FBI and CISA Publish a PSA on Malicious Cyber Activity Against Election Infrastructure

/in ,

Original release date: October 5, 2022

The Federal Bureau of Investigation (FBI) and CISA have published a joint public service announcement that:

  • Assesses malicious cyber activity aiming to compromise election infrastructure is unlikely to result in large-scale disruptions or prevent voting.
  • Confirms “the FBI and CISA have no reporting to suggest cyber activity has ever prevented a registered voter from casting a ballot, compromised the integrity of any ballots cast, or affected the accuracy of voter registration information.”

The PSA also describes the extensive safeguards in place to protect election infrastructure and includes recommendations for protecting against election-related cyber threats.

This product is provided subject to this Notification and this Privacy & Use policy.

Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization

/in ,

Original release date: October 4, 2022

CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have released a joint Cybersecurity Advisory (CSA), Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization, highlighting advanced persistent threat (APT) activity observed on a Defense Industrial Base (DIB) Sector organization’s enterprise network. ATP actors used the open-source toolkit, Impacket, to gain a foothold within the environment and data exfiltration tool, CovalentStealer, to steal the victim’s sensitive data.

Joint Cybersecurity Advisory AA22-277A provides the APT actors tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs). CISA, FBI, and NSA recommend DIB sector and other critical infrastructure organizations implement the mitigations in this CSA to ensure they are managing and reducing the impact of APT cyber threats to their networks.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA Releases Five Industrial Control Systems Advisories

/in ,

Original release date: October 4, 2022

CISA has released five (5) Industrial Control Systems (ICS) advisories on October 04, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations:

•    ICSA-22-277-01 Johnson Controls Metasys ADX Server
•    ICSA-22-277-02 Hitachi Energy Modular Switchgear Monitoring
•    ICSA-22-277-03 Horner Automation Cscape
•    ICSA-22-277-04 Omron CX-Programmer
•    ICSMA-22-277-01 BD Totalys MultiProcessor

This product is provided subject to this Notification and this Privacy & Use policy.

CISA Issues Binding Operational Directive 23-01: Improving Asset Visibility and Vulnerability Detection on Federal Networks

/in ,

Original release date: October 3, 2022

CISA has issued Binding Operational Directive (BOD) 23-01: Improving Asset Visibility and Vulnerability Detection on Federal Networks, which seeks improve asset visibility and vulnerability enumeration across the federal enterprise.

Although BOD 23-01 is only applicable to federal civilian executive branch (FCEB) agencies, CISA recommends all stakeholders review and incorporate the standards it sets forth. Doing so will ensure asset management and vulnerability detection practices that will strengthen their organization’s cyber resilience.

This product is provided subject to this Notification and this Privacy & Use policy.