HiatusRAT Actors Targeting Web Cameras and DVRs Full Text
The Federal Bureau of Investigation (FBI) is releasing this Private Industry Notification (PIN) to highlight HiatusRAT1 scanning campaigns against Chinese-branded web cameras and DVRs. Private sector partners are encouraged to implement the recommendations listed in the “Mitigation” column of the table below to reduce the likelihood and impact of these attack campaigns.
December 16, 2024 - CISA
CISA Adds Two Known Exploited Vulnerabilities to Catalog Full Text
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-20767 Adobe ColdFusion Improper Access Control Vulnerability CVE-2024-35250 Microsoft Windows Kernel-Mode Driver Untrusted Pointer Dereference Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
December 12, 2024 - FTC
New FTC Data Show Skyrocketing Consumer Reports About Game-Like Online Job Scams Full Text
New Federal Trade Commission complaint data show a sharp spike in online job scams that require consumers to repeat sets of tasks, which tracks closely with an increase in reported losses to job scams overall.
December 4, 2024 - CISA, NSA, FBI, ACSC, CCCS, NCSC-NZ
Enhanced Visibility and Hardening Guidance for Communications Infrastructure Full Text
The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), Australian Signals Directorate’s (ASD’s) Australian Cyber Security Centre (ACSC), Canadian Cyber Security Centre (CCCS), and New Zealand’s National Cyber Security Centre (NCSC-NZ) warn that People’s Republic of China (PRC)-affiliated threat actors compromised networks of major global telecommunications providers to conduct a broad and significant cyber espionage campaign. The authoring agencies are releasing this guide to highlight this threat and provide network engineers and defenders of communications infrastructure with best practices to strengthen their visibility and harden their network devices against successful exploitation carried out by PRC-affiliated and other malicious cyber actors. Although tailored to network defenders and engineers of communications infrastructure, this guide may also apply to organizations with on-premises enterprise equipment. The authoring agencies encourage telecommunications and other critical infrastructure organizations to apply the best practices in this guide.
December 3, 2024 - ENISA
2024 Report on The State of Cybersecurity in The Union Full Text
The report provides an evidence-based overview of the cybersecurity maturity state of play as well as an assessment of cybersecurity capabilities across Europe. The report also includes policy recommendations to address identified shortcomings and increase the level of cybersecurity in the EU.
December 3, 2024 - CISA
CISA Adds Three Known Exploited Vulnerabilities to Catalog Full Text
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-45727 North Grid Proself Improper Restriction of XML External Entity (XEE) Reference Vulnerability CVE-2024-11680 ProjectSend Improper Authentication Vulnerability CVE-2024-11667 Zyxel Multiple Firewalls Path Traversal Vulnerability
November 25, 2024 - CISA
CISA Adds One Known Exploited Vulnerability to Catalog Full Text
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-28461 Array Networks AG and vxAG ArrayOS Improper Authentication Vulnerability
2023 Top Routinely Exploited Vulnerabilities Full Text
This advisory provides details, collected and compiled by the authoring agencies, on the Common Vulnerabilities and Exposures (CVEs) routinely and frequently exploited by malicious cyber actors in 2023 and their associated Common Weakness Enumerations (CWEs). Malicious cyber actors exploited more zero-day vulnerabilities to compromise enterprise networks in 2023 compared to 2022, allowing them to conduct operations against high priority targets.
November 6, 2024 - CISA
Helping banish malicious adverts – and drive a secure advertising ecosystem Full Text
Online advertising is a key and growing component of the global digital economy. According to an industry review, the UK is expected to spend a projected £3.7 billion on advertising in 2024, and roughly three quarters of that will be digital content. This makes digital advertising a huge contributor to the UK economy, but public and commercial trust in the cyber security of the sector is essential if this is to remain the case.
October 30 2024 - FBI, US Department of Treasury, Israel National Cyber Directorate
New Tradecraft of Iranian Cyber Group Aria Sepehr Ayandehsazan aka Emennet Pasargad Full Text
The Federal Bureau of Investigation (FBI), U.S. Department of Treasury, and Israel National Cyber Directorate are releasing this Cybersecurity Advisory (CSA) to warn network defenders of new cyber tradecraft of the Iranian cyber group Emennet Pasargad, which has been operating under the company name Aria Sepehr Ayandehsazan (ASA) and is known by the private sector terms Cotton Sandstorm, Marnanbridge, and Haywire Kitten.
October 29 2024 - CISA
CISA Releases Its First Ever International Strategic Plan Full Text
WASHINGTON – Today, the Cybersecurity and Infrastructure Security Agency (CISA) released its 2025–2026 International Strategic Plan, the agency’s first, which supports the agency’s first comprehensive strategic plan and aligns with the National Security Memorandum on Critical Infrastructure Security and Resilience. The International Strategic Plan focuses on how CISA will proactively engage international partners to strengthen the security and resilience of our nation’s critical infrastructure.
October 22 2024 - White House
Doubling Down on Trusted Partnerships: Our Commitment to Researchers Full Text
The cybersecurity threat environment is constantly evolving. It is more complex than ever before. Keeping ahead of the bad actors requires collective effort, built on trusted partnership.
October 21 2024 - CISA
CISA Adds One Known Exploited Vulnerability to Catalog Full Text
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-9537 ScienceLogic SL1 Unspecified Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
To fully address AI risks, we must consider both the capabilities of AI models and their potential impact on people, society and the systems they interact with.
