Collaborate Disseminate
The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2022-35405, a critical remote code execution vulnerability in ManageEngine PAM360, Password Manager Pro, and Access Manager Plus, to its Known Exploited Vulnerabilities (KEV) … Continue reading Critical ManageEngine RCE flaw is being exploited (CVE-2022-35405)
The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency will host a call with critical infrastructure stakeholders Monday afternoon about a critical vulnerability affecting products with the Log4j software library, according to a statement. CISA sent out an alert Friday that the agency had added the flaw to its list of exploited vulnerabilities, and urged federal and civilian organizations to patch and take steps to mitigate harm immediately. Log4j is a widely-used open-source logging tool popular in numerous cloud and enterprise apps including Minecraft, Apple Cloud, Cloudflare and Twitter, making the extent of the zero-day’s potential damage likely wide-reaching. “CISA is working closely with our public and private sector partners to proactively address a critical vulnerability affecting products containing the log4j software library,” CISA director Jen Easterly said in a statement. “This vulnerability, which is being widely exploited by a growing set of threat actors, presents an urgent challenge to network defenders given its broad use.” Cybersecurity researchers noted over the weekend that […]
The post CISA to brief critical infrastructure companies about urgent new Log4j vulnerability appeared first on CyberScoop.
By teaming up with Kasada, GreyNoise Intelligence will be able to provide users with an improved understanding of their security environment and more accurate information about which potential threats demand their attention. Kasada detects malicious au… Continue reading Kasada partners with GreyNoise Intelligence to provide potential threats prioritization
In mid-April, an obscure agency housed under the Department of Defense issued a bulletin that a little-known, Chinese-linked hacking group is likely responsible for some suspicious activity aimed at defense contractors in the U.S. But how the Defense Counterintelligence and Security Agency (DCSA) came to that conclusion is complicated. The alert, sent to 38 contractors, says DCSA detected the group was making “inbound and outbound connections” with contractors’ facilities as of Feb. 1. The targeting, which appeared to have stopped by March 25, was directed at several critical infrastructure sectors, including aerospace, health care and maritime, according to a copy of the bulletin obtained by CyberScoop. A DCSA official tells CyberScoop the document was meant to raise awareness among the contractors, but numerous sources tell CyberScoop that it is more confusing than clarifying. The bulletin, which was first reported by Politico, has raised questions about the attributed hacking group and if the actions described […]
The post A Department of Defense bulletin on a ‘leaking’ sinkhole has baffled cybersecurity experts appeared first on CyberScoop.
Two weeks have passed since Microsoft released security fixes and mitigation advice to defang exploits taking advantage of CVE-2019-0708 (aka BlueKeep), a wormable unauthenticated remote code execution flaw in Remote Desktop Services (RDP). The vulnera… Continue reading BlueKeep RDP flaw: Nearly a million Internet-facing systems are vulnerable
The last several days have seen a surge in internet traffic mimicking the IP addresses of big U.S. banks in a possible effort to disrupt the cybersecurity personnel and products that help protect them, according to GreyNoise Intelligence, a company that maps internet traffic. Bank of America, JPMorgan Chase, and SunTrust are among the banks whose IP addresses are being spoofed to seem like they are conducting broad scans of the internet, GreyNoise said. That large-scale scanning is duping people into thinking that the IP addresses are malicious, GreyNoise founder Andrew Morris told CyberScoop. “There are a lot of people around the internet who are definitely convinced that these are bad IPs,” he said. Threat intelligence teams in the U.S. financial sector are looking into the issue, sources told CyberScoop. Morris said the volume of traffic is too low to be a distributed denial-of-service attack. Instead, he suggested, a bad […]
The post Someone is spoofing big bank IP addresses – possibly to embarrass security vendors appeared first on CyberScoop.
Continue reading Someone is spoofing big bank IP addresses – possibly to embarrass security vendors
The internet is a bustling place, with hackers constantly firing exploits against whoever they can. Cybersecurity firm GreyNoise is trying to filter out some of that noise. Continue reading This Cybersecurity Firm Listens to the Background ‘Noise’ of the Internet