CISA warns that its Chemical Security Assessment Tool (CSAT) was hacked in January. Hackers used a webshell on the Ivanti device, which may have exposed important security assessments and plans. In March, The Record revealed that CISA had a breach after the Ivanti device was exploited, leading to two systems …

LockBit claimed that it breached Federal Reserve Board (Federalreserve.gov), the central banking system of the United States and exfiltrated 33 TB of sensitive data, including “Americans’ banking secrets.” “The group announced to release the stolen data on 25 June, 2024 20:27:10 UTC.” According to the post by the LockBit ransomware …

Cyber attack compromised Indonesia’s national data center, causing trouble with immigration checks at airports. Attacker demanded an $8 million ransom, Reuters reported. The attack caused problems for government services, especially at airports, with long lines at immigration desks. The communications ministry said that automated passport machines are now working. Minister …

ESET Issued security patch for privilege escalation flaw in its Windows security products. This flaw, called CVE-2024-2003 (CVSS 7.3), was found by the Zero Day Initiative (ZDI). It could have let attackers gain access to important files and folders without permission. The vulnerability exploited ESET’s file operations while restoring quarantined …

A threat offer to sell a zero-day exploit for Atlassian’s Jira in a underground forum. This exploit can be used on the latest version of Jira desktop app and Jira integrated with Confluence.  According to the offer, It does not require any login credentials and can also work with Okta …

The US plans to ban the sale of Kaspersky antivirus software due to its alleged ties to the Kremlin. Gina Raimondo, the US Commerce Secretary, said that Moscow’s control over the company was a big threat to US infrastructure and services. She said that the US was compelled to take …

A group believed to be linked to China has hacked multiple telecom operators in an Asian country since 2021, according to the Symantec Threat Hunter Team. The attackers used tools linked to Chinese spying groups. They installed several backdoors on targeted companies’ networks to steal passwords. “The attacks have been …

Certified Information Systems Auditor (CISA) is a globally recognized professional certification for information systems audit, control, and security. It’s offered by ISACA (Information Systems Audit and Control Association). CISA holders demonstrate expertise in assessing an organization’s IT controls and processes to identify and manage risks. The CISA Review Manual, 28th …

DataDog Security Labs found a worrying campaign targeting Amazon Web Services (AWS), showing a new wave of harmful activity aimed at compromising important cloud resources. The attackers are using various methods, focusing on finding and possibly stealing data from AWS Secrets Manager, S3 buckets, and S3 Glacier vaults. Between May …

CISA and the FBI released guidance, Modern Approaches to Network Access Security, with support from other organizations including New Zealand’s GCSB, CERT-NZ, and the Canadian CCCS. Business owners of all sizes are encouraged to adopt stronger security solutions like Zero Trust, Secure Service Edge (SSE), and Secure Access Service Edge …