All posts tagged: CISA

CISA Flags 2-Year-Old Oracle WebLogic Vulnerability as Actively Exploited

CISA Flags 2-Year-Old Oracle WebLogic Vulnerability as Actively Exploited

A patch that should have retired an Oracle WebLogic vulnerability two years ago is now the reason CISA is sounding an emergency alarm. After confirming active exploitation of a previously patched vulnerability, CVE-2024-21182, the Cybersecurity and Infrastructure Security Agency (CISA) has added it to its Known Exploited Vulnerabilities (KEV) catalog. By making this designation, CISA has signaled that the vulnerability has moved from a potential risk to an active threat requiring immediate attention. According to Oracle, the vulnerability affects Oracle WebLogic servers running on two specific versions and allows any unauthenticated attacker to gain remote access through exposed T3 and IIOP protocols. Upon successfully exploiting this vulnerability, attackers can gain full access to all data accessible through the server. Although Oracle issued a patch for it in July 2024, several systems remain unpatched, creating an entry point for the recently observed exploitation of this flaw. CISA’s KEV listing places it among high-priority threats with urgent remediation requirements for all federal agencies, and as a broader call for the private sector to patch their vulnerable, unpatched servers. Unpacking the WebLogic …

CISA’s Reversal Extends Support for CVE Database

CISA’s Reversal Extends Support for CVE Database

Image: CROCOTHERY/Adobe Stock The nonprofit organization MITRE, which maintains the Common Vulnerabilities and Exposures (CVE) database, said on April 15 that the US government funding for its operations will expire without renewal; however, in a last-minute reversal announced the morning of April 16, CISA said it has extended support for the database. At the same time, CVE Board members have founded the CVE Foundation, a nonprofit not affiliated with the US federal government, to maintain the CVE program. The CVE program, which has been in place since 1999, is an essential way to report and track vulnerabilities. Many other cybersecurity resources, such as Microsoft’s Patch Tuesday update and report, refer to CVE numbers to identify flaws and fixes. Organizations called CVE Numbering Authorities are associated with MITRE and authorized to assign CVE numbers. “CVE underpins a huge chunk of vulnerability management, incident response, and critical infrastructure protection efforts,” wrote Casey Ellis, founder of crowdsourced cybersecurity hub Bugcrowd, in an email to TechRepublic. “A sudden interruption in services has the very real potential to bubble up …

FBI & CISA Urge Immediate Action

FBI & CISA Urge Immediate Action

Image: DC_Studio/Envato Elements Federal cybersecurity officials are raising red flags over a surge in attacks by the Medusa ransomware group. First detected in June 2021, the group has gained traction recently by using basic but effective methods — like phishing emails and exploiting outdated software — to break into systems and hold data hostage. In a joint advisory released last week, the FBI, Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) urged businesses and institutions to take immediate steps to protect their systems. The warning is part of the government’s ongoing #StopRansomware initiative. Must-read security coverage A growing ransomware-as-a-service business Originally a closed operation, Medusa has now adopted a ransomware-as-a-service (RaaS) model. This means the developers provide the ransomware software to partners, known as “Medusa actors,” who carry out the attacks. These affiliates are often recruited from online criminal forums and are sometimes paid bonuses to work exclusively for Medusa. “Potential payments between $100 USD and $1 million USD are offered to these affiliates with the opportunity to …

CISA Adds Four Vulnerabilities to Catalog for Federal Enterprise

CISA Adds Four Vulnerabilities to Catalog for Federal Enterprise

Welcome. Tell us a little bit about you. This will help us provide you with customized content. First Name Last Name Job Title Company Name Company Size Select a size 1 – 4 5 – 9 10 – 24 25 – 49 50 – 99 100 – 249 250 – 499 500 – 999 1000 – 4999 5000 – 9999 9999+ Industry Select an industry Advertising, Public Relations, and Marketing Aerospace and Aviation Agriculture and Livestock Automotive Banking, Accounting, and Financial Business Services Computer and Technology Education: Higher Education: K-12 Engineering and Construction Entertainment and Tourism Food and Beverage Government: Federal Government: Local Government: State Healthcare Services Insurance Legal Services Manufacturing Media and Publishing Non-Profit Organizations Oil, Gas, and Mining Pharmaceuticals, Medicinals, and Chemicals Real Estate Retail, Wholesale, and Distributors Telecommunication Transportation and Shipping Utilities Travel and Hospitality Other Loading Submit Disclaimer: We do not own any of the content, ideas, images, or text presented here. All rights belong to their respective owners. For more information and to view the original source, please visit the …

