CISA has received multiple reports of a large-scale spear-phishing campaign targeting organizations in several sectors, including government and information technology (IT). The foreign threat actor, often posing as a trusted entity, is sending spear-phishing emails containing
Continue ReadingMonth: October 2024
Predict D.C. and London: The Fight Against Ransomware Enters a New Phase
Having just wrapped up our D.C. and London Predict 2024 conferences, the Recorded Future team is incredibly excited about the future of cybersecurity. Over the span two days in both cities, Predict attendees heard from global
Continue ReadingCISA Releases Four Industrial Control Systems Advisories
CISA released four Industrial Control Systems (ICS) advisories on October 31, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-305-01 Rockwell Automation FactoryTalk ThinManager ICSA-24-030-02 Mitsubishi Electric FA Engineering
Continue ReadingRockwell Automation FactoryTalk ThinManager
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk ThinManager Vulnerabilities: Missing Authentication For Critical Function, Out-of-Bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities could
Continue ReadingISC Stormcast For Thursday, October 31st, 2024 https://isc.sans.edu/podcastdetail/9204, (Thu, Oct 31st)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue ReadingOctober 2024 Activity with Username chenzilong, (Thu, Oct 31st)
After reviewing the Top 10 Not So Common SSH Usernames and Passwords [1] published by Johannes 2 weeks ago, I noticed activity by one in his list that we don't really know what it is. Beginning
Continue ReadingScans for RDP Gateways, (Wed, Oct 30th)
RDP is one of the most prominent entry points into networks. Ransomware actors have taken down many large networks after initially entering via RDP. Credentials for RDP access are often traded by “initial access brokers". I
Continue ReadingFortinet Updates Guidance and Indicators of Compromise following FortiManager Vulnerability Exploitation
Fortinet has updated their security advisory addressing a critical FortiManager vulnerability (CVE-2024-47575) to include additional workarounds and indicators of compromise (IOCs). A remote, unauthenticated cyber threat actor could exploit this vulnerability to gain access to sensitive
Continue ReadingISC Stormcast For Wednesday, October 30th, 2024 https://isc.sans.edu/podcastdetail/9202, (Wed, Oct 30th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue ReadingJCDC’s Industry-Government Collaboration Speeds Mitigation of CrowdStrike IT Outage
CISA, through the Joint Cyber Defense Collaborative (JCDC), enabled swift, coordinated response and information sharing in the wake of a significant IT outage caused by a CrowdStrike software update. This outage, which impacted government, critical infrastructure,
Continue Reading