Our news

  • North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs

    Summary The U.S. Federal Bureau of Investigation (FBI) and the following authoring partners are releasing this Cybersecurity Advisory to highlight cyber espionage activity associated with the Democratic People’s Republic of Korea (DPRK)’s Reconnaissance General Bureau (RGB) 3rd Bureau based in Pyongyang and Sinuiju: U.S. Cyber National Mission Force (CNMF) U.S. Cybersecurity and Infrastructure Security Agency…

    READ MORE

  • ISC Releases Security Advisories for BIND 9

    The Internet Systems Consortium (ISC) released security advisories to address vulnerabilities affecting multiple versions of ISC’s Berkeley Internet Name Domain (BIND) 9. A cyber threat actor could exploit one of these vulnerabilities to cause a denial-of-service condition.  CISA encourages users and administrators to review the following advisories and apply the necessary updates:  CVE-2024-4076: Assertion failure…

    READ MORE

  • Demystifying SQL Injection and Database Security 

    Structured Query Language or SQL is a programming language designed for creating, manipulating, and processing information stored in a relational database. These are made up of tables where information is stored and accessed using rows and columns to represent different data attributes and relationships. These databases are ubiquitous; even though we, the users, may not interact…

    READ MORE

  • Vulnerability Summary for the Week of July 15, 2024

    High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info 1Panel-dev–1Panel  1Panel is a web-based linux server management control panel. 1Panel contains an unspecified sql injection via User-Agent handling. This issue has been addressed in version 1.10.12-lts. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2024-07-18 10…

    READ MORE

  • Widespread IT Outage Due to CrowdStrike Update

    Note: CISA will update this Alert with more information as it becomes available. As of 1130am EDT July 19, 2024:  CISA is aware of the widespread outage affecting Microsoft Windows hosts due to an issue with a recent CrowdStrike update and is working closely with Crowdstrike and federal, state, local, tribal and territorial (SLTT) partners,…

    READ MORE

  • Ivanti Releases Security Updates for Endpoint Manager

    Ivanti released security updates to address vulnerabilities in Ivanti Endpoint Manager (EPM) and Ivanti Endpoint Manager for Mobile (EPMM). A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.  CISA encourages users and administrators to review the following Ivanti advisories and apply the necessary updates: Security Advisory EPM…

    READ MORE

  • Eldorado: The Golden City of Ransomware-as-a-Service (RaaS) 

    In today’s rapidly evolving technological landscape, new cybercriminal threats are emerging alongside innovations. A ransomware group named Eldorado recently surfaced and, within a few months, successfully breached 16 companies worldwide, including in the United States. This malware poses a threat to both Windows and Linux systems, demonstrating that anyone can be a victim. Eldorado is…

    READ MORE

  • Vulnerability Summary for the Week of July 8, 2024

    High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info Adobe–Bridge  Bridge versions 14.0.4, 13.0.7, 14.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim…

    READ MORE

  • AT&T Discloses Breach of Customer Data

    On July 12, AT&T released a public statement on unauthorized access of customer data from a third-party cloud platform. AT&T also provided recommendations and resources for affected customers.     CISA encourages customers to review the following AT&T article for additional information and follow necessary guidance to help protect personal information.    AT&T: Unlawful access of customer data

    READ MORE

  • CISA Red Team’s Operations Against a Federal Civilian Executive Branch Organization Highlights the Necessity of Defense-in-Depth

    EXECUTIVE SUMMARY In early 2023, the Cybersecurity and Infrastructure Security Agency (CISA) conducted a SILENTSHIELD red team assessment against a Federal Civilian Executive Branch (FCEB) organization. During SILENTSHIELD assessments, the red team first performs a no-notice, long-term simulation of nation-state cyber operations. The team mimics the techniques, tradecraft, and behaviors of sophisticated threat actors and…

    READ MORE