October 15 2024 - CISA
CISA Adds Three Known Exploited Vulnerabilities to Catalog Full Text
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-30088 Microsoft Windows Kernel TOCTOU Race Condition Vulnerability CVE-2024-9680 Mozilla Firefox Use-After-Free Vulnerability CVE-2024-28987 SolarWinds Web Help Desk Hardcoded Credential Vulnerability
October 10 2024 - CISA
Best Practices to Configure BIG-IP LTM Systems to Encrypt HTTP Persistence Cookies Full Text
CISA has observed cyber threat actors leveraging unencrypted persistent cookies managed by the F5 BIG-IP Local Traffic Manager (LTM) module to enumerate other non-internet facing devices on the network. F5 BIG-IP is a suite of hardware and software solutions designed to manage and secure network traffic. A malicious cyber actor could leverage the information gathered from unencrypted persistence cookies to infer or identify additional network resources and potentially exploit vulnerabilities found in other devices present on the network.
October 9 2024 - Australian Government
Introduction of landmark Cyber Security Legislation Package Full Text
Australian Government is committed to enhancing the security and resilience of Australia’s cyber environment and critical infrastructure.
October 2 2024 - ASD, CISA, NSA, FBI, ISAC, NCSC, CCCS, Te Tira Tiaki, BFDI, NCSC, NISC, NPA, NIS, NCSC
Principles of operational technology cyber security Full Text
Critical infrastructure organisations provide vital services, including supplying clean water, energy, and transportation, to the public. These organisations rely on operational technology (OT) to control and manage the physical equipment and processes that provide these critical services. As such, the continuity of vital services relies on critical infrastructure organisations ensuring the cyber security and safety of their OT.
September 18 2024 - CISA
CISA Adds Five Known Exploited Vulnerabilities to Catalog Full Text
CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-27348 Apache HugeGraph-Server Improper Access Control Vulnerability CVE-2020-0618 Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability CVE-2019-1069 Microsoft Windows Task Scheduler Privilege Escalation Vulnerability CVE-2022-21445 Oracle JDeveloper Remote Code Execution Vulnerability CVE-2020-14644 Oracle WebLogic Server Remote Code Execution Vulnerability
September 18 2024 - CISA
CISA Adds Five Known Exploited Vulnerabilities to Catalog Full Text
CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-27348 Apache HugeGraph-Server Improper Access Control Vulnerability CVE-2020-0618 Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability CVE-2019-1069 Microsoft Windows Task Scheduler Privilege Escalation Vulnerability CVE-2022-21445 Oracle JDeveloper Remote Code Execution Vulnerability CVE-2020-14644 Oracle WebLogic Server Remote Code Execution Vulnerability
We previously posted about experimenting with a hybrid post-quantum key exchange, and enabling it for 100% of Chrome Desktop clients. The hybrid key exchange used both the pre-quantum X25519 algorithm, and the new post-quantum algorithm Kyber. At the time, the NIST standardization process for Kyber had not yet finished.
September 12 2024 - Homeland Security, Repulicans
Handling Our Cargo: How The People’s Republic of China Invests Strategically in The U.S. Maritime Industry Full Text
This Memorandum of Understanding (MoU) establishes a framework for cooperation and information sharing between the National Crime Agency (NCA) and the Information Commissioner (the “Commissioner”), collectively referred to as “the Participants” throughout this document. In particular, it sets out the broad principles of collaboration and the legal framework governing the sharing of relevant information and intelligence between the Participants.
September 11 2024 - UK’s ICO, NCA
Memorandum of Understanding between the National Crime Agency and the Information Commissioner Full Text
This Memorandum of Understanding (MoU) establishes a framework for cooperation and information sharing between the National Crime Agency (NCA) and the Information Commissioner (the “Commissioner”), collectively referred to as “the Participants” throughout this document. In particular, it sets out the broad principles of collaboration and the legal framework governing the sharing of relevant information and intelligence between the Participants.
September 9 2024 - CISA
CISA Adds Three Known Exploited Vulnerabilities to Catalog Full Text
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2016-3714 ImageMagick Improper Input Validation Vulnerability CVE-2017-1000253 Linux Kernel PIE Stack Buffer Corruption Vulnerability CVE-2024-40766 SonicWall SonicOS Improper Access Control Vulnerability
September 5 2024 - FBI, CISA, NSA
FBI, CISA, NSA, and US and International Partners Release Advisory on Russian Military Cyber Actors Targeting US and Global Critical Infrastructure Full Text
Today, the Federal Bureau of Investigation (FBI)—in partnership with CISA, the National Security Agency (NSA), and other U.S. and international partners—released a joint Cybersecurity Advisory Russian Military Cyber Actors Target U.S. and Global Critical Infrastructure. This advisory provides overlapping cybersecurity industry cyber threat intelligence, tactics, techniques, and procedures (TTPs) and Indicators of Compromise (IOCs) associated with Russian General Staff Main Intelligence Directorate (GRU) 161st Specialist Training Center (Unit 29155) cyber actors, both during and succeeding their deployment of the WhisperGate malware against Ukraine.
September 3 2024 - FBI
North Korea Aggressively Targeting Crypto Industry with Well-Disguised Social Engineering Attacks Full Text
The Democratic People's Republic of Korea ("DPRK" aka North Korea) is conducting highly tailored, difficult-to-detect social engineering campaigns against employees of decentralized finance ("DeFi"), cryptocurrency, and similar businesses to deploy malware and steal company cryptocurrency.
