CISA’s takeaways of an agency hack include a call for timely vulnerability patching. Plus, Cisco zero-day bugs are under attack — patch now. Meanwhile, the CSA issued a framework for SaaS security. And get the latest on the npm breach, the ransomware attack that disrupted air travel and more!
Here are six things you need to know for the week ending September 26.
Key takeaways
- In assessment of a federal agency breach, CISA highlights importance of vulnerability management and prompt patching.
- Attackers are actively exploiting Cisco zero-day vulnerabilities. Update your software, stat!
- A new framework aims to create a clear, consistent baseline for SaaS security.
1 – CISA: Agency breach shows vulnerability management is key
Inventory all your assets. Manage and prioritize their vulnerabilities. Patch promptly.
Rinse and repeat.
That’s a key message issued by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week after dissecting a recent hack at an unnamed federal agency in the publication “CISA Shares Lessons Learned from an Incident Response Engagement.”
Attackers exploited a known vulnerability, CVE-2024-36401, in a public-facing GeoServer, an open source server that lets users share and edit geospatial data. They then spent three weeks moving undetected through the network, planting web shells and setting up persistence before the breach was discovered.
CISA’s post-mortem flagged several critical failures:
- Critical bugs weren’t patched on time.
- The incident response plan was gathering dust – it had never been tested.
- Security alerts weren’t being consistently reviewed.
The advisory breaks down the attackers’ tactics, techniques and procedures (TTPs) and includes indicators of compromise (IOCs).
Mitigation recommendations include:
- Prioritize patching, especially for This article has been indexed from Security Boulevard