker up to one mile away. O.MG cables were produced by a security researcher and sell for $140. Users are encouraged to be wary when borrowing an unknown charging cord.
Deep Dive on 2015 Juniper Networks Breach Shows How Government Struggles to Control its Vulnerabilities
Its been six years since the Juniper Networks Christmas supply chain hack that opened a backdoor that exposed highly sensitive US telecommunications and military agencies to spying. Although details remain scant as to how and why this all went down, Bloomberg news has recently uncovered why Juniper used the NSA algotithm in the first place and who may have been behind the attack.
Pipeline Cyber Attack Blocks Fuel Supply Across US East Coast
The Russian group dubbed “DarkSide” deployed a ransomware attack to the major pipeline supporting the US fuel supply this week, cutting off the entire fuel supply to the US East coast. The attack, dubbed one of the most disruptive digital ransom operations ever, is prompting a wake-up call across the country about the vulnerability of critical infrastructure to cyber warfare.
CISA Releases Alert on Exploitation of Pulse Connect Secure Vulnerabilities
CISA is aware of ongoing exploitation of Ivanti Pulse Connect Secure vulnerabilities compromising U.S. government agencies, critical infrastructure entities, and private sector organizations.