September 2 2024 - United States Secret Service
The Secret Service, in partnership with the U.S. Department of State, is offering a reward of up to $2,500,000 for information leading to the arrest and/or conviction of this individual. Full Text
On August 12, 2024, the U.S. Attorney’s Office for the District of New Jersey unsealed an indictment charging Belarusian national Volodymyr Iuriyovych Kadariya with conspiracy to commit wire fraud, conspiracy to commit computer fraud, and two counts of substantive wire fraud.
August 29, 2024 - CISA
CISA Launches New Portal to Improve Cyber Reporting Full Text
WASHINGTON – Today, the Cybersecurity and Infrastructure Security Agency (CISA) announces its cyber incident reporting form moved to the new CISA Services Portal as part of its ongoing effort to improve cyber incident reporting.
August 28, 2024 - CISA
CISA Adds One Known Exploited Vulnerability to Catalog Full Text
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-7965 Google Chromium V8 Inappropriate Implementation Vulnerability
Best practices for event logging and threat detection Full Text
Event logging supports the continued delivery of operations and improves the security and resilience of critical systems by enabling network visibility. This guidance makes recommendations that improve an organisation’s resilience in the current cyber threat environment, with regard for resourcing constraints. The guidance is of moderate technical complexity and assumes a basic understanding of event logging.
NIST requests comments on the second draft of the fourth revision to the four-volume suite of Special Publication 800-63, Digital Identity Guidelines. This publication presents the process and technical requirements for meeting the digital identity management assurance levels specified in each volume. They also provide considerations for enhancing privacy, equity, and usability of digital identity solutions and technology.
August 21, 2024 - CISA
CISA Adds Four Known Exploited Vulnerabilities to Catalog Full Text
CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2021-33044 Dahua IP Camera Authentication Bypass Vulnerability CVE-2021-33045 Dahua IP Camera Authentication Bypass Vulnerability CVE-2022-0185 Linux Kernel Heap-Based Buffer Overflow CVE-2021-31196 Microsoft Exchange Server Information Disclosure Vulnerability
August 13, 2024 - NIST
NIST Releases First 3 Finalized Post-Quantum Encryption Standards Full Text
The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) has finalized its principal set of encryption algorithms designed to withstand cyberattacks from a quantum computer.
August 13, 2024 - NIST
NIST Releases First 3 Finalized Post-Quantum Encryption Standards Full Text
The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) has finalized its principal set of encryption algorithms designed to withstand cyberattacks from a quantum computer.
August 9, 2024 - White House
Fact Sheet: Biden-Harris Administration Releases Summary Report of 2023 RFI on Open Source-Software Security Initiative Full Text
Today, the White House Office of the National Cyber Director, in partnership with members of the Open-Source Software Security Initiative (OS3I), is publishing a summary report on the Request for Information (RFI): Open-Source Software Security: Areas of Long-Term Focus and Prioritization. This builds on the commitment the Administration made in the National Cybersecurity Strategy, “to invest in the development of secure software, including memory-safe languages and software development techniques, frameworks, and testing tools.”
August 8, 2024 - CISA
Best Practices for Cisco Device Configuration Full Text
In recent incidents, CISA has seen malicious cyber actors acquire system configuration files by leveraging available protocols or software on devices, such as abusing the legacy Cisco Smart Install feature. CISA recommends organizations disable Smart Install and review NSA’s Smart Install Protocol Misuse advisory and Network Infrastructure Security Guide for configuration guidance.
Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information, cause a denial-of-service condition, or execute arbitrary code on the affected device.
July 19, 2024 - CISA
Widespread IT Outage Due to CrowdStrike Update Full Text
CISA will update this Alert with more information as it becomes available.
July 10, 2024 - CISA
U.S. CISA ADDS MICROSOFT WINDOWS AND REJETTO HTTP FILE SERVER BUGS TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG Full Text
CVE-2024-23692 (CVSS score of 9.8) – the flaw is a template injection vulnerability that impacts Rejetto HTTP File Server, up to and including version 2.3m. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request.
July 8, 2024 - CISA
CISA and Partners join ASD’S ACSC to Release Advisory on PRC State-Sponsored Group, APT 40 Full Text
CISA has collaborated with the Australian Signals Directorate’s Australian Cyber Security Centre (ASD's ACSC) to release an advisory, People’s Republic of China (PRC) Ministry of State Security APT40 Tradecraft in Action outlining a PRC state-sponsored cyber group’s activity. The following organizations also collaborated with ASD's ACSC on the guidance:
In recent years, there has been a substantial amount of research on quantum computers – machines that exploit quantum mechanical phenomena to solve mathematical problems that are difficult or intractable for conventional computers. If large-scale quantum computers are ever built, they will be able to break many of the public-key cryptosystems currently in use. This would seriously compromise the confidentiality and integrity of digital communications on the Internet and elsewhere. The goal of post-quantum cryptography (also called quantum-resistant cryptography) is to develop cryptographic systems that are secure against both quantum and classical computers, and can interoperate with existing communications protocols and networks.
June 25, 2024 - CISA
Chemical Security Assessment Tool (CSAT) Ivanti Notification Full Text
The Cybersecurity and Infrastructure Security Agency’s (CISA) Chemical Security Assessment Tool (CSAT) was the target of a cybersecurity intrusion by a malicious actor from January 23-26, 2024. While CISA’s investigation found no evidence of exfiltration of data, this intrusion may have resulted in the potential unauthorized access of Top-Screen surveys, Security Vulnerability Assessments, Site Security Plans, Personnel Surety Program (PSP) submissions, and CSAT user accounts.
