The Cybersecurity and Infrastructure Security Agency (CISA), along with the Federal Bureau of Investigation (FBI), the National Security Agency, and other international partners, issued an Alert on September 5, 2024, warning that cyber actors affiliated with the Russian military are targeting critical infrastructure, government services, financial services, transportation systems, energy, and healthcare sectors of NATO
Members of International Sextortion Ring Charged for Stealing $2M From Victims
According to the FBI, it has “seen a huge increase in the number of cases involving children and teens being threatened and coerced into sending explicit images online,” also known as sextortion.
In some cases, the criminal will threaten the teen that they have a revealing picture or video and that they will share…
CISA, FBI + DC3 Alert Warns of Iran-Based Ransomware Attacks
The Cybersecurity & Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and the Department of Defense Cyber Crime Center (DC3) issued a joint alert on August 28, 2024, warning U.S.-based organizations that cyber actors, “known in the private sector as Pioneer Kitten, UNC757, Parisite, Rubidium, and Lemon Sandstorm,” are targeting and exploiting U.S. organizations…
Columbus, Ohio Hit with Ransomware Attack
The city of Columbus, Ohio, announced on May 29, 2024, that it was forced to take its systems offline due to a ransomware attack. According to its notice, the attack was perpetrated by “an established, sophisticated threat actor operating overseas,” and that it was working with law enforcement to investigate the incident.
According to…
CISA Issues Advisory on Black Basta Ransomware
On May 10, 2024, CISA, along with the FBI, HHS, and MS-ISAC, issued a joint Cybersecurity Advisory relating to Black Basta ransomware affiliates “that have targeted over 500 private industry and critical infrastructure entities, including healthcare organizations, in North America, Europe, and Australia.”
The Black Basta Advisory provides information on how the threat actors gain…
Aid Package Signed by President Biden Includes Divestiture of TikTok Requirement
President Biden signed a historical aid package into law on Tuesday that includes aid for Ukraine, Israel, and the Indo-Pacific region. The package also includes a bill increasing sanctions on Russian assets and requiring TikTok owner ByteDance to sell TikTok within 270 days or risk that the app will not be available through app stores…
Joint Guidance Published by Five Eyes on Deploying AI Systems Securely
On April 15, 2024, the National Security Agency’s Artificial Intelligence Security Center published guidance on “Deploying AI Systems Securely,” together with CISA, the FBI, the Australian Cyber Security Centre, the Canadian Centre for Cyber Security, the New Zealand National Cyber Security Centre and the UK’s National Cyber Security Centre (a/k/a the Five Eyes).
The Cybersecurity…
CISA, FBI + MS-ISAC Issue Warning on Phobos Ransomware
To help organizations protect against ransomware, CISA, the FBI, and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released a cybersecurity advisory warning organizations about the Phobos ransomware, and provided indicators of compromise and tactics, techniques, and procedures used by Phobos as recently as February.
According to the advisory, Phobos has been attacking “municipal and…
CISA and FBI Issue Cybersecurity Guidance for the Use of Chinese-Manufactured Drones
Last week, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) released Cybersecurity Guidance: Chinese-Manufactured Unmanned Aircraft Systems (UAS), which outlines the risks and threats posed by Chinese-manufactured unmanned aerial systems (UAS or drones) and provides cybersecurity safeguards to reduce these risks to networks and sensitive data.
The biggest issue:…
Urgent Joint Cybersecurity Advisory on Atlassian Vulnerability Issued
The Cybersecurity & Infrastructure Security Agency (CISA), FBI, and MS-ISAC recently released an urgent Joint Advisory on the Atlassian Confluence Vulnerability CVE-2023-22515.
According to the Alert, “this critical vulnerability affects certain versions of Atlassian Confluence Data Center and Server, enabling malicious threat actors to obtain initial access to Confluence instances by creating unauthorized Confluence administrator…