CISA Alert (AA21-209A): Top Routinely Exploited Vulnerabilities
This Joint Cybersecurity Advisory was coauthored by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), the United Kingdom’s National Cyber Security Centre (NCSC), and the U.S. Federal Bureau of Investigation (FBI).
This advisory provides details on the top 30 vulnerabilities—primarily Common Vulnerabilities and Exposures (CVEs)—routinely exploited by malicious cyber actors in 2020 and those being widely exploited thus far in 2021.
Four of the most targeted vulnerabilities in 2020 affected remote work, VPNs, or cloud-based technologies.
(Source: CISA)
MDBR stops ransomware, phishing, malware, and more
U.S. State, Local, Tribal, and Territorial (SLTT) government organizations, schools, and hospitals are becoming increasingly reliant on technology. The Center for Internet Security's (CIS's) Malicious Domain Blocking and Reporting (MDBR) service has been protecting these entities from being targets of ransomware, malware, and phishing attacks. One year since its inception in July 2020, MDBR has blocked more than 1.5 billion requests to known bad web domains for public sector organizations.
Adoption of this service continues to grow as the service can be implemented within 15 minutes or less and requires virtually no maintenance as CIS and Akamai fully maintain the systems required.
Existing MS- and EI-ISAC members can sign up for no-cost MDBR by registering here. If your organization isn’t yet an MS-ISAC or EI-ISAC member, you’ll be asked to join first.
(Source: Center for Internet Security)
DHS announces new cybersecurity requirements for critical pipeline owners and operators
On July 20, in response to the ongoing cybersecurity threat to pipeline systems, the Department of Homeland Security’s (DHS’) Transportation Security Administration (TSA) announced the issuance of a second Security Directive that requires owners and operators of TSA-designated critical pipelines that transport hazardous liquids and natural gas to implement a number of urgently needed protections against cyber intrusions.
This Security Directive requires owners and operators of TSA-designated critical pipelines to implement specific mitigation measures to protect against ransomware attacks and other known threats to information technology and operational technology systems, develop and implement a cybersecurity contingency and recovery plan, and conduct a cybersecurity architecture design review.
This is the second Security Directive that TSA has issued to the pipeline sector this year, building upon an initial Security Directive that TSA issued in May 2021 following the ransomware attack on a major petroleum pipeline.
(Source: DHS)
Google is using machine learning to stop DDoS attacks
Google has revealed a preview of a new machine-learning program from Cloud Armor called Adaptive Protection. The machine-learning-powered tool detects and protects enterprise applications from distributed denial-of-service (DDoS) attacks. The same technology has been implemented in Project Shield, a free service offered by Google that aims to protect human rights, government, and media organizations against harmful DDoS attacks. In the past, Google has been effective in blocking huge DDoS attacks, including one in 2017 that measured in at 2.56 Tbps. Google eventually traced the attack back to a Beijing-backed attacker.
The new project was announced in November as part of its DDoS defense and web application firewall service that allows Google customers to use the same technology the company uses to protect itself.
The public preview allows Google Cloud customers to test out the functionality of the product.
(Source: OODA Loop)
Kaseya obtains universal decryptor key for recent REvil ransomware attacks
Hit by a severe cyberattack earlier this month, IT enterprise firm Kaseya said on Thursday, July 22, that it obtained a universal decryptor key for recent victims of the REvil ransomware. The Kaseya Senior Vice President of corporate marketing said the company obtained the key on Wednesday and that it does work. The Senior Vice President wouldn't reveal any details as to how or where it was obtained other than to say that it came from a trusted third party.
The company said it was working to help victims affected by the ransomware attack and that customers impacted by the incident would be contacted by Kaseya representatives.
(Source: Tech Republic)
|
