The DHS CISA is requesting providers strengthen the security of operating systems, software, and firmware to “ensure robust vulnerability management and patching practices are in place given our current geo-political environment. These vulnerabilities carry significant risk to federal agencies as well as public and private sectors entities.
Threat Alerts Articles
Western intelligence agencies are investigating a cyberattack by unidentified hackers that disrupted broadband satellite internet access in Ukraine coinciding with Russia’s invasion, according to three people with direct knowledge of the incident.
Amid Russia’s invasion of Ukraine and escalating concerns about potential cyberattacks, the Senate last week unanimously approved a package of cybersecurity legislation that includes provisions that would require certain critical infrastructure owners and operators to promptly report cyber intrusions to DHS.
Everything needs to be replaced! Binarly’s security research lab has discovered 16 highly-severe vulnerabilities in its UEFI firmware affecting multiple enterprise products from HP including laptops, desktops, POS systems and edge computing nodes.
Kaspersky has been tracking deployments of the spyware known as FinSpy (also known as FinFisher or Wingbird) since 2011. This infamous surveillance toolset has been historically implanted through a single-stage installer on Windows machines. Recently the Kapersky team reported several findings that focused on suspicious installers of legitimate applications that had been backdoored with a relatively small obfuscated downloader. Read more about their investigation and findings below.
New phone cable mimicking an Apple lightning cable is now on sale that can record anything users type and send the data to a hacker up to one mile away. O.MG cables were produced by a security researcher and sell for $140. Users are encouraged to be wary when borrowing an unknown charging cord.
Deep Dive on 2015 Juniper Networks Breach Shows How Government Struggles to Control its Vulnerabilities
Its been six years since the Juniper Networks Christmas supply chain hack that opened a backdoor that exposed highly sensitive US telecommunications and military agencies to spying. Although details remain scant as to how and why this all went down, Bloomberg news has recently uncovered why Juniper used the NSA algotithm in the first place and who may have been behind the attack.
The Russian group dubbed “DarkSide” deployed a ransomware attack to the major pipeline supporting the US fuel supply this week, cutting off the entire fuel supply to the US East coast. The attack, dubbed one of the most disruptive digital ransom operations ever, is prompting a wake-up call across the country about the vulnerability of critical infrastructure to cyber warfare.
CISA is aware of ongoing exploitation of Ivanti Pulse Connect Secure vulnerabilities compromising U.S. government agencies, critical infrastructure entities, and private sector organizations.