Author: DEFENDEDGE

  • Reminder for Critical Infrastructure to Stay Vigilant Against Threats During Holidays and Weekends

    Original release date: November 22, 2021 As Americans prepare to hit the highways and airports this Thanksgiving holiday, CISA and the Federal Bureau of Investigation (FBI) are reminding critical infrastructure partners that malicious cyber actors aren’t making the same holiday plans as you. Recent history tells us that this could be a time when these… Read more

  • Updated: APT Exploitation of ManageEngine ADSelfService Plus Vulnerability

    Original release date: November 19, 2021 The Federal Bureau of Investigation (FBI), CISA, and Coast Guard Cyber Command (CGCYBER) have updated the Joint Cybersecurity Advisory (CSA) published on September 16, 2021, which details the active exploitation of an authentication bypass vulnerability (CVE-2021-40539) in Zoho ManageEngine ADSelfService Plus—a self-service password management and single sign-on solution. The… Read more

  • NSA and CISA Release Guidance on Securing 5G Cloud Infrastructures

    Original release date: November 19, 2021 CISA has announced the joint National Security Agency (NSA) and CISA publication of the second of a four-part series, Security Guidance for 5G Cloud Infrastructures. Part II: Securely Isolate Network Resources examines threats to 5G container-centric or hybrid container/virtual network, also known as Pods. The guidance provides several aspects… Read more

  • 6M Sky Routers Left Exposed to Attack for Nearly 1.5 Years

    Pen Test Partners didn’t disclose the vulnerability after 90 days because it knew ISPs were struggling with a pandemic-increased network load as work from home became the new norm. Read more

  • Russian TrickBot Gang Hacker Extradited to U.S. Charged with Cybercrime

    A Russian national, who was arrested in South Korea last month and extradited to the U.S. on October 20, appeared in a federal court in the state of Ohio on Thursday to face charges for his alleged role as a member of the infamous TrickBot group. Court documents showed that Vladimir Dunaev, 38, along with other… Read more

  • BYOD

    The current landscape has changed dramatically. Businesses have had to adapt to new challenges, one of these challenges is accommodating the current workforce. In the age of digital technology, more employees would rather use their own device, such as a laptop, tablet, or phone. Bring Your Own Device or BYOD for short, is a trend that… Read more

  • FBI: FatPipe VPN Zero-Day Exploited by APT for 6 Months

    The bureau’s flash alert said an APT has been exploiting the flaw to compromise FatPipe router clustering and load balancer products to breach targets’ networks. Read more

  • NCSC Releases 2021 Annual Review

    Original release date: November 18, 2021 The United Kingdom (UK) National Cyber Security Centre (NCSC) has released its Annual Review 2021, which focuses on its response to evolving and challenging cyber threats. The publication contains highlights of NCSC’s collaboration with trusted cybersecurity partners, including CISA. Examples include: Joint Cybersecurity Advisory: Top Routinely Exploited Vulnerabilities Joint… Read more

  • Decoding the Data Ocean: Security Threat Context & Natural Language Processing

    REGISTER TODAY! Join security researchers Erick Galinkin of Rapid7 and Izzy Lazerson of IntSights, as they discuss how non-experts can supercharge threat intelligence efforts in ways that were never before possible, with natural language processing. Read more

  • CISA Adds Four Known Exploited Vulnerabilities to Catalog

    Original release date: November 17, 2021 CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, which require remediation from federal civilian executive branch (FCEB) agencies by December 1, 2021. CISA has evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent… Read more