The US Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive requiring federal agencies to urgently hunt for and eradicate a persistent “Firestarter” backdoor affecting Cisco Firepower and Secure Firewall devices in an active cyberespionage campaign.
Category: Enterprise
Are Your Systems Patched Against Storm-1175 Attacks?
Image source: Antony McAulay, Shutterstock The threat actor is exploiting more than 17 flaws in high-velocity campaigns to distribute Medusa ransomware, according to Microsoft. A financially motivated threat actor whom Microsoft is…
NSA, CISA, Others Warn About Fast Flux Threat: Here’s Why
Image source: Shutterstock Enterprise organizations, ISPs and security services providers are not adequately prepared to protect against attacks that leverage the technique, authoring agencies say. The NSA, CISA, and international partners have…
Max Severity Bug Affects MITRE Caldera Adversary Emulation Platform
Image source: MITRE Caldera Users should patch immediately to mitigate risk, Caldera security team says. MITRE’s Caldera team has patched a maximum severity remote code execution bug in the adversary emulation platform…
Mandiant Updates Guidance for Protecting Against Ivanti Vulnerabilities
Image source: Shutterstock Following its disclosure of two new zero-days Jan 31, Ivanti too has updated its mitigation file. Customers who applied previous mitigation would need re-apply it to address new flaws….
CVE-2024-0204 in GoAnywhere MFT is a Ticking Time Bomb
Image source: Shutterstock More than 96% of GoAnywhere MFT assets that security vendor Tenable observed on Jan 23 were vulnerable. Mass attacks could soon begin against a critical authentication bypass flaw in…
LockBit Ransomware Operators Targeting CitrixBleed in Coordinated Attacks
Image source: Shutterstock China’s ICBC, Boeing, Australian logistics giant DP World, major law firm among known victims so far; More than 5,000 organizations worldwide remain unpatched and vulnerable to CVE-2023-4966 Multiple LockBit…
Here are the 4 Main Requirements of the New White House Executive Order on AI Safety
Image source: Shutterstock The EO calls for the creation of new standards and guidance to ensure safe use of AI especially in critical infrastructure sectors. The Biden-Harris Administration Monday issued an Executive…
These 5 Security Practices Can Help Protect Against 99% of Attacks: Do you Have Them?
Image source: Shutterstock Microsoft says telemetry from its Defender for Endpoint, Cloud Apps, Identity, Office 365 and other sources shows organizations can protect against almost all attacks with a few fundamental security…
Here’s What You Need to Know About the Severe “Looney TUNABLES” Vuln in Multiple Linux Distros
Image source: Shutterstock CVE-2023-4911 is a local privilege escalation flaw that gives attackers a way to gain root access on versions of Debian, Fedora, Ubuntu and other Linux distributions using the glibc…