CISA released four Industrial Control Systems (ICS) advisories on January 10, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-010-01 Schneider Electric PowerChute Serial Shutdown ICSA-25-010-02 Schneider Electric Harmony
Continue ReadingBlog
CISA Releases the Cybersecurity Performance Goals Adoption Report
Today, CISA released the Cybersecurity Performance Goals Adoption Report to highlight how adoption of Cybersecurity Performance Goals (CPGs) benefits our nation’s critical infrastructure sectors. Originally released in October 2022, CISA’s CPGs are voluntary practices that critical
Continue ReadingISC Stormcast For Friday, January 10th, 2025 https://isc.sans.edu/podcastdetail/9274, (Fri, Jan 10th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue ReadingWindows Defender Chrome Extension Detection, (Fri, Jan 10th)
With the recent Cyberhaven Extension(2) attack, looking for specific Chrome extensions installed can be very helpful. If you are running Defender with enhanced vulnerability management, Defender automatically catalogs installed extensions by going to Vulnerability Management ->
Continue ReadingRedDelta: Chinese State-Sponsored Group Targets Mongolia, Taiwan, and Southeast Asia with Evolving Cyber Threats
Summary:Between July 2023 and December 2024, Insikt Group observed the Chinese state-sponsored group RedDelta targeting Mongolia, Taiwan, Myanmar, Vietnam, and Cambodia with an adapted infection chain to distribute its customized PlugX backdoor. The group used lure
Continue ReadingISC Stormcast For Thursday, January 9th, 2025 https://isc.sans.edu/podcastdetail/9272, (Thu, Jan 9th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue ReadingExamining Redtail Analyzing a Sophisticated Cryptomining Malware and its Advanced Tactics [Guest Diary], (Thu, Jan 9th)
[This is a Guest Diary by Cody Hales, an ISC intern as part of the SANS.edu BACS program] Introduction From August to November 2024, my honeypot has captured a wide array of malicious content. In this
Continue ReadingIvanti Releases Security Updates for Connect Secure, Policy Secure, and ZTA Gateways
Ivanti released security updates to address vulnerabilities (CVE-2025-0282, CVE-2025-0283) in Ivanti Connect Secure, Policy Secure, and ZTA Gateways. A cyber threat actor could exploit CVE-2025-0282 to take control of an affected system.CISA has added CVE-2025-0282 to
Continue ReadingCISA Adds One Vulnerability to the KEV Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-0282 Ivanti Connect Secure Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant
Continue ReadingIvanti Connect Secure VPN Targeted in New Zero-Day Exploitation
Written by: John Wolfram, Josh Murchie, Matt Lin, Daniel Ainsworth, Robert Wallace, Dimiter Andonov, Dhanesh Kizhakkinan, Jacob Thompson Note: This is a developing campaign under active analysis by Mandiant and Ivanti. We will continue to add
Continue Reading