New Threat Research: MalSync Teardown: From DLL Hijacking to PHP Malware for Windows  

Read Threat Research

Search

CISA Alert: Threats to Critical Infrastructure

On Tuesday January 11, 2022, the Cybersecurity and Infrastructure Security Agency (CISA) released a joint advisory with the Federal Bureau of Investigation (FBI) and the National Security Agency (NSA) focusing on Russian state-sponsored threats to U.S. critical infrastructure. While the agency did not mention any specific incidents or intelligence prompting the advisory, they did provide a list of vulnerabilities used in attacks on “Defense Industrial Base as well as the Healthcare and Public Health, Energy, Telecommunications, and Government Facilities Sectors” including:

  • CVE-2018-13379 FortiGate VPNs
  • CVE-2019-1653 Cisco router
  • CVE-2019-2725 Oracle WebLogic Server
  • CVE-2019-7609 Kibana
  • CVE-2019-9670 Zimbra software
  • CVE-2019-10149 Exim Simple Mail Transfer Protocol
  • CVE-2019-11510 Pulse Secure
  • CVE-2019-19781 Citrix
  • CVE-2020-0688 Microsoft Exchange
  • CVE-2020-4006 VMWare (note: this was a zero-day at time.)
  • CVE-2020-5902 F5 Big-IP
  • CVE-2020-14882 Oracle WebLogic
  • CVE-2021-26855 Microsoft Exchange

Analyst Notes

CISA puts out valuable information. It is highly recommended to subscribe to their alerts and tailor to you and your organization’s interests. Along with general technical information, they include actionable guidance in reference to detection, incident response, mitigation, and defensive posturing. In relation to this specific advisory, CISA, the FBI, and the NSA strongly urge network defenders to implement the recommended mitigations for each of the vulnerabilities listed above as outlined in their report.

https://www.cisa.gov/uscert/ncas/alerts/aa22-011a

https://www.ncsc.gov.uk/news/joint-advisory-further-ttps-associated-with-svr-cyber-actors