Month: May 2023

  • Vulnerability Summary for the Week of April 10, 2023

    DEFENDEDGE

     The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which… Read more

  • Vulnerability Summary for the Week of April 3, 2023

    DEFENDEDGE

    The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which… Read more

  • Sophisticated Techniques Implemented by ViperSoftX InfoStealer to Evade Detection

    DEFENDEDGE

    A widespread cryptocurrency- and information-stealing malware called ViperSoftX has affected numerous victims across consumer and enterprise sectors throughout Australia, Japan, the U.S., and India. ViperSoftX is a JavaScript-based Remote Access Trojan (RAT) that allows remote access and control over infected machines. This evasive malware has recently adopted advanced encryption and anti-analysis techniques to avoid detection.… Read more

  • Mozilla Releases Security Advisories for Multiple Products

    DEFENDEDGE

    Mozilla has released security advisories to address vulnerabilities in Firefox and Firefox ESR. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.  CISA encourages users and administrators to review the following advisories and apply the necessary updates: Security Vulnerabilities fixed in Firefox 113 Mozilla Foundation Security Advisory 2023-16… Read more

  • CISA and Partners Disclose Snake Malware Threat From Russian Cyber Actors

    DEFENDEDGE

    Today, CISA and partners released a joint advisory for a sophisticated cyber espionage tool used by Russian cyber actors. Hunting Russian Intelligence “Snake” Malware provides technical descriptions of the malware’s host architecture and network communications, and mitigations to help detect and defend against this threat. CISA urges organizations to review the advisory for more information… Read more

  • Akira Ransomware: Targeted Attacks, Data Breaches, and Million-Dollar Ransoms

    DEFENDEDGE

    A new ransomware strain named Akira has emerged, causing significant disruption to corporate networks worldwide. It targets industries such as finance, real estate, and manufacturing. Akira has quickly gained notoriety since its launch in March 2023. Upon execution, Akira deletes Windows Shadow Volume Copies, making file restoration challenging. It selectively encrypts files using various extensions,… Read more

  • San Bernardino County Pays Over $1M in Ransomware Attack

    DEFENDEDGE

    According to the San Bernardino Sun, San Bernardino County in California paid a ransom of $1.1 million to a hacker who had compromised the computer system of the county’s sheriff department. However, the county’s financial losses were partially mitigated by an insurance policy specifically designed to cover events of this nature, resulting in a payout… Read more

  • Enterprise Networks Under Attack by New Malware Toolkit ‘Decoy Dog’.

    DEFENDEDGE

    Cybersecurity researchers have discovered a new malware toolkit named Decoy Dog after analyzing over 70 billion DNS records. Decoy Dog is a sophisticated toolkit that uses techniques like domain aging, when a domain is registered but not used for some time, and DNS query dribbling to evade detection. While the malware’s usage in the wild… Read more

  • CISA Urges Organizations to Incorporate the FCC Covered List Into Risk Management Plans

    DEFENDEDGE

    The Federal Communications Commission (FCC) maintains a Covered List of communications equipment and services that have been determined by the U.S. government to pose an unacceptable risk to the national security of the United States or the security and safety of United States persons to national security pursuant to the Secure and Trusted Communications Networks Act… Read more