The Supply Chain Cybersecurity Principles characterize the foundational actions and approaches needed to deliver strong cybersecurity throughout the vast global supply chains that build energy automation and industrial control systems(ICS). The principles aim to create an enduring framework to drive best practices today, while informing international coordination to advance those practices into the future.
June 24, 2024 - FBI
Fictitious Law Firms Targeting Cryptocurrency Scam Victims Offering to Recover Funds Full Text
Using social media or other messaging platforms, fraudsters posing as lawyers representing fictitious law firms may contact scam victims and offer their services, claiming to have the authorization to investigate fund recovery cases. To validate the contact, the "lawyers" claim they are working with, or have received information on, the scam victim's case from the FBI, Consumer Financial Protection Bureau (CFPB), or other government agency. In some instances, scam victims have contacted fraudsters on fake websites, which appear legitimate, hoping to recover their funds.
June 12, 2024 - CISA
Phone Scammers Impersonating CISA Employees Full Text
Impersonation scams are on the rise and often use the names and titles of government employees. The Cybersecurity and Infrastructure Security Agency (CISA) is aware of recent impersonation scammers claiming to represent the agency. As a reminder, CISA staff will never contact you with a request to wire money, cash, cryptocurrency, or use gift cards and will never instruct you to keep the discussion secret.
To address stakeholder feedback and questions received since PCI DSS v4.0 was published in March 2022, the PCI Security Standards Council (PCI SSC) has published a limited revision to the standard, PCI DSS v4.0.1. It includes corrections to formatting and typographical errors and clarifies the focus and intent of some of the requirements and guidance. There are no additional or deleted requirements in this revision.
June 5, 2024 - CISA
Readout from CISA’s 2024 Second Quarter Cybersecurity Advisory Committee Meeting Full Text
WEST POINT, N.Y. - Today, the Cybersecurity and Infrastructure Security Agency (CISA) held its second quarter 2024 Cybersecurity Advisory Committee (CSAC) meeting. During the meeting, members provided updates and voted on recommendations based on CISA Director Jen Easterly’s tasking on Optimizing CISA’s Cyber Operational Collaboration Platform. The recommendations support and enhance CISA’s Joint Cyber Defense Collaborative (JCDC) continued maturation and investment, focusing on optimal operational cyber defense collaboration. CISA’s cyber defense mission is dependent upon effective collaboration between government and the private sector, which is enabled in significant part through JCDC.
May 31, 2024 - CISA, EAC
Enhancing Election Security THROUGH PUBLIC COMMUNICATIONS Full Text
State, local, tribal, and territorial election officials are the primary sources of official information about elections. Election officials routinely communicate with the public about their work, including ...
May 28, 2024 - NIST
NIST Launches ARIA, a New Program to Advance Sociotechnical Testing and Evaluation for AI Full Text
The National Institute of Standards and Technology (NIST) is launching a new testing, evaluation, validation and verification (TEVV) program intended to help improve understanding of artificial intelligence’s capabilities and impacts.
May 23, 2024 - NSA
NSA Issues Guidance for Maturing Application, Workload Capabilities Under Zero Trust; Dave Luber Quoted Full Text
In the current digital landscape where malware and emerging online threats continue to evolve and become more sophisticated, it is imperative that organizations prioritize cybersecurity as essential to their operations. Information Technology (IT) professionals are keenly aware of the security challenges facing applications, but workloads are every bit as important to consider in this domain.
May 15, 2024 - NHS, England
Possible Exploitation of Arcserve Unified Data Protection (UDP) Full Text
Possible exploitation has been reported for three vulnerabilities affecting Arcserve Unified Data Protection (UDP), a widely used backup and disaster recovery solution.
May 14, 2024 - CISA, FBI
Mitigating Cyber Threats with Limited Resources: Guidance for Civil Society Full Text
Civil society—nonprofit, advocacy, cultural, faith-based, academic, think tanks, journalist, dissident, and diaspora organizations, communities, and individuals involved in defending human rights and advancing democracy—are considered high-risk communities. Often, these organizations and their employees are targeted by state-sponsored threat actors who seek to undermine democratic values and interests. Regularly conducted as a type of transnational repression (also referred to as digital transnational repression), state-sponsored actors compromise organizational or personal devices and networks to intimidate, silence, coerce, harass, or harm civil society organizations and individuals.
May 14, 2024 - UK AI Safety Institute
An open-source framework for large language model evaluations Full Text
Welcome to Inspect, a framework for large language model evaluations created by the UK AI Safety Institute. Inspect provides many built-in components, including facilities for prompt engineering, tool usage, multi-turn dialog, and model graded evaluations. Extensions to Inspect (e.g. to support new elicitation and scoring techniques) can be provided by other Python packages.
May 6, 2024 - CISA, FBI
Malicious Cyber Actors Use Directory Traversal To Compromise Systems Full Text
Directory traversal—or path traversal—vulnerabilities remain a persistent class of defect in software products. The software industry has documented directory traversal vulnerabilities, along with effective approaches to eliminate these vulnerabilities at scale, for over two decades.1 Yet software manufacturers continue to put customers at risk by developing products that allow for directory traversal exploitation. CISA and the FBI are releasing this Secure by Design Alert in response to recent well-publicized threat actor campaigns that exploited directory traversal vulnerabilities in software (e.g., CVE-2024-1708, CVE-2024-20345) to compromise users of the software—impacting critical infrastructure sectors, including the Healthcare and Public Health Sector.
