CISA and NSA Release Joint Guidance on Hardening Baseboard Management Controllers (BMCs)
Today, CISA, together with the National Security Agency (NSA), released a Cybersecurity Information Sheet (CSI), highlighting threats to Baseboard Management Controller (BMC) implementations and detailing actions organizations can use to harden them.
BMCs are trusted components designed into a computer’s hardware that operate separately from the operating system (OS) and firmware to allow for remote management and control, even when the system is shut down. Hardened credentials, firmware updates, and network segmentation options are often overlooked, leading to a vulnerable BMC. A vulnerable BMC broadens the attack vector by providing malicious actors the opportunity to employ tactics such as establishing a beachhead with pre-boot execution potential.
CISA and NSA encourage all organizations managing servers to apply the recommended actions in this CSI.
Adobe Releases Security Updates for Multiple Products
Adobe has released security updates to address multiple vulnerabilities in Adobe software. An attacker can exploit these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates.
Experience Manager APSB23-31
Commerce APSB23-35
Animate APSB23-36
Substance 3D Designer APSB23-39
CISA and Partners Release Joint Advisory on Understanding Ransomware Threat Actors: LockBit
Today, CISA, the Federal Bureau of Investigation (FBI), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and international partners released Understanding Ransomware Threat Actors: LockBit, a joint Cybersecurity Advisory (CSA) to help organizations understand and defend against threat actors using LockBit, the most globally used and prolific Ransomware-as-a-Service (RaaS) in 2022 and 2023. This guide is a comprehensive resource detailing the observed common vulnerabilities and exposures (CVEs) exploited, as well as the tools, and tactics, techniques, and procedures (TTPs) used by LockBit affiliates. Additionally, it includes recommended mitigations to help reduce the likelihood and impact of future ransomware incidents.
In 2022, LockBit was the most deployed ransomware variant across the world and continues to be prolific in 2023. The LockBit Ransomware-as-a-Service (RaaS) attracts affiliates to use LockBit for conducting ransomware attacks, resulting in a large web of unconnected threat actors conducting wildly varying attacks. Affiliates have attacked organizations of various sizes across an array of critical infrastructure sectors including financial services, food and agriculture, education, energy, government and emergency services, healthcare, manufacturing, and transportation. LockBit has been successful through its innovation and continual development of the group’s administrative panel (i.e., a simplified, point-and-click interface making ransomware deployment accessible to those with lower degrees of technical skill), affiliate supporting functions, and constant revision of TTPs.
CISA and the authoring agencies of this joint CSA encourage the implementation of recommendations provided to proactively improve their organization’s defenses against this global ransomware operation, and to reduce the likelihood and impact of future ransomware incidents.
Understanding Ransomware Threat Actors: LockBit
SUMMARY In 2022, LockBit was the most deployed ransomware variant across the world and continues to be prolific in 2023. Since January 2020, affiliates using LockBit have attacked organizations of varying sizes across an array of critical infrastructure sectors, including financial services, food and agriculture, education, energy, government and emergency services, healthcare, manufacturing, and transportation. […]
Falsos PoC en GitHub atentan contra Windows y Linux
Recientemente se ha observado a grupos de actores maliciosos haciéndose pasar por investigadores de ciber seguridad, creando cuentas en Twitter donde exponen “pruebas de concepto” (PoC) para vulnerabilidades Zero-day, las cuales pueden infectar sistemas operativos Windows y Linux, con malware. El descubrimiento de este repositorio malicioso se dio por parte de una investigación de VulnCheck, […]