Busy day for CISA

The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) had multiple updates today, 3/15/2022, which is indicative of the heightened security posture related to the current geo-political events unfolding in real time.

The most significant update was regarding Russian State-Sponsored Cyber Actors Accessing networks with misconfigured Multi-Factor-Authentication (MFA) protocols in conjunction with the exploit of the "PrintNightmare" (CVE-2021-34527) critical Windows Print Spooler Vulnerability. Additional details about the Advisory can be found here: https://www.cisa.gov/uscert/ncas/alerts/aa22-074a Cybersecurity professionals are likely both concerned at the uptick in actual threat activity, however, likely relieved that the exploits are somewhat traditional in nature and that proper MFA Configurations and patches for the PrintNightmare vulnerability which have been out for six months or longer should be enough to keep this latest round of threat actors at bay - or at least enough to have them move on to the next less-prepared organization.

Additional alerts from CISA today include updates to the Kubernetes Hardening Guide and the addition of 15 known exploits to the Known Exploited Vulnerabilities Catalog. It's worth noting that there was an update shared by CISA from the New Zealand National Cyber Security Centre (NCSC-NZ) back on 2/18/2022 regarding Cyber Threats Related to Russia-Ukraine Tensions. These Cyber Threats are all great reminders to ensure your organization is prepared against current and existing vulnerability and compliance issues because many of the latest threat vectors are not brand new never-been-seen-before activities like ApacheLog4j but are renewed attempts at exploiting well-known existing vulnerabilities that require vigilance and discipline to ensure you are protected against them and the next attack to come.