Author: DEFENDEDGE

  • FBI-DHS-CISA Joint Advisory on Russian Foreign Intelligence Service Cyber Operations

    DEFENDEDGE

    Original release date: April 26, 2021 The Federal Bureau of Investigation (FBI), Department of Homeland Security, and CISA have released a Joint Cybersecurity Advisory (CSA) addressing Russian Foreign Intelligence Service (SVR) cyber actors—also known as Advanced Persistent Threat 29 (APT 29), the Dukes, CozyBear, and Yttrium—continued targeting of U.S and foreign entities. The SVR activity—which includes… Read more

  • AA21-116A: Russian Foreign Intelligence Service (SVR) Cyber Operations: Trends and Best Practices for Network Defenders

    DEFENDEDGE

    Original release date: April 26, 2021 Summary The Federal Bureau of Investigation (FBI), Department of Homeland Security (DHS), and Cybersecurity and Infrastructure Security Agency (CISA) assess Russian Foreign Intelligence Service (SVR) cyber actors—also known as Advanced Persistent Threat 29 (APT 29), the Dukes, CozyBear, and Yttrium—will continue to seek intelligence from U.S. and foreign entities… Read more

  • Prometei Botnet Could Fire Up APT-Style Attacks

    DEFENDEDGE

    The malware is for now using exploits for the Microsoft Exchange “ProxyLogon” security bugs to install Monero-mining malware on targets. Read more

  • 5 Fundamental But Effective IoT Device Security Controls

    DEFENDEDGE

    Matt Dunn, the associate managing director for cyber-risk at Kroll, discusses how to keep networks safe from insecure IoT devices. Read more

  • Hackers Exploit VPN to Deploy SUPERNOVA malware on SolarWinds Orion

    DEFENDEDGE

    The U.S. Cybersecurity and Infrastructure Security Agency stated, “The threat actor connected to the entity’s network via a Pulse Secure virtual private network appliance, moved laterally to its SolarWinds Orion server, installed malware referred to by security researchers as SUPERNOVA, and collected credentials.” CISA reported that they uncovered the threat actor during an incident response… Read more

  • CISA Incident Response to SUPERNOVA Malware

    DEFENDEDGE

    Original release date: April 22, 2021 CISA has released AR21-112A: CISA Identifies SUPERNOVA Malware During Incident Response to provide analysis of a compromise in an organization’s enterprise network by an advance persistent threat actor. This report provides tactics, techniques, and procedures CISA observed during the incident response engagement. CISA encourages organizations to review AR21-112A for… Read more

  • Cyber Security Best Practices

    DEFENDEDGE

    Cyber Security Best Practices Many organizations struggle to keep their IT infrastructure secure and organized. One simple security measure that we at DefendEdge strongly recommend to all our clients is to implement cyber security “best practices”; these are industry-standard measures that make your environment much harder to compromise by any potential bad actor. These best… Read more

  • 4 Innovative Ways Cyberattackers Hunt for Security Bugs

    DEFENDEDGE

    David “moose” Wolpoff, co-founder and CTO at Randori, talks lesser-known hacking paths, including unresolved “fixme” flags in developer support groups. Read more

  • SonicWall Releases Patches for Email Security Products

    DEFENDEDGE

    Original release date: April 21, 2021 CISA is aware of three vulnerabilities affecting SonicWall Email Security products: CVE-2021-20021, CVE-2021-20022, and CVE-2021-20023. A remote attacker could exploit these vulnerabilities to take control of an affected system. According to SonicWall, “In at least one known case, these vulnerabilities have been observed to be exploited ‘in the wild.’”… Read more

  • Pulse Secure Critical Zero-Day Security Bug Under Active Exploit

    DEFENDEDGE

    CVE-2021-22893 allows remote code-execution (RCE) and is being used in the wild by nation-state cyberattackers to compromise VPN appliances in defense, finance and government orgs. Read more