Current Active Threats


Former DHS Official Charged with Stealing Govt Employees' PII Date: 2022-01-19
A former Department of Homeland Security acting inspector general pleaded guilty today to stealing confidential and proprietary software and sensitive databases from the US government containing employees' personal identifying information (PII). 61-year-old Charles Kumar Edwards coordinated the scheme while working for DHS-OIG (Department of Homeland Security, Office of Inspector General) as an employee and acting IG between February 2008 and December 2013.
Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

FCC Wants New Data Breach Reporting Rules for Telecom Carriers Date: 2022-01-14
The Federal Communications Commission (FCC) has proposed more rigorous data breach reporting requirements for telecom carriers in response to breaches that recently hit the telecommunications industry. On Wednesday, Chairwoman Jessica Rosenworcel shared the proposal in the form of a Notice of Proposed Rulemaking (NPRM), the first step in changing the FCC's rules for alerting federal agencies and customers of data breaches.
Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

A 'Massive' Hacking Attack Has Hit Government Websites in Ukraine Date: 2022-01-14
A 'massive' cyberattack has taken down several government websites in Ukraine, including the Ukrainian Foreign Ministry and the Ministry of Education and Science. The cyberattack occurred overnight on Thursday and Friday morning, and it took down more than a dozen official websites, disrupting government work and raising questions about whether Russia was signaling that a new offensive against Ukraine was getting underway. A statement by Ukranian police says cyber attackers left "provocative messages" on the main pages of government websites, which have been taken offline – but no personal data has been altered or stolen.
Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Cisco Releases Patch for Critical Bug Affecting Unified CCMP and Unified CCDM Date: 2022-01-14
Cisco Systems has rolled out security updates for a critical security vulnerability affecting Unified Contact Center Management Portal (Unified CCMP) and Unified Contact Center Domain Manager (Unified CCDM) that could be exploited by a remote attacker to take control of an affected system. Tracked as CVE-2022-20658, the vulnerability has been rated 9.6 in severity on the CVSS scoring system, and concerns a privilege escalation flaw arising out of a lack of server-side validation of user permissions that could be weaponized to create rogue Administrator accounts by submitting a crafted HTTP request.
Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Free Unofficial Patch for Windows ‘RemotePotato0’ Now Available Date: 2022-01-14
The privilege escalation flaw was discovered by an expert from Sentinel LABS, by his name Antonio Cocomazzi together with Andrea Pierini, an independent researcher. They named it RemotePotato0 and disclosed it during the month of April last year. An unofficial patch was released for a privilege escalation vulnerability that has an impact on all versions of Windows after Microsoft tagged its status as “won’t fix”. The flaw is located in the Windows RPC Protocol and was dubbed RemotePotato0 by security researchers. If successfully exploited, threat actors could perform an NTLM relay attack that will give them domain admin privileges.
Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

US Links MuddyWater Hacking Group to Iranian Intelligence Agency Date: 2022-01-14
US Cyber Command (USCYBERCOM) has officially linked the Iranian-backed MuddyWatter hacking group to Iran's Ministry of Intelligence and Security (MOIS). MOIS is the Iran government's leading intelligence agency, tasked with coordinating the country's intelligence and counterintelligence, as well as covert actions supporting the Islamic regime's goals beyond Iran's borders.
Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

KCodes NetUSB Flaw Impacts Millions of SOHO Routers Date: 2022-01-14
Cybersecurity researchers from SentinelOne have discovered a critical vulnerability (CVE-2021-45608) in KCodes NetUSB component that is present in millions of end-user routers from different vendors, including Netgear, TP-Link, Tenda, EDiMAX, D-Link, and Western Digital.
Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Jail’s Inability to Deal With Cyberattack Could Violate the Constitutional Rights of Inmates Date: 2022-01-14
A prison in New Mexico had an unplanned lockdown due to a ransomware attack. As reported by Source NM, the Metropolitan Detention Center in Bernalillo County, New Mexico, went into lockdown on January 5, 2022, after cyberattackers infiltrated Bernalillo County systems and deployed malware. Inmates were made to stay in their cells as the ransomware outbreak reportedly not only knocked out the establishment's internet but also locked staff out of data management servers and security camera networks.
Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Microsoft RDP Bug Enables Data Theft, Smart-Card Hijacking Date: 2022-01-14
Microsoft Windows systems going back to at least Windows Server 2012 R2 are affected by a vulnerability in the Remote Desktop Services protocol that gives attackers, connected to a remote system via RDP, a way to gain file system access on the machines of other connected users. Threat actors that exploit the flaw can view and modify clipboard data or impersonate the identities of other users logged in to the machine in order to escalate privileges or to move laterally on the network, researchers from CyberArk discovered recently. They reported the issue to Microsoft, which issued a patch for the flaw (CVE-2022-21893) in its security update for January this Tuesday.
Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

