Our news

  • Best Practices for Cisco Device Configuration

    In recent incidents, CISA has seen malicious cyber actors acquire system configuration files by leveraging available protocols or software on devices, such as abusing the legacy Cisco Smart Install feature. CISA recommends organizations disable Smart Install and review NSA’s Smart Install Protocol Misuse advisory and Network Infrastructure Security Guide for configuration guidance.  CISA also continues…

    READ MORE

  • Royal Ransomware Actors Rebrand as “BlackSuit,” FBI and CISA Release Update to Advisory

    Today, CISA—in partnership with the Federal Bureau of Investigation (FBI)—released an update to joint Cybersecurity Advisory #StopRansomware: Royal Ransomware, #StopRansomware: BlackSuit (Royal) Ransomware. The updated advisory provides network defenders with recent and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) associated with BlackSuit and legacy Royal activity. FBI investigations identified these…

    READ MORE

  • Defending the Edge Podcast, Episode 21: Unveiling the Mask, The Many Faces of Hacking  

    Red hat, blue hat, grey hat, black hat; follow along as we dive into the world of hackers on episode 21 of the Defending the Edge Podcast with DefendEdge set to be released tomorrow, August 6th. Uncover the different veils that make up ethical hackers, state-sponsored hackers, and the many other hats they wear. Topics…

    READ MORE

  • Emerging Threat Review: Storm-0324 & Sangria Tempest 

    The newest set of tactics, techniques, and procedures (TTPs) from Storm-0324, otherwise known as DEV-0324, reveals their use of Microsoft Teams to deliver malware through phishing messages and attachments. With corporate networks within their reach, this new evolution raises concerns for companies utilizing Microsoft Teams for day-to-day communications.   Analysis: A publicly available Python-based tool known as…

    READ MORE

  • Vulnerability Summary for the Week of July 29, 2024

    High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info Apache Software Foundation–Apache SeaTunnel Web  Web Authentication vulnerability in Apache SeaTunnel. Since the jwt key is hardcoded in the application, an attacker can forge any token to log in any user. Attacker can get secret key in /seatunnel-server/seatunnel-app/src/main/resources/application.yml and then create a token. This issue…

    READ MORE

  • Understanding 2FA vs MFA: A Layered Approach to Cybersecurity

    In today’s digital landscape, ensuring robust security measures is paramount. With the ever-increasing sophistication of cyber threats, businesses and individuals alike must adopt rigorous authentication protocols. Two primary methods that stand out are Two-Factor Authentication (2FA) and Multi-Factor Authentication (MFA). While they are often used interchangeably, understanding their nuances is crucial for implementing the most…

    READ MORE

  • Vulnerability Summary for the Week of July 22, 2024

    High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info 202ecommerce–paypal  In the module “PayPal Official” for PrestaShop 7+ releases prior to version 6.4.2 and for PrestaShop 1.6 releases prior to version 3.18.1, a malicious customer can confirm an order even if payment is finally declined by PayPal. A logical weakness during…

    READ MORE

  • North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs

    Summary The U.S. Federal Bureau of Investigation (FBI) and the following authoring partners are releasing this Cybersecurity Advisory to highlight cyber espionage activity associated with the Democratic People’s Republic of Korea (DPRK)’s Reconnaissance General Bureau (RGB) 3rd Bureau based in Pyongyang and Sinuiju: U.S. Cyber National Mission Force (CNMF) U.S. Cybersecurity and Infrastructure Security Agency…

    READ MORE

  • ISC Releases Security Advisories for BIND 9

    The Internet Systems Consortium (ISC) released security advisories to address vulnerabilities affecting multiple versions of ISC’s Berkeley Internet Name Domain (BIND) 9. A cyber threat actor could exploit one of these vulnerabilities to cause a denial-of-service condition.  CISA encourages users and administrators to review the following advisories and apply the necessary updates:  CVE-2024-4076: Assertion failure…

    READ MORE

  • Demystifying SQL Injection and Database Security 

    Structured Query Language or SQL is a programming language designed for creating, manipulating, and processing information stored in a relational database. These are made up of tables where information is stored and accessed using rows and columns to represent different data attributes and relationships. These databases are ubiquitous; even though we, the users, may not interact…

    READ MORE