CISA Archives

‘The most common malware variants are almost 20 years old’

CISA and ACSC shared an overview of the 11 most common malware variants of 2021. Most variants have been active for years. The list includes ransomware, remote access trojans (RATs), banking trojans and information stealers. Most variants have been active for more than five years. Cybercriminal... Read more

13 days ago

CISA issues warning about VMware and F5 vulnerabilities

The threats could impact a large number of companies, the agency says. The U.S. Cybersecurity and Infrastructure Security Agency has issued alerts about five software vulnerabilities that likely affect a large number of organizations. Four of the vulnerabilities were found in VMware Inc. prod... Read more

3 months ago

New zero-day in Java Log4j is vulnerable to attacks

The newly discovered zero-day vulnerability allows attackers to gain complete control of organizational systems and servers. A new vulnerability has come forth in Java logging library Apache Log4j, allowing attackers to access servers. This recent weakness is coined as Zero-Day vulnerability, an... Read more

8 months ago

SAP: attackers only need 72 hours to turn patch into exploit

SAP warns its users to be quick about installing security patches. The company claims that attackers are able to reverse-engineer the patches at lightning speed, with the result that unpatched systems are extra vulnerable. This is the conclusion of a report drawn up by SAP together with security... Read more

1 year ago

FBI: Fortinet FortiOS vulnerabilities are actively exploited

US agencies warn that advanced persistent threat groups are exploiting Fortinet FortiOS vulnerabilities to compromise government and commercial organizations that use it. Last week, the FBI and the US Cybersecurity Infrastructure Security Agency (CISA) warned in a PDF that cybercriminals are scanni... Read more

1 year ago

DHS says SolarWinds hack was far more widespread than first thought

Agency confirms that 30% of the hack victims did not even use SolarWinds software. Investigators have revealed the recent cyber attack that penetrated government agencies and blue-chip businesses may be far greater than first realized. Cybersecurity firm Malwarebytes first reported last week ... Read more

2 years ago

Attackers behind SolarWinds hack managed to guess passwords

According to the American Cybersecurity and Infrastructure Security Agency (CISA), the attackers behind the SolarWinds hack also attempted to guess passwords. Some of these attempts were successful. In an update to its message about the SolarWinds hack, the CISA indicates that password guessing,... Read more