Tag: CISA

CISA Warns of Actively Exploited Apache Flink Security Vulnerability
News

CISA Warns of Actively Exploited Apache Flink Security Vulnerability

A security issue affecting Apache Flink, an open-source, unified stream-processing and batch-processing framework, was added to the Known Exploited Vulnerabilities (KEV) database on Thursday by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), citing evidence of active exploitation. Under incorrect access control, any file on the local filesystem of the JobManager could be accessed by an attacker via its REST interface. This problem is being tracked as CVE-2020-17519. Additionally, this implies that a remote, unauthenticated attacker can submit a carefully constructed directory traversal request that would provide unwanted access to private data read more CISA Warns of Actively Exploited Apache Flink Security Vulnerability. Get up to date on the latest cybersecuri...
NextGen Healthcare Mirth Connect Under Attack CISA Issues Urgent Warning
News

NextGen Healthcare Mirth Connect Under Attack CISA Issues Urgent Warning

Citing evidence of active exploitation, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a security hole affecting NextGen Healthcare Mirth Connect to its list of known exploited vulnerabilities (KEV) on Monday. The vulnerability, identified as CVE-2023-43208 (CVSS score: N/A), pertains to an instance of unapproved remote code execution that results from an insufficient fix for another significant vulnerability, CVE-2023-37679 (CVSS score: 9.8). The vulnerability was initially made public by Horizon3.ai in late October 2023. This January, the company posted a proof-of-concept (PoC) exploit along with other technical details. Healthcare organizations frequently employ Mirth Connect, an open-source data integration platform that enables standardized data inter...
CISA: Black Basta ransomware breached over 500 orgs worldwide
News

CISA: Black Basta ransomware breached over 500 orgs worldwide

CISA and the FBI said today that between April 2022 and May 2024, associates of the Black Basta ransomware compromised over 500 businesses. The gang also encrypted and stole data from at least 12 out of 16 critical infrastructure sectors, according to a joint report released by the Department of Health and Human Services (HHS) and the Multi-State Information Sharing and Analysis Center (MS-ISAC). According to CISA, affiliates of Black Basta have attacked more than 500 private sector and critical infrastructure companies, including hospitals, across North America, Europe, and Australia. In April 2022, Black Basta became known as a ransomware-as-a-service (RaaS) operation Since then, a number of well-known victims have been compromised by its affiliates read more Black Basta ransom...
CISA makes its “Malware Next-Gen” analysis system publicly available
News

CISA makes its “Malware Next-Gen” analysis system publicly available

After releasing a new version of "Malware Next-Gen," the U.S. Cybersecurity and Infrastructure Security Agency (CISA) is now accepting malware samples from the general public for analysis. A malware analysis tool called Malware Next-Gen looks for questionable artifacts in malware samples. Initially, it was intended to enable suspicious files to be sent to U.S. federal, state, local, tribal, and territorial government agencies for automated malware detection using static and dynamic analysis technologies. A new version of the system that enables any organization or individual to contribute files to the system was published by CISA yesterday. A new version of our malware analysis system, named Malware Next-Gen, has been released by the Cybersecurity and Infrastructure Security Agen...
CISA and OpenSSF Release Framework for Package Repository Security
News

CISA and OpenSSF Release Framework for Package Repository Security

A new framework for securing package repositories will be published by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) in collaboration with the Open Source Security Foundation (OpenSSF) Securing Software Repositories Working Group. The methodology, known as the Principles for Package Repository Security, attempts to further fortify open-source software ecosystems by laying out a set of fundamental guidelines for package administrators. According to OpenSSF, package repositories play a crucial role in the open-source ecosystem by assisting in the mitigation or prevention of such assaults. Robust security gains can result from even little steps read more CISA and OpenSSF Release Framework for Package Repository Security. Get up to date on the latest cybersecurity ...
CISA pushes federal agencies to patch Citrix RCE within a week
News

