Items tagged with cisa
One of the top U.S. fuel pipeline operators had to shutter its network this weekend due to a nasty ransomware attack. This effectively shut down approximately half of the East Coast’s fuel for both air and ground transportation. Though home heating oil prices are not expected to increase as a result, this does raise concerns about how vulnerable U.S. critical infrastructure is after seeing how disruptive this attack was. Colonial Pipeline is one of the largest pipeline operators in the United States, with over 5,500 miles of pipe delivering 100 million gallons of fuel across 14 different states and directly serving seven airports. The network, which you can see below, spans from New...
Read more...
Though Microsoft Exchange servers are quickly being patched, hackers have been ramping up their efforts to take advantage of the situation while they still can. As such, the United States Cybersecurity and Infrastructure Security Agency (CISA), a division of Homeland Security, has hardened its requirements for government agencies in hopes of thwarting future attacks. "Given the powerful privileges that Exchange manages by default and the amount of potentially sensitive information that is stored in Exchange servers operated and hosted by (or on behalf of) federal agencies, Exchange servers are a primary target for adversary activity," CISA says. CISA notes its partners have observed active exploitation...
Read more...
Nuclear bombs and electromagnetic pulses are heard about in pop culture, but is it a real threat in the modern era? A U.S Air Force base in Texas seems to think there is at least some risk and is surveying a facility to find anything vulnerable to EMP attacks. Officials at Joint Base San Antonio in Lackland, Texas, recently issued a bid request to survey a facility called the Petroleum, Oil, and Lubrication Complex. This survey would help identify any electronics or other equipment that could be vulnerable to an EMP before a further investigation occurs. Following both the survey and deeper investigation, the Air Force would look into protecting the equipment should an EMP attack occur....
Read more...
We reported yesterday that Microsoft patched four zero-day vulnerabilities affecting Microsoft Exchange servers. As it turns out, Chinese hackers exploited these vulnerabilities in the wild and seemingly managed to ensnare the U.S. Government. The Department of Homeland Security has now published an emergency directive instructing any government agency with Microsoft Exchange servers on-premises to patch immediately. According to Microsoft, “a group assessed to be state-sponsored and operating out of China” gained access to email as well as installed persistent malware through Exchange server vulnerabilities. It is believed that the hackers primarily targeted “entities...
Read more...
Earlier this month, the National Security Agency (NSA) issued a warning to Windows users -- especially businesses running older versions of Windows -- to patch their systems against the BlueKeep wormable exploit. At the time, the NSA wrote, "NSA is concerned that malicious cyber actors will use the vulnerability in ransomware and exploit kits containing other known exploits, increasing capabilities against other unpatched systems." Now the Cybersecurity and Infrastructure Security Agency (CISA) – the cybersecurity wing of the Department of Homeland Security -- is issuing its own warning about BlueKeep and the danger it poses to unpatched Windows systems. As we've previously...
Read more...
