Trending

#CISAadvisory

Latest posts tagged with #CISAadvisory on Bluesky

Latest Top
Trending
#Illinois Primaries #The Archers #European Politics #Trump's NATO Stance #US-Iran Relations #ICE Custody #Joe Kent #St. Patrick's Day #World Baseball Classic #Rachel Maddow #Illinois Primaries #The Archers #European Politics #Trump's NATO Stance #US-Iran Relations #ICE Custody #Joe Kent #St. Patrick's Day #World Baseball Classic #Rachel Maddow

Posts tagged #CISAadvisory

CySecurity News
CySecurity News
@cysecuritynews.bsky.social
1 month ago
Preview
CISA Warns of Actively Exploited SmarterMail Flaw Used in Ransomware Attacks  CISA includes a fresh SmarterMail weakness in its KEV list - this marks the third such addition linked to the messaging system within fourteen days. Identified as CVE-2026-24423, the security gap faces real-world abuse during ransom operations. Evidence points to sustained interest in compromising SmarterTools’ broadly adopted software suite.  Another entry joins a pair of prior SmarterMail flaws listed in the KEV database since January 26. One was tagged CVE-2025-52691 - marked by unchecked uploads of hazardous files. The second, assigned CVE-2026-23760, let attackers skip login checks entirely. Analysis came first from experts at watchTowr, who unpacked how each could be triggered. Once those specifics emerged, several security teams observed active attacks; the login flaw saw more frequent abuse. Although both were dissected publicly, it was the broken verification that drew wider misuse.  A security issue labeled CVE-2026-24423 arises because a key part of SmarterMail - the ConnectToHub API - lacks proper access checks. Versions before v100.0.9511 are exposed, letting outsiders run harmful code remotely. Instead of requiring login details, hackers exploit it by submitting a modified POST message. This leads to direct command control on the target machine through intentional input manipulation.  Separate findings came from teams at watchTowr, CODE WHITE GmbH, and VulnCheck. As noted by Cale Black of VulnCheck, the affected endpoint skips any login checks - opening a way to set up server directory links remotely. Because that setup pulls instructions directly from an outside machine under attacker influence, control is effectively handed over. Those instructions appear as support routines inside the system. Once SmarterMail reads them, they run unchecked on whatever platform hosts the software.  Starting at the ConnectToHub endpoint, the process handles a remote address sent via one particular parameter. Afterward, communication initiates from the SmarterMail server toward a machine controlled by the attacker. That system replies - not with ordinary data - but with settings containing command inputs meant to run. Provided minimal checks are satisfied, execution follows without further barriers. Control over the compromised environment expands widely under these conditions.  By February 26, 2026, U.S. federal civilian agencies must fix the vulnerability - this stems from ongoing attacks involving ransomware. Though only binding for federal bodies, its listing in CISA’s KEV catalog hints at wider exposure across any organization using affected SmarterMail versions. Not just government systems face potential harm; real-world misuse raises stakes beyond official mandates.  Right now, updating to the newest SmarterMail release is a top priority, according to analysts watching threats closely. Instead of waiting, teams managing large systems should examine log data - especially activity tied to the open ConnectToHub interface, since probes might show up as odd patterns in API traffic. What stands out is how quickly multiple flaws in SmarterMail entered official exploit databases, signaling that delays in patching could lead to real breaches. Because of this, those overseeing network access must act fast while rethinking how exposed their mail platforms really are.

CISA Warns of Actively Exploited SmarterMail Flaw Used in Ransomware Attacks #CISA #CISAadvisory #CISAKEVcatalog

0 0 0 0
CyberTaters
CyberTaters
@potato.software
3 months ago

CISA-Advisory warnt vor Attacken auf KRITIS

@CheckPointSW #CISAAdvisory #Potatoangriff #Potatosecurity #PotatosecurityandInfrastructureSecurityAgency #Potatosicherheit #KRITIS #kritischeInfrastruktur #Potatowar

netzpalaver.de/2025/...

