On June 2, 2022, CISA (the Cybersecurity and Infrastructure Security Agency), the FBI, the Department of the Treasury and the Financial Crimes Enforcement Network issued a joint Cybersecurity Alert warning companies of the Karakurt Team/Karakurt Lair extortion group, which has “employed a variety of tactics, techniques, and procedures (TTPs), creating significant challenges for defense and
CISA
CISA Adds 21 Known Vulnerabilities to Catalog
The Cybersecurity & Infrastructure Security Agency (CISA) added 21 new vulnerabilities to its Known Exploited Vulnerabilities Catalog on May 23, 2022, due to active exploitation by cyber criminals. The vulnerabilities are a “frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.”
Although the alert is directed at federal agencies…
Joint Cyber Alert Urges Organizations to Patch Known Vulnerabilities
As we have pointed out before, it is cumbersome yet critical, to patch vulnerabilities on a timely basis. Cyber-attackers move swiftly to take advantage of known vulnerabilities and are aware of the challenges organizations have in closing those doors.
The Cybersecurity and Infrastructure Security Agency (CISA), along with its counterparts in other countries, issued a…
Intelligence Points to Likely Russian Attacks on Critical Infrastructure
The cybersecurity authorities of the United States (including CISA, FBI, NSA and DOE), Australia, Canada, New Zealand, and the United Kingdom released a joint Cybersecurity Advisory (CSA) on April 20, 2022, “to warn organizations that Russia’s invasion of Ukraine could expose organizations both within and beyond the region to increased malicious cyber activity.”
According to…
CISA/FBI Advisory Warns of Destructive Malware Used Against Ukraine
The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI issued a joint advisory this week alerting organizations of destructive malware that is being used to target organizations in Ukraine, with the ongoing warnings of increased cyber-attacks against U.S. organizations.
The malware, WhisperGate and HermeticWiper, is used to “destroy computer systems and render them inoperable.”…
FREE (Yes, FREE!) Cybersecurity Services + Tools from CISA
Organizations often struggle with budgeting for cybersecurity risk and mitigation. It’s hard to see the return on investment for prevention of things that attack the company through the clouds.
It is rare that help comes in the form of FREE services and tools offered by the federal government. The Cybersecurity & Infrastructure Security Agency (CISA)…
CISA Warns “Every Organization” in U.S. to Assess + Respond to Cyber Risks
The Cybersecurity & Infrastructure Security Agency (CISA) recently issued another warning to “every organization” in the U.S. about cybersecurity risks during the ongoing escalation of tension between the U.S. and Russia over Ukraine.
According to the CISA Insights publication entitled “Implement Cybersecurity Measures Now to Protect Against Potential Critical Threats,” “public and private entities in…
Tensions with Russia Prompt CISA Warning to Critical Infrastructure
The Cybersecurity & Infrastructure Security Agency (CISA), in tandem with the FBI and National Security Agency, issued a Cybersecurity Advisory on January 22, 2022, to warn organizations, and especially critical infrastructure operators, to be on heightened alert that Russian state-sponsored cyber operations may again use the tensions with the U.S. to attack U.S. companies.
The…
Joint CISA/FBI Alert on Vulnerability in Zoho ManageEngine ServiceDesk Plus
On December 6, 2021, the Cybersecurity & Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) updated a previously issued Alert entitled APT Actors Exploiting CVE-2021-44077 in Zoho ManageEngine ServiceDesk Plus. According to the Alert, the newly-identified vulnerability is being actively exploited by advanced persistent threat actors and is considered critical.
The vulnerability…
CISA + FBI Remind Organizations to “Stay Vigilant” During Holiday Season
The Cybersecurity & Infrastructure Security Agency (CISA) and the FBI issued a joint Alert this week, entitled “Reminder for Critical Infrastructure to Stay Vigilant Against Threats During Holidays and Weekends” outlining “actions that executives, leaders and workers in any organization can take proactively to protect themselves against cyberattacks, including possible ransomware attacks, during the upcoming…