December 19, 2023 at 01:22PM The FBI and CISA released a joint Cybersecurity Advisory (CSA) to share known IOCs and TTPs linked to the ALPHV Blackcat ransomware. The advisory warns organizations of evolving tactics used by the threat actors, including advanced social engineering and remote access software deployment. It also provides mitigations and incident response … Read more
December 19, 2023 at 06:03AM CISA, FBI, and ACSC have issued an advisory on Play ransomware, detailing its tactics, targets, and impact. The ransomware gang uses double-extortion tactics, exploits various vulnerabilities for access, and encrypts victim data. The advisory includes indicators of compromise, mitigation steps, and recommends testing security controls against the threat behaviors outlined … Read more
December 18, 2023 at 11:09AM The cybersecurity agency CISA advises manufacturers to cease using default passwords for industrial control systems (ICS) in the water sector due to recent attacks. It recommends implementing safe default behavior, eliminating widely known default passwords, and conducting field tests to ensure secure product usage. Executives are urged to drive security … Read more
December 18, 2023 at 10:37AM A joint CSA from the FBI, CISA, and ASD’s ACSC provides IOCs and TTPs of the Play ransomware group impacting businesses in North and South America and Europe. The group employs a double-extortion model, encrypting systems after exfiltrating data. Recommendations include multifactor authentication, offline backups, and system updates to mitigate … Read more
December 18, 2023 at 01:24AM The U.S. CISA stresses eliminating default passwords on internet-exposed systems due to severe risks exploited by Iranian threat actors. Mitigation measures include utilizing unique setup passwords or enabling multi-factor authentication. CISA advises strong passwords, network segregation, and encryption to enhance security. Additionally, recommendations for hardening software supply chains have been … Read more
December 15, 2023 at 02:06PM The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned against the use of default passwords in technology products due to the potential security risks. They recommended alternatives such as unique setup passwords, time-limited passwords, and mandating physical access for initial setup. CISA stressed that relying on customers to change passwords … Read more
December 15, 2023 at 11:49AM In January 2023, the Cybersecurity and Infrastructure Security Agency (CISA) conducted a Risk and Vulnerability Assessment (RVA) for a Healthcare and Public Health (HPH) organization. The RVA included web application, phishing, penetration, database, and wireless assessments. While no significant external vulnerabilities were identified, the internal testing revealed multiple misconfigurations and … Read more
December 14, 2023 at 01:06PM Attackers breached Idaho National Laboratory’s (INL) Oracle HCM HR management platform, compromising data of 45,047 individuals including employees, dependents, and spouses. The breach included sensitive personal information, such as social security numbers and banking details, but did not affect the lab’s network. A hacking group claimed responsibility and leaked the … Read more
December 14, 2023 at 05:03AM The FBI, CISA, and other US government agencies have issued a security advisory about the Karakurt extortion gang, notorious for using harassment and IT exploitation to demand ransoms ranging from $25,000 to $13 million in Bitcoin. The gang uses various tactics and tools to exfiltrate massive amounts of data, with … Read more
December 13, 2023 at 11:59AM Summary: The FBI, CISA, NSA, SKW, CERT Polska, and NCSC released a report assessing Russian SVR cyber actors exploiting CVE-2023-42793 to target servers hosting JetBrains TeamCity software globally. The report provides IOCs and mitigations to assist organizations in detecting and countering these malicious actions. SVR cyber activity poses a persistent … Read more