Author: DEFENDEDGE

  • San Bernardino County Pays Over $1M in Ransomware Attack

    DEFENDEDGE

    According to the San Bernardino Sun, San Bernardino County in California paid a ransom of $1.1 million to a hacker who had compromised the computer system of the county’s sheriff department. However, the county’s financial losses were partially mitigated by an insurance policy specifically designed to cover events of this nature, resulting in a payout… Read more

  • Enterprise Networks Under Attack by New Malware Toolkit ‘Decoy Dog’.

    DEFENDEDGE

    Cybersecurity researchers have discovered a new malware toolkit named Decoy Dog after analyzing over 70 billion DNS records. Decoy Dog is a sophisticated toolkit that uses techniques like domain aging, when a domain is registered but not used for some time, and DNS query dribbling to evade detection. While the malware’s usage in the wild… Read more

  • CISA Urges Organizations to Incorporate the FCC Covered List Into Risk Management Plans

    DEFENDEDGE

    The Federal Communications Commission (FCC) maintains a Covered List of communications equipment and services that have been determined by the U.S. government to pose an unacceptable risk to the national security of the United States or the security and safety of United States persons to national security pursuant to the Secure and Trusted Communications Networks Act… Read more

  • CISA Requests for Comment on Secure Software Self-Attestation Form

    DEFENDEDGE

    CISA has issued requests for comment on the Secure Software Self-Attestation Form. CISA, in coordination with the Office of Budget and Management (OMB), released proposed guidance on secure software. This guidance seeks to secure software leveraged by the federal government. CISA expects agencies to use this proposed form to reduce the risk to the federal… Read more

  • CISA Releases One Industrial Control Systems Medical Advisory

    DEFENDEDGE

    CISA released one Industrial Control Systems Medical (ICS) medical advisory on April 27, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS medical advisory for technical details and mitigations: ICSMA-23-117-01 Illumina Universal Copy Service Read more

  • BellaCiao Malware linked to APT Charming Kitten

    DEFENDEDGE

    DefendEdge Cyber Threat IntelligenceMichael Spoloric, Analyst The discovery of the BellaCiao malware has once again highlighted the persistent threat posed by state-sponsored hacking groups. Charming Kitten, the group believed to be behind the malware, has a history of targeting organizations and individuals in various regions of the world, including the United States, Europe, the Middle… Read more

  • CISA Releases Malware Analysis Report on ICONICSTEALER

    DEFENDEDGE

     CISA has released a new Malware Analysis Report (MAR) on an infostealer known as ICONICSTEALER. This trojan has been identified as a variant of malware used in the supply chain attack against 3CX’s Desktop App. CISA recommends users and administrators to review the following resources for more information, and hunt for the listed indicators of compromise… Read more

  • CISA and Partners Release Cybersecurity Best Practices for Smart Cities

    DEFENDEDGE

    Today, CISA, NSA, FBI, NCSC-UK, ACSC, CCCS and NCSC-NZ released a joint guide: Cybersecurity Best Practices for Smart Cities.  Smart cities may create safer, more efficient, resilient communities through technological innovation and data-driven decision making. However, this opportunity also introduces potential vulnerabilities and weaknesses that—if exploited—could impact national security, economic security, public health and safety, and critical… Read more

  • CISA Adds One Known Vulnerability to Catalog

    DEFENDEDGE

    CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2017-6742 Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability  These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view other newly added vulnerabilities in the… Read more

  • APT28 Exploits Known Vulnerability to Carry Out Reconnaissance and Deploy Malware on Cisco Routers

    DEFENDEDGE

    APT28 accesses poorly maintained Cisco routers and deploys malware on unpatched devices using CVE-2017-6742. Overview and Context The UK National Cyber Security Centre (NCSC), the US National Security Agency (NSA), US Cybersecurity and Infrastructure Security Agency (CISA) and US Federal Bureau of Investigation (FBI) are releasing this joint advisory to provide details of tactics, techniques… Read more