0 0 0 0
Ralf Ladner
Ralf Ladner
@ralf-ladner.bsky.social
3 months ago
Post image Post image

CISA-Advisory warnt vor Attacken auf KRITIS

@CheckPointSW #CISAAdvisory #Cyberangriff #Cybersecurity #CybersecurityandInfrastructureSecurityAgency #Cybersicherheit #KRITIS #kritischeInfrastruktur #Cyberwar

netzpalaver.de/2025/...

0 0 0 0
CySecurity News
CySecurity News
@cysecuritynews.bsky.social
3 months ago
Preview
CISA Warns of Spyware Gangs Targeting Signal and WhatsApp Users  The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about state-backed threat actors and cyber-mercenaries actively exploiting commercial spyware to compromise Signal and WhatsApp accounts belonging to high-value targets. The alert, published in late November 2025, reveals that attackers are bypassing encryption protocols through sophisticated social engineering, spoofed applications, and zero-click exploits rather than breaking the encryption itself. Targeted victims CISA identifies the primary targets as high-value individuals including current and former senior government officials, military personnel, political figures, and civil society organizations across the United States, Middle East, and Europe. Attackers establish initial access through spyware deployment, then use that foothold to deliver additional malicious payloads and expand their control over compromised devices. Modus operandi  The campaigns employ multiple sophisticated techniques to sidestep encryption protections. Russia-aligned groups including Sandworm and Turla exploited Signal's linked devices feature by tricking victims into scanning malicious QR codes, allowing attackers to quietly add their own devices to accounts and intercept messages in real time. Palo Alto Networks' Unit 42 uncovered the LANDFALL spyware campaign targeting Samsung Galaxy devices through a zero-click WhatsApp exploit that required only sending a malicious image to compromise the device upon receipt. Additional campaigns relied on app impersonation tactics, with ProSpy and ToSpy masquerading as legitimate applications like Signal and TikTok to harvest chat data, recordings, and files. Zimperium researchers identified ClayRat, an Android spyware family distributed across Russia through counterfeit Telegram channels and phishing sites impersonating WhatsApp, TikTok, and YouTube. Policy implications The alert arrives during increased scrutiny of commercial spyware vendors. The US government recently prohibited NSO Group from targeting WhatsApp users with Pegasus spyware, and the House of Representatives banned WhatsApp from staff devices earlier in 2025 due to security concerns. CISA's warning underscores a critical reality: attackers are not breaking encryption algorithms but instead exploiting vulnerabilities in the underlying devices and application features that encrypted messengers rely upon.

CISA Warns of Spyware Gangs Targeting Signal and WhatsApp Users #CISAadvisory #MobileSecurity #Spyware

0 0 0 0
CySecurity News
CySecurity News
@cysecuritynews.bsky.social
7 months ago
Preview
CISA Urges Immediate Patching of Critical SysAid Vulnerabilities Amid Active Exploits  The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert about two high-risk vulnerabilities in SysAid’s IT service management (ITSM) platform that are being actively exploited by attackers. These security flaws, identified as CVE-2025-2775 and CVE-2025-2776, can enable unauthorized actors to hijack administrator accounts without requiring credentials.  Discovered in December 2024 by researchers at watchTowr Labs, the two vulnerabilities stem from XML External Entity (XXE) injection issues. SysAid addressed these weaknesses in March 2025 through version 24.4.60 of its On-Premises software. However, the urgency escalated when proof-of-concept code demonstrating how to exploit the flaws was published just a month later, highlighting how easily bad actors could access sensitive files on affected systems.  Although CISA has not provided technical specifics about the ongoing attacks, it added the vulnerabilities to its Known Exploited Vulnerabilities Catalog. Under Binding Operational Directive 22-01, all Federal Civilian Executive Branch (FCEB) agencies are required to patch their systems by August 12. CISA also strongly recommends that organizations in the private sector act swiftly to apply the necessary updates, regardless of the directive’s federal scope.  “These vulnerabilities are commonly exploited by malicious cyber actors and present serious threats to government systems,” CISA stated in its warning. SysAid’s On-Prem solution is deployed on an organization’s internal infrastructure, allowing IT departments to manage help desk tickets, assets, and other services. According to monitoring from Shadowserver, several dozen SysAid installations remain accessible online, particularly in North America and Europe, potentially increasing exposure to these attacks.  Although CISA has not linked these specific flaws to ransomware campaigns, the SysAid platform was previously exploited in 2023 by the FIN11 cybercrime group, which used another vulnerability (CVE-2023-47246) to distribute Clop ransomware in zero-day attacks. Responding to the alert, SysAid reaffirmed its commitment to cybersecurity. “We’ve taken swift action to resolve these vulnerabilities through security patches and shared the relevant information with CISA,” a company spokesperson said. “We urge all customers to ensure their systems are fully up to date.”  SysAid serves a global clientele of over 5,000 organizations and 10 million users across 140 countries. Its user base spans from startups to major enterprises, including recognized brands like Coca-Cola, IKEA, Honda, Xerox, Michelin, and Motorola.

