Tag Archive for: federal

Federal Cyber Agency Offlines 2 Systems After Ivanti Hack

/in


After issuing a warning about Ivanti zero-day vulnerabilities, the federal Cybersecurity and Infrastructure Security Agency (CISA) has now suffered a pair of breaches because of the incident.

Hackers exploiting vulnerabilities in Ivanti products breached two CISA systems in February, according to Recorded Future. The agency said it immediately took those systems offline, and that no other systems were affected. A spokesperson said CISA saw “no operational impact at this time,” and “continue[s] to upgrade and modernize” its systems.

CISA has not disclosed which systems were impacted. However, Recorded Future reported that one was the Infrastructure Protection (IP) Gateway. Per CISA’s website, that gateway serves as the way that Department of Homeland Security partners access integrated IP tools, capabilities and information to conduct comprehensive critical infrastructure vulnerability assessments and other security-related business.


The other system was the Chemical Security Assessment Tool, a portal housing surveys and applications that chemical facilities must complete to help CISA assess the risks of terrorists weaponizing the chemicals they hold, as part of a lapsed federal program.

Randy Rose is senior director of security operations and intelligence at the Center for Internet Security. Stone said it was hard to imagine such an incident having an impact on local government, other than potentially making some online resources unavailable. Users of the systems who have a key contact at CISA should be able to reach out and learn about possible impacts, he said.

Lower-level governments, however, now face more risks in using Ivanti products. After the vulnerabilities were discovered, the Center for Internet Security scanned for it among lower governments, finding more than 100 devices.

The vulnerabilities are in products that have been widely used across the public and private sectors for providing secure remote connections, Rose said. This points to the importance of organizations adopting a layered approach to security and risk management, mitigating risk when one line of defense fails.

Local governments…

Source…

CISA Issues Emergency Directive to Federal Agencies on Ivanti Zero-Day Exploits

/in


Jan 20, 2024NewsroomNetwork Security / Threat Intelligence

CISA Issues Emergency Directive

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday issued an emergency directive urging Federal Civilian Executive Branch (FCEB) agencies to implement mitigations against two actively exploited zero-day flaws in Ivanti Connect Secure (ICS) and Ivanti Policy Secure (IPS) products.

The development arrives as the vulnerabilities – an authentication bypass (CVE-2023-46805) and a code injection bug (CVE-2024-21887) – have come under widespread exploitation by multiple threat actors. The flaws allow a malicious actor to craft malicious requests and execute arbitrary commands on the system.

The U.S. company acknowledged in an advisory that it has witnessed a “sharp increase in threat actor activity” starting on January 11, 2024, after the shortcomings were publicly disclosed.

Cybersecurity

“Successful exploitation of the vulnerabilities in these affected products allows a malicious threat actor to move laterally, perform data exfiltration, and establish persistent system access, resulting in full compromise of target information systems,” the agency said.

Ivanti, which is expected to release an update to address the flaws next week, has made available a temporary workaround through an XML file that can be imported into affected products to make necessary configuration changes.

CISA is urging organizations running ICS to apply the mitigation and run an External Integrity Checker Tool to identify signs of compromise, and if found, disconnect them from the networks and reset the device, followed by importing the XML file.

In addition, FCEB entities are urged to revoke and reissue any stored certificates, reset the admin enable password, store API keys, and reset the passwords of any local user defined on the gateway.

Cybersecurity firms Volexity and Mandiant have observed attacks weaponizing the twin flaws to deploy web shells and passive backdoors for persistent access to infected appliances. As many as 2,100 devices worldwide are estimated to have been compromised to date.

Cybersecurity

The initial attack wave identified in December 2023 has been attributed to a Chinese nation-state group that is being tracked as…

Source…

Homeland Security warns federal agencies of hackers targeting Google Chrome, Excel spreadsheets

/in


The Cybersecurity and Infrastructure Security Agency, or CISA, is issuing a new warning: your Google Chrome browser and Excel spreadsheets could be at risk of an attack. The agency identified two new exploits that could give hackers easy access to your computer.

Federal agencies have until January 23 to make sure they’re protected. Here are some ways to make sure you’re protected too.

CLICK TO GET KURT’S FREE CYBERGUY NEWSLETTER WITH SECURITY ALERTS, QUICK VIDEO TIPS, TECH REVIEWS, AND EASY HOW-TO’S TO MAKE YOU SMARTER

Homeland Security warns federal agencies of hackers targeting Google Chrome, Excel spreadsheets

Microsoft logo on keyboard (Kurt “CyberGuy” Knutsson)

Microsoft Excel’s new exploit

Hackers are targeting Microsoft Excel using a huge vulnerability in a library that reads Excel files. The bug is in a library called Spreadsheet::ParseExcel. It allows hackers to run malware remotely. Specifically, hackers can utilize a string in the library to run programs on your computer.

This exploit has popped up before. Security firm Barracuda noticed Chinese hackers using the exploit last month. They would create custom Excel attachments to exploit the bug and run any program they wanted to.

While Barracuda addressed this with a patch, they say open-source libraries could still be at risk. The company also issued a warning to anyone who uses Spreadsheet::ParseExcel, recommending they review the bug and take any necessary action.

Homeland Security warns federal agencies of hackers targeting Google Chrome, Excel spreadsheets

Google Chrome browser on laptop (Kurt “CyberGuy” Knutsson)

MORE: THE 7 SIGNS YOU’VE BEEN HACKED

Google Chrome’s bug

Google’s eighth day zero attack comes in the form of an attack on an open-source project. WebRTC allows web browsers and mobile applications to communicate in real-time. However, hackers are using it to overload your browser and either cause it to crash or give them permission to do whatever they want. This exploit doesn’t just affect Google Chrome. It also affects other open-source web browsers using WebRTC to communicate. Google issued an emergency fix just last month, but there’s more you can do to protect yourself.

Four essential tips to secure your devices and data from hackers and scammers 

To protect yourself from malicious hackers and scammers, we recommend you do the following four things.

1) Be cautious about using open-source…

Source…

Ransomware attack in US: Dozens of credit unions experience outrages due to cyberattack on Trellance, federal agency says

/in


About 60 credit unions in the United States are experiencing outages because of a ransomware attack on an IT provider the institutions use, according to a federal agency.

The video above is ABC13’s 24/7 livestream.

On Friday, the National Credit Union Administration (NCUA), the agency that insures deposits at federally insured credit unions, said in a statement to ABC News that it was “coordinating with affected credit unions” in the wake of the hack.

The full extent of the outage and its impact on credit unions was unclear Friday evening. One of the affected credit unions, New York-based Mountain Valley Federal Credit Union, told CNN that technicians from the hacked IT provider were “working around the clock to get our systems” back online.

According to NCUA spokesperson Joseph Adamoli, credit unions reported that the ransomware attack, in which cybercriminals typically lock computer systems as an extortion tactic, affected a unit of Trellance, a cloud computing firm provider used by credit unions.

NCUA told ABC News that the hack occurred through a third-party vendor, FedComp, using Trellance software, which was the source of the cyberattack.

Trellance did not immediately respond to a request for comment on Friday.

“Member deposits at affected federally insured credit unions are insured by the National Credit Union Share Insurance Fund up to $250,000,” NCUA said.

The Record, a cybersecurity news publication, reported earlier on the ransomware attack.

The incident is just the latest example of how ransomware attacks have caused havoc for U.S. critical infrastructure in recent years. Hospitals, fuel pipelines, and schools have also been disrupted by the file-locking cyberattacks, prompting the Biden administration to treat ransomware as a national security crisis.

CNN writer Sean Lyngaas contributed to this report.

Source…