CISA

Network Security

Issued by: Security Week

A type of cyberattack targeting applications or websites, denial-of-service (DoS) attacks aim to exhaust the target system’s resources to render it inaccessible to legitimate users. DDoS attacks may target server vulnerabilities to overload network resources or to consume these resources through the reflection of a high volume of network traffic to the target, or may…

Malware & Threats

Issued by: Security Week

The information was collected when CISA investigated the hacking of a defense industrial base organization’s enterprise network between November 2021 and January 2022. The investigation, conducted in collaboration with a third-party incident response firm, revealed that multiple threat groups had compromised the victim’s network and some of them had access for at least one year….

Network Security

Issued by: Security Week

A general-purpose document titled Open Radio Access Network Security Considerations, the guidance is based on current knowledge and recommended practices and should apply to a variety of industries. “Open RAN is the industry term for the evolution of traditional RAN architecture to open interoperable interfaces, virtualization, and big data and AI-enabled intelligence,” the document reads….

Malware & Threats

Issued by: Security Week

In a joint advisory this week, the three agencies warn that a threat actor tracked as ‘Vice Society’ has been “disproportionately targeting the education sector with ransomware attacks”. Ransomware attacks targeting the education sector, especially K-12, are not uncommon, and the US government agencies expect an increase in attacks as the 2022/2023 school year begins….

Network Security

Issued by: Security Week

The National Institute of Standards and Technology (NIST) is expected to publish the standard in 2024, but CISA urges stakeholders to prepare in advance, citing potential risks from quantum computing to the entire critical infrastructure. Quantum computers use qubits, or ‘quantum bits’, to deliver higher computing power and speed in certain scenarios, including solving mathematical…

Vulnerabilities

Issued by: Security Week

The security hole, tracked as CVE-2022-27924 and described as a Memcache injection issue, allows an unauthenticated attacker to steal cleartext credentials from a targeted Zimbra instance without any user interaction. An attacker can leverage the compromised credentials to access the victim’s emails, from where they could escalate their access within the targeted organization and obtain…

Malware & Threats

Issued by: Help Net Security

A less known ransomware threat dubbed Maui has been and is likely to continue hitting healthcare organizations, a new CISA alert warns. Maui is unusual in many ways: it does not show a ransom note, it does not rely upon external infrastructure to receive encryption keys, and it does not encrypt files and/or systems indiscriminately….

Network Security

Issued by: Security Week

Courtesy of the Cybersecurity and Infrastructure Security Agency’s Cybersecurity Education and Training Assistance Program (CETAP) grant, the program will include a series of summer camps meant to introduce students aged 13 to 21 to key cybersecurity topics and help them develop skills that will allow them to pursue potential careers in the industry. The program…

Vulnerabilities

Issued by: Security Week

The 2022 CWE Top 25 Most Dangerous Software Weaknesses list contains the most common and impactful weaknesses, and is based on the analysis of nearly 38,000 CVE records from the previous two years. Out-of-bounds write and cross-site scripting (XSS) remain the two most dangerous vulnerabilities. Some of the most significant changes include race conditions moving…