May 1, 2024 - CISA
CISA Adds One Known Exploited Vulnerability to Catalog Full Text
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-7028 GitLab Community and Enterprise Editions Improper Access Control Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
April 29, 2024 - NIST
Artificial Intelligence Risk Management Framework: Generative Artificial Intelligence Profile Full Text
This document is a companion resource for Generative AI to the AI Risk Management Framework (AI RMF), pursuant to President Biden’s Executive Order (EO) 14110 on Safe, Secure, and Trustworthy Artificial Intelligence. The AI RMF was released in January 2023, and is intended for voluntary use and to improve the ability of organizations to incorporate trustworthiness considerations into the design, development, use, and evaluation of AI products, services, and systems.
April 26, 2024 - DHS
MITIGATING ARTIFICIAL INTELLIGENCE (AI) RISK: Safety and Security Guidelines for Critical Infrastructure Owners and Operators Full Text
The U.S. Department of Homeland Security (DHS) was tasked in Executive Order 14110: Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence1 to develop safety and security guidelines for use by critical infrastructure owners and operators. DHS developed these guidelines in coordination with the Department of Commerce, the Sector Risk Management Agencies (SRMAs) for the 16 critical infrastructure sectors, and relevant independent regulatory agencies.
April 26, 2024 - FBI
New Verification Schemes Target Users of Online Dating Platforms Full Text
The FBI warns of "free" online verification service schemes in which fraudsters target users of dating websites and applications (apps) to defraud victims into signing up for recurring payments. Unlike romance scams involving investment-confidence schemes, commonly referred to as pig-butchering, where victims are convinced to transfer large amounts of money over time, the so called "free" verification schemes involve recurring and costly monthly subscription fees. Additionally, fraudsters collect the information entered by victims at registrations (e.g., emails, phone numbers, and credit card information) and use it to commit further fraudulent activity such as identity theft or selling the information on the dark web.
April 25, 2024 - CISA
Cyber Hygiene Helps Organizations Mitigate Ransomware-Related Vulnerabilities Full Text
Ransomware continues to evolve as a scourge on critical services, businesses, and communities worldwide, causing costly incidents that are increasingly destructive and disruptive. Based on recent industry reporting, it costs businesses an average of $1.85 million to recover from a ransomware attack.1 In addition, 80% of victims who paid a ransom were targeted and victimized again by these criminals.2 The economic, technical, and reputational impacts of ransomware incidents, throughout the initial disruption and, at times, extended recovery, continue to pose a challenge for organizations large and small.
April 25, 2024 - CISA
CISA Releases Eight Industrial Control Systems Advisories Full Text
CISA released eight Industrial Control Systems (ICS) advisories on April 25, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-116-01 Multiple Vulnerabilities in Hitachi Energy RTU500 Series ICSA-24-116-02 Hitachi Energy MACH SCM ICSA-24-116-03 Siemens RUGGEDCOM APE1808 Devices Configured with Palo Alto Networks Virtual NGFW ICSA-24-116-04 Honeywell Experion PKS, Experion LX, PlantCruise by Experion, Safety Manager, Safety Manager SC ICSA-23-143-03 Mitsubishi Electric MELSEC Series CPU Module (Update D) ICSA-23-157-02 Mitsubishi Electric MELSEC iQ-R Series/iQ-F Series (Update A) ICSA-24-102-09 Rockwell Automation 5015-AENFTXT (Update A) ICSA-24-067-01 Chirp Systems Chirp Access (Update B) CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations.
April 24, 2024 - United States Government Accountability Office
Implementation of Executive Order Requirements Is Essential to Address Key Actions Full Text
Among its 115 provisions, the order contains 55 leadership and oversight requirements (actions to assist or direct the federal agencies in implementing the order). The three key agencies primarily responsible for the implementation of these requirements are the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency, the National Institute of Standards and Technology, and the Office of Management and Budget (OMB). These agencies fully completed 49 of the 55 requirements, partially completed five, and one was not applicable (see table below). Completing these requirements would provide the federal government with greater assurance that its systems and data are adequately protected.
Deploying artificial intelligence (AI) systems securely requires careful setup and configuration that depends on the complexity of the AI system, the resources required (e.g., funding, technical expertise), and the infrastructure used (i.e., on premises, cloud, or hybrid). This report expands upon the ‘secure deployment’ and ‘secure operation and maintenance’ sections of the Guidelines for secure AI system development and incorporates mitigation considerations from Engaging with Artificial Intelligence (AI). It is for organizations deploying and operating AI systems designed and developed by another entity. The best practices may not be applicable to all environments, so the mitigations should be adapted to specific use cases and threat profiles.
The United States’ Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), Europol’s European Cybercrime Centre (EC3), and the Netherlands’ National Cyber Security Centre (NCSC-NL) are releasing this joint CSA to disseminate known Akira ransomware IOCs and TTPs identified through FBI investigations and trusted third party reporting as recently as February 2024.
April 15, 2024 - NSA
NSA Publishes Guidance for Strengthening AI System Security Full Text
FORT MEADE, Md. – The National Security Agency (NSA) is releasing a Cybersecurity Information Sheet (CSI) today, “Deploying AI Systems Securely: Best Practices for Deploying Secure and Resilient AI Systems.” The CSI is intended to support National Security System owners and Defense Industrial Base companies that will be deploying and operating AI systems designed and developed by an external entity.
April 12, 2024 - FBI
Smishing Scam Regarding Debt for Road Toll Services Full Text
Since early-March 2024, the FBI Internet Crime Complaint Center (IC3) has received over 2,000 complaints reporting smishing1 texts representing road toll collection service from at least three states. IC3 complaint information indicates the scam may be moving from state-to-state.
