CISA: CISA and Partners Urge Hardening Automatic Tank Gauge Systems

The Cybersecurity and Infrastructure Security Agency CISA, the Federal Bureau of Investigation FBI, the National Security Agency NSA, the Department of Energy DOE, the Environmental Protection Agency EPA, the Transportation Security Administration TSA, the Department of Transportation DOT, and th...

CISA and FBI Warn Fast Flux is Powering Resilient Malware, C2, and Phishing Networks

Cybersecurity agencies from Australia, Canada, New Zealand, and the United States have published a joint advisory about the risks associated with a technique called fast flux that has been adopted by threat actors to obscure a command-and-control C2 channel. "'Fast flux' is a technique used to...

U.S. Agencies Warn of Iranian Hacking Group's Ongoing Ransomware Attacks

U.S. cybersecurity and intelligence agencies have called out an Iranian hacking group for breaching multiple organizations across the country and coordinating with affiliates to deliver ransomware. The activity has been linked to a threat actor dubbed Pioneer Kitten, which is also known as Fox...

CISA Joins ACSC-led Guidance on How to Use AI Systems Securely

CISA has collaborated with the Australian Signals Directorate’s Australian Cyber Security Centre ASD’s ACSC on Engaging with Artificial Intelligencelink is external—joint guidance, led by ACSC, on how to use AI systems securely. The following organizations also collaborated with ACSC on the...

CISA Issues Emergency Directive to Federal Agencies on Ivanti Zero-Day Exploits

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Friday issued an emergency directive urging Federal Civilian Executive Branch FCEB agencies to implement mitigations against two actively exploited zero-day flaws in Ivanti Connect Secure ICS and Ivanti Policy Secure IPS products...

U.S., U.K., and Global Partners Release Secure AI System Development Guidelines

The U.K. and U.S., along with international partners from 16 other countries, have released new guidelines for the development of secure artificial intelligence AI systems. "The approach prioritizes ownership of security outcomes for customers, embraces radical transparency and accountability, an...

Starting your journey to become quantum-safe

There’s no doubt we are living through a time of rapid technological change. Advances in ubiquitous computing and ambient intelligence transform nearly every aspect of work and life. As the world moves forward with new advancements and distributed technologies, so too does the need to understand...

Russian State-Backed 'Infamous Chisel' Android Malware Targets Ukrainian Military

Cybersecurity and intelligence agencies from Australia, Canada, New Zealand, the U.K., and the U.S. on Thursday disclosed details of a mobile malware strain targeting Android devices used by the Ukrainian military. The malicious software, dubbed Infamous Chisel and attributed to a Russian...

Qualys Tackles 2022’s Top Routinely Exploited Cyber Vulnerabilities

A unified front against malicious cyber actors is climactic in the ever-evolving cybersecurity landscape. The joint Cybersecurity Advisory CSA, a collaboration between leading cybersecurity agencies from the United States, Canada, United Kingdom, Australia, and New Zealand, is a critical guide to...

2022 Top Routinely Exploited Vulnerabilities

SUMMARY The following cybersecurity agencies coauthored this joint Cybersecurity Advisory CSA: United States: The Cybersecurity and Infrastructure Security Agency CISA, National Security Agency NSA, and Federal Bureau of Investigation FBI Australia: Australian Signals Directorate’s Australian Cyb...

Cybersecurity Agencies Warn Against IDOR Bugs Exploited for Data Breaches

Cybersecurity agencies in Australia and the U.S. have published a joint cybersecurity advisory warning against security flaws in web applications that could be exploited by malicious actors to orchestrate data breach incidents and steal confidential data. This includes a specific class of bugs...

Cybersecurity Agencies Sound Alarm on Rising TrueBot Malware Attacks

Cybersecurity agencies have warned about the emergence of new variants of the TrueBot malware. This enhanced threat is now targeting companies in the U.S. and Canada with the intention of extracting confidential data from infiltrated systems. These sophisticated attacks exploit a critical...

A week in security (June 20 – June 26)

Last week on Malwarebytes Labs: LinkedIn scams are a "significant threat", warns FBI DDoS-for-hire service provider jailed Internet Safety Month: 7 tips for staying safe online while on vacation Client-side Magecart attacks still around, but more covert Security vulnerabilities: 5 times that...

Top 30 Critical Security Vulnerabilities Most Exploited by Hackers

Intelligence agencies in Australia, the U.K., and the U.S. issued a joint advisory on Wednesday detailing the most exploited vulnerabilities in 2020 and 2021, once again demonstrating how threat actors are able to swiftly weaponize publicly disclosed flaws to their advantage. "Cyber actors contin...

FBI, CISA, NSA Officially Blame Russia for SolarWinds Cyber Attack

The U.S. government on Tuesday formally pointed fingers at the Russian government for orchestrating the massive SolarWinds supply chain attack that came to light early last month. "This work indicates that an Advanced Persistent Threat APT actor, likely Russian in origin, is responsible for most ...

Securing the International IoT Supply Chain

Together with Nate Kim former student and Trey Herr Atlantic Council Cyber Statecraft Initiative, I have written a paper on IoT supply chain security. The basic problem we try to solve is: how to you enforce IoT security regulations when most of the stuff is made in other countries? And our...

Threat Outbreak Alert RuleID20274: Email Messages Distributing Malicious Software on December 24, 2015

Medium Alert ID: 42861 First Published: 2015 December 24 16:18 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID20274 may contain the following files: Name |...