CISA pushes federal agencies to patch Citrix RCE within a week

In addition to demanding that a Citrix RCE flaw be fixed within a week, CISA today mandated that U.S. federal entities safeguard their systems against three newly patched Citrix NetScaler and Google Chrome zero-days that are actively being used in attacks. According to the cybersecurity agency, these vulnerabilities are "frequent attack vectors for malicious cyber actors" and provide "significant risks to the federal enterprise." It has added the holes to its list of known exploited vulnerabilities. On Tuesday, Citrix advised users to patch their Netscaler ADC and Gateway appliances that are exposed to the Internet right away. These appliances are vulnerable to denial-of-service attacks and remote code execution via the CVE-2023-6548 code injection vulnerability read more CISA pushe...
FBI: Androxgh0st malware botnet steals AWS and Microsoft credentials
News

FBI: Androxgh0st malware botnet steals AWS and Microsoft credentials

Threat actors utilizing the Androxgh0st virus are constructing a botnet aimed at stealing cloud credentials and exploiting the obtained data to distribute further malicious payloads, according to a warning issued today by CISA and the FBI. The botnet, which was first discovered by Lacework Labs in 2022, searches for websites and servers that have remote code execution (RCE) vulnerabilities by utilizing versions of the PHPUnit unit testing framework, PHP web framework, and Apache web server. CVE-2017-9841 (PHPUnit), CVE-2021-41773 (Apache HTTP Server), and CVE-2018-15133 (Laravel) are among the RCE weaknesses targeted by these attacks. The two agencies warned that Androxgh0st is a Python-scripted malware that is mainly used to target.env files that contain sensitive data read more...
CISA Urges Manufacturers Eliminate Default Passwords to Thwart Cyber Threats
News

CISA Urges Manufacturers Eliminate Default Passwords to Thwart Cyber Threats

Manufacturers are being urged by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to completely remove default passwords from systems that are exposed to the internet. The agency cites serious dangers that might be used by hostile actors to obtain initial access to an organization and move laterally within it. The CIA denounced Iranian threat actors connected to the Islamic Revolutionary Guard Corps (IRGC) in a warning released last week for using operational technology devices that have default passwords to access vital infrastructure systems in the United States. Default passwords are the factory default software configurations for embedded systems, appliances, and devices that are similar across all systems in a vendor's product range read more CISA Urges Manufact...
CISA, FBI urge admins to patch Atlassian Confluence immediately
News

CISA, FBI urge admins to patch Atlassian Confluence immediately

Network administrators were alerted today by CISA, FBI, and MS-ISAC to patch their Atlassian Confluence servers right away to prevent attacks that actively take advantage of a maximum severity vulnerability. This major privilege escalation problem, tracked as CVE-2023-22515, affects Confluence Data Center and Server 8.0.0 and later. Low-complexity attacks that don't require user input can remotely exploit it. Atlassian urged users to update their Confluence instances as quickly as possible to one of the corrected versions (i.e., 8.3.3 or later, 8.4.3 or later, or 8.5.2 or later) when it provided security patches on October 4. This was because the flaw had already been exploited in the wild as a zero-day. It was advised for those who were unable to upgrade to either terminate the ...
CISA warns of critical Apache RocketMQ bug exploited in attacks
News

CISA warns of critical Apache RocketMQ bug exploited in attacks

A significant vulnerability, listed as CVE-2023-33246, that affects Apache's RocketMQ distributed messaging and streaming platform has been added to the U.S. Cybersecurity and Infrastructure Security Agency's (CISA) list of known exploited vulnerabilities (KEV). Several threat actors may now be using the flaw to install different payloads on affected systems (RocketMQ versions 5.1.0 and below). Without authentication, the vulnerability may be exploited, and DreamBus botnet operators have been using it to deploy a Monero cryptocurrency miner in the wild since at least June read more CISA warns of critical Apache RocketMQ bug exploited in attacks. Stay informed with the best cybersecurity news and raise your cybersecurity awareness with our comprehensive coverage of the latest thre...