April 11, 2024 - CISA
CISA Directs Federal Agencies to Immediately Mitigate Significant Risk From Russian State-Sponsored Cyber Threat Full Text
WASHINGTON – Today, the Cybersecurity and Infrastructure Security Agency (CISA) publicly issued Emergency Directive 24-02 in response to a recent campaign by Russian state-sponsored cyber actor Midnight Blizzard targeting Microsoft corporate email accounts and potentially accessing correspondence with Federal Civilian Executive Branch (FCEB) agencies. The Directive was initially issued to federal agencies on April 2nd based upon currently available threat information and limited applicability of relevant actions, which are predicated on notification of exposed credentials by Microsoft. This Directive requires agencies to analyze potentially affected emails, reset any compromised credentials, and take additional steps to secure privileged Microsoft Azure accounts.
April 4, 2024 - Homeland Security Department, US
Cyber Incident Reporting for Critical Infrastructure Act Full Text
An unpublished Proposed Rule by the Homeland Security Department on 04/04/2024
April 3, 2024 - Health Sector Cybersecurity Coordination Center
Social Engineering Attacks Targeting IT Help Desks in the Health Sector Full Text
HC3 has recently observed threat actors employing advanced social engineering tactics to target IT help desks in the health sector and gain initial access to target organizations. In general, threat actors continue to evolve their tactics, techniques, and procedures (TTPs) to achieve their goals. HC3 recommends various mitigations outlined in this alert, which involve user awareness training, as well as policies and procedures for increased security for identity verification with help desk requests.
March 28, 2024 - OMB, EXECUTIVE OFFICE OF THE PRESIDENT
MEMORANDUM FOR THE HEADS OF EXECUTIVE DEPARTMENTS AND AGENCIES Full Text
Artificial intelligence (AI) is one of the most powerful technologies of our time, and the President has been clear that we must seize the opportunities AI presents while managing its risks. Consistent with the AI in Government Act of 2020, the Advancing American AI Act, and Executive Order 14110 on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence, this memorandum directs agencies to advance AI governance and innovation while managing risks from the use of AI in the Federal Government, particularly those affecting the rights and safety of the public.
March 27, 2024 - FCC
PUBLIC SAFETY AND HOMELAND SECURITY BUREAU REQUESTS COMMENT ON IMPLEMENTATION OF MEASURES TO PREVENT LOCATION TRACKING VIA THE DIAMETER AND SIGNALING SYSTEM 7 SECURITY PROTOCOL Full Text
The Federal Communications Commission’s Public Safety and Homeland Security Bureau (Bureau) requests comment on communications service providers’ implementation of security countermeasures to prevent exploitation of vulnerabilities in the Signaling System 7 (SS7) and Diameter protocols to track the location of consumers through their mobile devices.
March 27, 2024 - NIST
Panel Discussion: It is a Tale as Old as Time…. a CNA, the NVD, and a CVE Consumer Walk Into a Bar. Hilarity Ensues, Right? Full Text
Napkin-drawings aside, This panel seeks to talk through this classic “What If?” scenario by assembling a diverse team of industry and government professionals to talk about the current state of vulnerability identifiers, vulnerability databases, and how consumers interact with them. These building blocks establish the foundation for communicating and addressing vulnerabilities as they are discovered, reported, and disclosed, but the journey has not always been without challenges. Join us as we learn about the road that got us here, talk about the opportunities we continue to collaborate on, and hear about some potential future actions that could improve the ecosystem for all participants and officially start “Happy Hour”!
March 26, 2024 - CISA
CISA Adds One Known Exploited Vulnerability to Catalog Full Text
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-24955 Microsoft SharePoint Server Code Injection Vulnerability
March 21, 2024 - Department of Defense
Defense Industrial Base Cybersecurity Strategy 2024 Full Text
The Department of Defense's (DoD) Defense Industrial Base (018) Cybersecurity Strategy is an actionable framework for sustaining a more resilient Joint Force and defense ecosystem-one that prevails within and through one of today's most contested domains: cyberspace
March 20, 2024 - CISA
Review of the Summer 2023 Microsoft Exchange Online Intrusion Full Text
In May and June 2023, a threat actor compromised the Microsoft Exchange Online mailboxes of 22 organizations and over 500 individuals around the world. The actor—known as Storm-0558 and assessed to be affiliated with the People’s Republic of China in pursuit of espionage objectives—accessed the accounts using authentication tokens that were signed by a key Microsoft had created in 2016. This intrusion compromised senior United States government representatives working on national security matters, including the email accounts of Commerce Secretary Gina Raimondo, United States Ambassador to the People’s Republic of China R. Nicholas Burns, and Congressman Don Bacon.
As organizations move more of their data into cloud environments, the prevention of unauthorized access to that data is extremely important. Data stored in the cloud can take many forms depending on the needs of the organization. For these reasons, organizations must understand the sensitivity of the data they store in the cloud, select the appropriate storage services, and apply pragmatic security methods to properly protect their data. The purpose of this cybersecurity information sheet is to provide an overview of what cloud storage is and common practices for properly securing and auditing cloud storage systems.
March 7, 2024 - House Energy and Commerce Committee, US
E&C Unanimously Advances Bipartisan Legislation to Protect Americans’ Data and National Security against Foreign Adversaries Full Text
Washington, D.C. — The House Energy and Commerce Committee advanced two bipartisan pieces of legislation today to protect Americans’ data and national security against foreign adversaries. Both bills were advanced to the House Floor with unanimous support.
