As Russian forces take military action in Ukraine, cybersecurity companies are reporting various cyber attacks targeting organizations within Ukraine, such as government agencies and critical infrastructure companies, and organizations outside of the country that provide services to Ukraine. Additionally, the U.S. government has warned organizations to prepare for any cyber…
A zero-day vulnerability (CVE-2021-44228) has been discovered in Apache Log4j. Apache Log4j is a java-based logging utility. It is widely used in cloud and enterprise software services. Exploit code has been shared publicly and multiple actors are attempting to exploit the vulnerability. The vulnerability has the potential to allow…
On Friday, 2 July, CTA members became aware of a ransomware campaign targeting Kaseya’s VSA product. VSA is used by Managed Service Providers (MSPs) to monitor and manage information technology for their clients, provide automation, and assist with software patch management. In this incident, an affiliate of REvil leveraged a…
During recent weeks, cybersecurity providers, businesses, governments, and other organizations have been responding to the publicization of four zero-day vulnerabilities affecting Microsoft Exchange Servers (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065). On March 2, Microsoft released emergency, out-of-band security updates to address these vulnerabilities, which affect a…
On December 13, FireEye and Microsoft released information regarding a newly discovered nation-state campaign actors leveraging access to the SolarWinds Orion Platform. The SolarWinds Orion Platform is used for IT infrastructure management in many government agencies and corporate networks. Nation-state actors compromised the SolarWinds supply chain to trojanize…