CISA Urges Immediate Patching of Critical SysAid Vulnerabilities Amid Active Exploits #CISA #CISAadvisory #CVE

0 0 0 0
CySecurity News
CySecurity News
@cysecuritynews.bsky.social
8 months ago
Preview
CISA Warns of Renewed Exploits Targeting TP-Link Routers with Critical Flaws  The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has raised fresh concerns about several outdated TP-Link router models that are being actively exploited by cybercriminals. Despite the flaw being identified years ago, it has re-emerged in recent attack campaigns, prompting its addition to CISA’s Known Exploited Vulnerabilities (KEV) catalog.  The security issue is a command injection vulnerability with a high severity rating of 8.8. It impacts three specific models: TP-Link TL-WR940N, TL-WR841N, and TL-WR740N. The flaw exists within the routers’ web-based management interface, where improperly validated input allows hackers to execute unauthorized commands directly on the devices. This makes it possible for attackers to gain control of the routers remotely if remote access is enabled, or locally if they’re on the same network.  Although this vulnerability has been publicly known for years, recent activity suggests that malicious actors are targeting these devices once again. According to cybersecurity researchers, the attack surface remains significant because these routers are still in use across many households and small offices.  CISA has mandated that all federal agencies remove the affected router models from their networks by July 7, 2025. It also strongly recommends that other organizations and individuals replace the devices to avoid potential exploitation.  The affected routers are particularly vulnerable because they are no longer supported by the manufacturer. The TL-WR940N last received a firmware update in 2016, the TL-WR841N in 2015, and the TL-WR740N has gone without updates for over 15 years. As these devices have reached end-of-life status, no further security patches will be provided. Users are urged to upgrade to newer routers that are regularly updated by manufacturers.  Modern Wi-Fi routers often include enhanced performance, support for more devices, and built-in security protections. Some brands even offer network-wide security features to safeguard connected devices against malware and intrusion attempts. Additionally, using antivirus software with extra security tools, such as VPNs and threat detection, can further protect against online threats.  Outdated routers not only put your personal information at risk but also slow down internet speed and struggle to manage today’s connected home environments. Replacing obsolete hardware is an important step in defending your digital life.  Ensuring you’re using a router that receives timely security updates, combined with good cybersecurity habits, can significantly reduce your exposure to cyberattacks.  CISA’s warning is a clear signal that relying on aging technology leaves both individuals and organizations vulnerable to renewed threats.

CISA Warns of Renewed Exploits Targeting TP-Link Routers with Critical Flaws #CISA #CISAadvisory #CISAwarning

0 0 0 0
CySecurity News
CySecurity News
@cysecuritynews.bsky.social
11 months ago
Preview
Medusa Ransomware Attacks: CISA, FBI, and MS-ISAC Issue #StopRansomware Advisory  The Cybersecurity and Infrastructure Security Agency (CISA), in partnership with the FBI and the Multi-State Information Sharing and Analysis Center (MS-ISAC), has issued a #StopRansomware advisory, warning organizations about the increasing threat of…

Medusa Ransomware Attacks: CISA, FBI, and MS-ISAC Issue #StopRansomware Advisory #CISAampFBI #CISAadvisory #CyberAttacks

0 0 0 0