Cybersecurity Snapshot: CISA Highlights Vulnerability Management Importance in Breach Analysis, as Orgs Are Urged To Patch Cisco Zero-Days

Cybersecurity news from around the world: In this week's snapshot, we're looking at vulnerability management, zero-day patches, and a new framework for SaaS security.

1. CISA: Agency breach shows vulnerability management is key

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a stark warning after dissecting a recent hack at an unnamed federal agency.

CISA's publication "CISA Shares Lessons Learned from an Incident Response Engagement" highlights the importance of timely vulnerability patching.

Attackers exploited a known vulnerability, CVE-2024-36401, in a public-facing GeoServer, an open source server that lets users share and edit geospatial data.

They then spent three weeks moving undetected through the network, planting web shells and setting up persistence before the breach was discovered.

CISA's post-mortem flagged several critical failures, including inadequate asset management and inventorying.

2. Cisco zero-day bugs under attack – patch now

Cisco has issued patches for zero-day vulnerabilities that attackers are actively exploiting in the wild.

The vulnerabilities impact the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software.

CISA has issued an Emergency Directive instructing federal agencies to identify affected devices, send memory files to CISA for analysis and apply patches immediately.

3. New framework tackles SaaS security guesswork

The Cloud Security Alliance (CSA) has released the "SaaS Security Capability Framework (SSCF) v1.0," a new framework that provides common, consistent criteria for guiding vendors in developing safer applications.

The SSCF seeks to complement existing frameworks like SOC 2 and ISO 27001 by translating high-level security requirements into tangible, actionable features.

4. As worm 'Shai-Hulud' burrows into npm, CISA issues warning

CISA has warned developers using npm about the latest supply-chain attack against this popular Javascript package registry.

The self-replicating worm named Shai-Hulud has compromised 500-plus packages on the npm registry since mid-September.

5. UK nabs suspect after cyber attack snarls air travel in Europe

U.K. law enforcement authorities have arrested a man in connection with the ransomware attack that disrupted air travel in Europe.

The attack, which occurred on September 19, affected Collins Aerospace's MUSE software used by airlines to check in passengers at airports.

6. Alert: Scammers impersonating FBI's IC3 website

The U.S. Federal Bureau of Investigation (FBI) has warned that threat actors are creating fake, or "spoofed," versions of its Internet Crime Complaint Center (IC3) website.

The goal is to trick victims into entering personal and financial information on look-alike domains.

Stay secure with Tenable

Get the latest cybersecurity insights and guidance from the experts at Tenable. Enter your email below to stay up-to-date on the latest threats and vulnerabilities.

Related articles:

• Cybersecurity Snapshot: Cyber Platforms Are CISOs' BFFs, Study Says
• Defusing Cloud Misconfiguration Risk: Finding and Fixing Hidden Cloud Security Flaws
• What’s New in Tenable Cloud Security: A More Personalized, Global and Comprehensive Experience

© 2023 Cybersecurity Snapshot. All rights reserved.