March 6, 2024 - CISA
CISA Adds Two Known Exploited Vulnerabilities to Catalog Full Text
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-23225 Apple iOS and iPadOS Memory Corruption Vulnerability CVE-2024-23296 Apple iOS and iPadOS Memory Corruption Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
February 29, 2024 - CISA
CISA Adds One Known Exploited Vulnerability to Catalog Full Text
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-29360 Microsoft Streaming Service Untrusted Pointer Dereference Vulnerability
The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing this joint CSA, to disseminate known TTPs and IOCs associated with the Phobos ransomware variants observed as recently as February 2024, according to open source reporting. Phobos is structured as a ransomware-as-a-service (RaaS) model. Since May 2019, Phobos ransomware incidents impacting state, local, tribal, and territorial (SLTT) governments have been regularly reported to the MS-ISAC. These incidents targeted municipal and county governments, emergency services, education, public healthcare, and other critical infrastructure entities to successfully ransom several million U.S. dollars.
February 29, 2024 - Health Sector Coordinating Council
The Health Industry Cybersecurity Strategic Plan (HIC-SP) is a call to action for organizations throughout the healthcare ecosystem to implement foundational cybersecurity programs that address the operational, technological, and governance challenges posed by significant healthcare industry trends over the next five years.
February 27, 2024 - FBI, NSA, US Cyber Command, and international partners
Russian Cyber Actors Use Compromised Routers to Facilitate Cyber Operations Full Text
The U.S. Department of Justice, including the FBI, and international partners recently disrupted a GRU botnet consisting of such routers. However, owners of relevant devices should take the remedial actions described below to ensure the long-term success of the disruption effort and to identify and remediate any similar compromises.
February 27, 2024 - U.S. Department of Health and Human Services
Breach Portal: Notice to the Secretary of HHS Breach of Unsecured Protected Health Information Full Text
As required by section 13402(e)(4) of the HITECH Act, the Secretary must post a list of breaches of unsecured protected health information affecting 500 or more individuals. The following breaches have been reported to the Secretary:
February 21, 2024 - CISA, EPA, FBI
CISA, EPA, and FBI Release Top Cyber Actions for Securing Water Systems Full Text
Today, CISA, the Environmental Protection Agency (EPA), and the Federal Bureau of Investigation (FBI) released the joint fact sheet Top Cyber Actions for Securing Water Systems. This fact sheet outlines the following practical actions Water and Wastewater Systems (WWS) Sector entities can take to better protect water systems from malicious cyber activity and provides actionable guidance to implement concurrently:
February 21, 2024 - White House
Biden-Harris Administration announces Initiative to Bolster Cybersecurity of U.S. Ports Full Text
Today, the Biden-Harris Administration will issue an Executive Order to bolster the security of the nation’s ports, alongside a series of additional actions that will strengthen maritime cybersecurity, fortify our supply chains and strengthen the United States industrial base. The Administration will also announce its intent to bring domestic onshore manufacturing capacity back to America to provide safe, secure cranes to U.S. ports – thanks to an over $20 billion investment in U.S. port infrastructure under President Biden’s Investing in America Agenda. Today’s actions are clear examples of the President’s work to invest in America, secure the country’s supply chains, and strengthen the cybersecurity of our nation’s critical infrastructure against 21st century threats – priorities his Administration has focused on relentlessly since taking office.
We’re increasingly connected through digital tools and more of our sensitive information is online. This convenience comes with risks. Each of us has a part to play in keeping ourselves and others safe. It’s easy to do and takes less time than you think.
February 08, 2024 - CISA
CISA Partners With OpenSSF Securing Software Repositories Working Group to Release Principles for Package Repository Security Full Text
Today, CISA partnered with the Open Source Security Foundation (OpenSSF) Securing Software Repositories Working Group to publish the Principles for Package Repository Security framework. Recognizing the critical role package repositories play in securing open source software ecosystems, this framework lays out voluntary security maturity levels for package repositories. This publication supports Objective 1.2 of CISA's Open Source Software Security Roadmap, which states the goal of "working collaboratively [with relevant working groups] to develop security principles for package managers."
February 07, 2024 - CISA, NSA, FBI
CISA and Partners Release Advisory on PRC-sponsored Volt Typhoon Activity and Supplemental Living Off the Land Guidance Full Text
Today, CISA, the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) relea sed a joint Cybersecurity Advisory (CSA), PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure alongside supplemental Joint Guidance: Identifying and Mitigating Living off the Land Techniques.
February 07, 2024 - CISA, NSA, FBI
CISA and Partners Release Advisory on PRC-sponsored Volt Typhoon Activity and Supplemental Living Off the Land Guidance Full Text
Today, CISA, the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) released a joint Cybersecurity Advisory (CSA), PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure alongside supplemental Joint Guidance: Identifying and Mitigating Living off the Land Techniques.
February 06, 2024 - CISA
CISA Adds One Known Exploited Vulnerability to Catalog Full Text
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-4762 Google Chromium V8 Type Confusion Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
January 31, 2024 - FBI
Director Wray’s Opening Statement to the House Select Committee on the Strategic Competition Between the United States and the Chinese Communist Party Full Text
Chairman Gallagher, Ranking Member Krishnamoorthi, and members of the Select Committee, thank you for inviting me to testify here today to discuss the FBI’s ongoing efforts to protect our nation from actions taken by the Chinese government that threaten Americans’ safety and prosperity.