CISA, FBI Release Guidance for Improving Cybersecurity

CISA, FBI Release Guidance for Improving Cybersecurity

On Dec. 3, the Federal Bureau of Investigation, the Cybersecurity and Infrastructure Security Agency, and international partners issued guidance on strengthening systems against intrusions by threat actors targeting telecommunications. The guidance was notably informed by recent breaches affiliated with the Chinese government. The recommendations come weeks after the FBI and CISA identified that China-affiliated threat actors had “compromised networks at multiple telecommunications companies.” Initially, the breaches were believed to target specific individuals in government or political roles. However, on Dec. 3, the FBI clarified that these individuals may not have been the intended targets but were instead “swept up” in the operation. T-Mobile was allegedly one of the affected companies. “Threat actors affiliated with the People’s Republic of China (PRC) are targeting commercial telecommunications providers to compromise sensitive data and engage in cyber espionage,” Assistant Director Bryan Vorndran of the FBI’s Cyber Division, said in a press release. “Together with our interagency partners, the FBI issued guidance to enhance the visibility of network defenders and to harden devices against PRC exploitation.” SEE: Live: AWS re:Invent …

Software Makers Encouraged to Stop Using C/C++ by 2026

Software Makers Encouraged to Stop Using C/C++ by 2026

The federal government is encouraging software manufacturers to ditch C/C++ and take other actions that could “reduce customer risk,” according to the Product Security Best Practices report. In particular, CISA and the FBI set a deadline of Jan. 1, 2026, for compliance with memory safety guidelines. The report covers guidelines and recommendations rather than mandatory rules, particularly for software manufacturers who work on critical infrastructure or national critical functions. The agencies specifically highlighted on-premises software, cloud services, and software-as-a-service. While it isn’t directly stated that using ‘unsafe’ languages could disqualify manufacturers from government work, and the report is “non-binding,” the message is straightforward: Such practices are inappropriate for any work classified as relevant to national security. “By following the recommendations in this guidance, manufacturers will signal to customers that they are taking ownership of customer security outcomes, a key Secure by Design principle,” the report states. Memory-unsafe programming languages introduce potential flaws The report describes memory-unsafe languages as “dangerous and significantly elevates risk to national security.” Development in memory-unsafe languages is the first practice the …

Public Boards Seek a Balance Between Innovation and Risk

Public Boards Seek a Balance Between Innovation and Risk

Public boards are bullish on artificial intelligence and generative AI as new key levers for growth and are taking measures to seize opportunities while mitigating mounting risks, a new survey finds. Directors realize “the full potential of technology deployment requires enhanced risk management, security, and compliance measures to safeguard their organizations and stakeholders,” according to the 2024 BDO Board Survey of nearly 250 public company directors. Risk and innovation: a symbiotic relationship At the same time, they are exercising caution, noting that innovation presents both a significant opportunity and risk. Some 17% of directors indicated that “advancing the use of emerging technology is a top strategic priority, while lagging implementation of emerging technology (72%) is a top-cited risk,’’ according to the report. “Risk and innovation have a symbiotic relationship for directors, for whom the need to move quickly to keep pace with customer demand, competition, and stakeholder expectations must be finely balanced with robust risk management and oversight.” The report notes that failing to adequately invest in either of these areas can potentially harm the …

The CISA is launching a ransomware warning program

The Cybersecurity and Infrastructure Security Agency, an arm of the Department of Homeland Security, is rolling out a program that warns organizations about potential ransomware attacks, CyberScoop reports. The program is currently running as a pilot and will be fully operational by the end of 2024. About 7,000 organizations have signed up for the pilot. So far, CISA has issued 2,049 warnings since the pilot was launched in January 2023. “The warning pilot is focused on reducing the prevalence of ransomware by using our vulnerability scanning tools to let businesses know if they have vulnerabilities that need to be patched,” CISA Director Jen Easterly told CyberScoop. To get alerts, organizations need to sign up for CISA’s cyber hygiene scanning tool. According to CISA’s FAQ page for the program, the tool “[e]valuates external network presence by executing continuous scans of public, static IPv4s for accessible services and vulnerabilities. This service provides weekly vulnerability reports and ad-hoc alerts.” Easterly added that CISA will also occasionally use its administrative subpoena power to identify the points of contact for …