HackDig : Dig high-quality web security articles for hackers

Cybercriminals want your cloud services accounts, CISA warns

On January 13 the Cybersecurity and Infrastructure Security Agency (CISA) issued a warning about several recent successful cyberattacks on various organizations’ cloud services. What methods did the attackers use? In the initial phase, the victims were targeted by phishing emails trying to capture the credentials of a cloud service account. Once the at
Publish At:2021-01-14 18:42 | Read:82 | Comments:0 | Tags:Awareness bec brute force cisa cloud services IOCs mfa pass-

CISA Warns Organizations About Attacks on Cloud Services

In light of successful cyberattacks targeting organizations’ cloud services, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published a series of recommendations on how businesses can improve their cloud security.The attacks observed by CISA exploit poor cyber hygiene practices within cloud services configurations, and the agency says t
Publish At:2021-01-14 14:59 | Read:133 | Comments:0 | Tags:NEWS & INDUSTRY Identity & Access Risk Management Cl

CISA Warns of Cloud Attacks Exploiting Poor Cyber-Hygiene

A US cybersecurity agency is urging organizations to improve their cyber-hygiene after warning of multiple successful attacks targeting cloud services used by remote workers.The Cybersecurity and Infrastructure Security Agency (CISA) revealed in a report yesterday that attackers are increasingly targeting corporate and personal laptops with phishing, br
Publish At:2021-01-14 10:02 | Read:71 | Comments:0 | Tags: Cloud exploit CISA cyber

CISA warns of recent successful cyberattacks against cloud service accounts

The US CISA revealed that several recent successful cyberattacks against various organizations’ cloud services.  The Cybersecurity and Infrastructure Security Agency (CISA) announced that several recent successful cyberattacks hit various organizations’ cloud services. According to the agency, the attackers conducted phishing campaigns and exploited p
Publish At:2021-01-14 08:30 | Read:100 | Comments:0 | Tags:Breaking News Security CISA cloud service Hacking hacking ne

CISA: Hackers bypassed MFA to access cloud service accounts

The US Cybersecurity and Infrastructure Security Agency (CISA) said today that threat actors bypassed multi-factor authentication (MFA) authentication protocols to compromise cloud service accounts."CISA is aware of several recent successful cyberattacks against various organizations’ cloud services," the cybersecurity agency said on Wednesday."The cyb
Publish At:2021-01-13 21:07 | Read:90 | Comments:0 | Tags:Security Cloud CISA hack

SolarWinds hackers also used common hacker techniques, CISA revealed

CISA revealed that threat actors behind the SolarWinds hack also used password guessing and password spraying in its attacks. Cybersecurity and Infrastructure Security Agency (CISA) revealed that threat actors behind the SolarWinds supply chain attack also employed common hacker techniques to compromise the networks of the targeted organizations, includin
Publish At:2021-01-09 11:30 | Read:181 | Comments:0 | Tags:Breaking News Cyber warfare Hacking Security CISA informatio

SolarWinds Taps Firm Started by Ex-CISA Chief Chris Krebs, Former Facebook CSO Alex Stamos

SolarWinds Hires New Cybersecurity Firm Founded by Former CISA Director Chris Krebs and Alex Stamos, Former Security Chief at Yahoo and FacebookFollowing a significant security incident that sent shockwaves through the global cybersecurity community, SolarWinds has hired a newly formed cybersecurity consulting firm founded by Chris Krebs, former director of
Publish At:2021-01-08 14:41 | Read:153 | Comments:0 | Tags:NEWS & INDUSTRY Incident Response CISA CSO

FBI, CISA, ODNI and NSA blames Russia for SolarWinds hack

A joint statement issued by US security agencies confirmed that Russia was likely the origin of the SolarWinds supply chain attack. The US agencies FBI, CISA, ODNI, and the NSA released a joint statement that blames Russia for the SolarWinds supply chain attack. On behalf of President Trump, the four agencies were part of the task force Cyber Unified C
Publish At:2021-01-05 21:42 | Read:158 | Comments:0 | Tags:Breaking News Hacking Intelligence CISA FBI hacking news inf

CISA demands US govt agencies to update SolarWinds Orion software

US Cybersecurity and Infrastructure Security Agency (CISA) urges US federal agencies to update the SolarWinds Orion software by the end of the year. The US Cybersecurity and Infrastructure Security Agency (CISA) has updated its official guidance to order US federal agencies to update the SolarWinds Orion platforms by the end of the year. According to
Publish At:2020-12-30 17:30 | Read:222 | Comments:0 | Tags:Breaking News Hacking CISA hacking news information security

CISA releases a PowerShell-based tool to detect malicious activity in Azure, Microsoft 365

Cybersecurity and Infrastructure Security Agency (CISA) released a tool for detecting potentially malicious activities in Azure/Microsoft 365 environments. The Cybersecurity and Infrastructure Security Agency (CISA)’s Cloud Forensics team has released a PowerShell-based tool, dubbed Sparrow, that can that helps administrators to detect anomalies and
Publish At:2020-12-29 10:18 | Read:181 | Comments:0 | Tags:Breaking News Hacking Security Azure CISA hacking news infor

CISA releases Azure, Microsoft 365 malicious activity detection tool

The Cybersecurity and Infrastructure Security Agency (CISA) has released a PowerShell-based tool that helps detect potentially compromised applications and accounts in Azure/Microsoft 365 environments.This comes after Microsoft disclosed how stolen credentials and access tokens are actively being used by threat actors to target Azure customers.Azure administ
Publish At:2020-12-28 15:07 | Read:251 | Comments:0 | Tags:Security CISA

CISA Issues ICS Advisory for New Vulnerabilities in Treck TCP/IP Stack

Security updates available for the Treck TCP/IP stack address two critical vulnerabilities leading to remote code execution or denial-of-service. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory to warn organizations using industrial control systems (ICS) about the risks posed by these flaws.A low-level TCP/IP software
Publish At:2020-12-22 13:11 | Read:254 | Comments:0 | Tags:NEWS & INDUSTRY SCADA / ICS Risk Management Vulnerabilit

NSA, CISA Warn of Attacks on Federated Authentication

While incident responders focus on attacks using SolarWinds Orion, government cyber defenders highlight other methods likely being used as well.An attacker-modified update to the SolarWinds Orion network management product that compromised thousands of companies and government agencies is likely not the only way Russian attackers infiltrated networks, accord
Publish At:2020-12-21 17:38 | Read:170 | Comments:0 | Tags: CISA

FBI, CISA, ODNI Describe Response to SolarWinds Attack

The FBI, the DHS’s Cybersecurity and Infrastructure Security Agency (CISA), and the Office of the Director of National Intelligence (ODNI) have issued a joint statement outlining each of their roles in investigating and responding to the recently disclosed SolarWinds breach, which they described as a “significant and ongoing cybersecurity campaign.”The organ
Publish At:2020-12-17 16:11 | Read:280 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Incident Response Tr

Supply Chain Attack: CISA Warns of New Initial Attack Vectors Posing 'Grave Risk'

U.S. Agency Says SolarWinds Orion Supply Chain Compromise is Not the Only Initial Infection Vector Leveraged by APT Actor The U.S. government on Thursday added a new wrinkle to the global emergency response to the SolarWinds software supply chain attack, warning there are “additional initial access vectors” that have not yet been documented.As the incid
Publish At:2020-12-17 16:11 | Read:161 | Comments:0 | Tags:NEWS & INDUSTRY Incident Response CISA

Tools

Tag Cloud