January 31, 2024 - U.S. Department of Justice
U.S. Government Disrupts Botnet People’s Republic of China Used to Conceal Hacking of Critical Infrastructure Full Text
A December 2023 court-authorized operation has disrupted a botnet of hundreds of U.S.-based small office/home office (SOHO) routers hijacked by People’s Republic of China (PRC) state-sponsored hackers.
January 31, 2024 - CISA
CISA Adds One Known Exploited Vulnerability to Catalog Full Text
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2022-48618 Apple Multiple Products Improper Authentication Vulnerability
January 26, 2024 - Department of Health and Human Services, USA
HEALTHCARE AND PUBLIC HEALTH SECTOR-SPECIFIC CYBERSECURITY PERFORMANCE GOALS Full Text
The Department of Health and Human Services (HHS) helps the Healthcare and Public Health (HPH) critical infrastructure sector prepare for and respond to cyber threats, adapt to the evolving threat landscape, and build a more resilient sector. As outlined in the HHS Healthcare Sector Cybersecurity concept paper, HHS is publishing these voluntary healthcare specifc Cybersecurity Performance Goals (CPGs) to help healthcare organizations prioritize implementation of high-impact cybersecurity practices. The HPH CPGs are designed to better protect the healthcare sector from cyberattacks, improve response when events occur, and minimize residual risk. HPH CPGs include both essential goals to outline minimum foundational practices for cybersecurity performance and enhanced goals to encourage adoption of more advanced practices.
January 23, 2024 - Department for Science, Innovation & Technology, U.K.
Open call for evidence - Cyber Governance Code of Practice: call for views Full Text
The UK has a world leading reputation in cutting edge technologies which is underpinned by a pro-innovation approach to tech regulation. As the digital economy continues to grow at an exponential rate, so does society’s dependence and global interconnectivity. This presents benefits but also challenges. We know that malicious actors pose a significant threat, seeking to capitalise on opportunities that exploit cyber security vulnerabilities in digital systems, disrupting business continuity and causing economic harm.
January 22, 2024 - Health Sector Cybersecurity Coordination Center, U.S.
Possible Threat of Unauthorized Access to HPH Organizations from Remote Access Tool Full Text
Security researchers are warning that Healthcare and Public Health (HPH) organizations that use the remote access tool ScreenConnect could be adversely affected or targeted by threat actors. The impact of potential unauthorized access on both federal and private industry victims, many of which rely on this tool, would be a concerning development for the healthcare sector. This Sector Alert provides a technical overview of issues concerning the remote access tool, IOCs, and recommendations for mitigations to detect and protect against future cyberattacks.
January 19, 2024 - CISA
ED 24-01: Mitigate Ivanti Connect Secure and Ivanti Policy Secure Vulnerabilities Full Text
CISA has observed widespread and active exploitation of vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure solutions, hereafter referred to as “affected products.” Successful exploitation of the vulnerabilities in these affected products allows a malicious threat actor to move laterally, perform data exfiltration, and establish persistent system access, resulting in full compromise of target information systems.
January 16, 2024 - CISA, FBI
CISA and FBI Release Known IOCs Associated with Androxgh0st Malware Full Text
Today, CISA and the Federal Bureau of Investigation (FBI) released a joint Cybersecurity Advisory (CSA), Known Indicators of Compromise Associated with Androxgh0st Malware, to disseminate known indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) associated with threat actors deploying Androxgh0st malware.
With the publication of the 2022 National Defense Strategy (NOS), Secretary Austin charted the Defense Department's way forward through this decisive decade. Increasingly coercive actions taken by the People's Republic of China demonstrates its intent to reshape the lndo-Pacific region and broader international system to fit its authoritarian preferences, and the Russian Federation's invasion of Ukraine underscores the acute threat it poses. These threats, along with transboundary challenges like COVID-19, demonstrate the imperative for increased and improved defense capabilities for both the United States and our allies and partners.
January 10, 2024 - CISA
Update: Known Exploited Vulnerabilities Catalog Full Text
Abstract For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.
January 9, 2024 - FTC
FTC Order Prohibits Data Broker X-Mode Social and Outlogic from Selling Sensitive Location Data Full Text
Abstract Data broker X-Mode Social and its successor Outlogic will be prohibited from sharing or selling any sensitive location data to settle Federal Trade Commission allegations that the company sold precise location data that could be used to track people’s visits to sensitive locations such as medical and reproductive health clinics, places of religious worship and domestic abuse shelters.
January 8, 2024 - FORDHAM UNIVERSITY
2024 International Conference on Cyber Security Full Text
Abstract The International Conference on Cyber Security (ICCS) is the premier global cybersecurity event spanning three days, with more than 50 distinguished speakers from the government, the private sector, and academia. It is an unparalleled opportunity for global cyber threat analysis, operations, research, and law enforcement leaders to coordinate and share their efforts to create a more secure world.
Abstract Voice cloning technology is becoming increasing sophisticated due to improving text-to-speech AI. The technology offers promise, including medical assistance for people who may have lost their voices due to accident or illness. It also poses significant risk: families and small businesses can be targeted with fraudulent extortion scams; creative professionals, such as voice artists, can have their voices appropriated in ways that threaten their livelihoods and deceive the public.
January 4, 2024 - NIST
NIST Identifies Types of Cyberattacks That Manipulate Behavior of AI Systems Full Text
Abstract Adversaries can deliberately confuse or even “poison” artificial intelligence (AI) systems to make them malfunction — and there’s no foolproof defense that their developers can employ. Computer scientists from the National Institute of Standards and Technology (NIST) and their collaborators identify these and other vulnerabilities of AI and machine learning (ML) in a new publication.