First Patch Tuesday of 2022 Brings Fix for a Critical 'Wormable' Windows Vulnerability Date: 2022-01-12
Of the 96 vulnerabilities, nine are rated Critical and 89 are rated Important in severity, with six zero-day publicly known at the time of the release. This is in addition to 29 issues patched in Microsoft Edge on January 6, 2022. None of the disclosed bugs are listed as under attack. The patches cover a swath of the computing giant's portfolio, including Microsoft Windows and Windows Components, Exchange Server, Microsoft Office and Office Components, SharePoint Server, .NET Framework, Microsoft Dynamics, Open-Source Software, Windows Hyper-V, Windows Defender, and Windows Remote Desktop Protocol (RDP)
Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

KCodes NetUSB Kernel Remote Code Execution Flaw Impacts Millions of Devices Date: 2022-01-11
A high-impact vulnerability allowing remote code execution to take place has impacted millions of end-user router devices. On Tuesday, SentinelOne published an analysis of the bug, tracked as CVE-2021-45388 and deemed critical by the research team. The vulnerability impacts the KCodes NetUSB kernel module. KCodes solutions are licensed by numerous hardware vendors to provide USB over IP functionality in products including routers, printers, and flash storage devices.
Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Extortion DDoS Attacks Grow Stronger And More Common Date: 2022-01-11
In the fourth quarter of last year, about a quarter of Cloudflare's customers that were the target of a DDoS attack said that they received a ransom note from the perpetrator. A large portion of these attacks occurred in December 2021, when almost a third of Cloudflare customers reported receiving a ransom letter. By comparison with the previous month, the number of reported DDoS ransom attacks was double, Cloudflare says in a blog post today.
Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Four Million Outdated log4j Downloads Were Served from Apache Maven Central Date: 2022-01-11
There have been millions of downloads of outdated, vulnerable Log4j versions despite the emergence of a serious security hole in December 2021, according to figures compiled by the firm that runs Apache Maven's Central Repository. That company, Sonatype, said it had seen four million downloads of exploitable Log4j versions from the repository alone between 10 December and the present day, out of a total of more than 10 million downloads over those past four weeks.
Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Extortion DDoS Attacks Grow Stronger and More Common Date: 2022-01-11
AvosLocker is the latest ransomware gang that has added support for encrypting Linux systems to its recent malware variants, specifically targeting VMware ESXi virtual machines.
Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure Date: 2022-01-11
CISA, the FBI, and NSA encourage the cybersecurity community—especially critical infrastructure network defenders—to adopt a heightened state of awareness and to conduct proactive threat hunting, as outlined in the Detection section. Additionally, CISA, the FBI, and NSA strongly urge network defenders to implement the recommendations listed below and detailed in the Mitigations section. These mitigations will help organizations improve their functional resilience by reducing the risk of compromise or severe business degradation.
Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

If Hackers Are Exploiting the log4j Flaw, CISA Says We Might Not Know Yet Date: 2022-01-11
Federal officials cautioned Monday that, while the widespread Log4j vulnerability hasn’t led to any major known intrusions in the U.S., there could be a “lag” between when the flaw became known, and when attackers exploit it. Cybersecurity and Infrastructure Security Agency Director Jen Easterly said that there were months between the discovery of the vulnerability that led to the 2017 Equifax breach, which exposed the personal information of nearly 150 million Americans, and word of the breach itself, invoking one of the most notable hacks in history.
Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

US NCSC and DoS Share Best Practices Against Surveillance Tools Date: 2022-01-10
The US National Counterintelligence and Security Center (NCSC) and the Department of State have published joint guidance that provides best practices on defending against attacks carried out by threat actors using commercial surveillance tools. In the last few years, we have reported several cases of companies selling commercial surveillance tools to governments and other entities that have used them for malicious purposes
Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

SonicWall Email Security and Firewall Products Impacted by the Y2K22 Vulnerability Date: 2022-01-10
Last week, Internet appliances provider SonicWall revealed that the Y2K22 weakness has affected several of its email security and firewall products, leading to message log updates and junk box malfunctions starting January 1st, 2022. Although SonicWall didn’t give any details on what is causing the Y2K22 vulnerability in its security solutions, the tech company is not the only one dealing with this problem.
Contact Us For Full Threat Report, Analyst Comments & Mitigation Steps

Contact LACyber

LACyber's main office is located at 155 Great Arrow, Buffalo New York. Our main office phone number is (716) 871-7040.

Location:

155 Great Arrow, Buffalo, NY 14207

Call:

+1 716 871-7040

Loading
Your message has been sent. Thank you!