Aggregator

You must login to view this content

The China-aligned threat actor Mustang Panda, also known as Earth Preta, HIVE0154, RedDelta, and Bronze President, has been deploying the ToneShell backdoor against Windows users, primarily targeting government and military entities in the Asia-Pacific and Europe. Active since at least 2012, the group leverages spear-phishing emails with military-themed lures to deliver malicious archives, such as […]

The post Mustang Panda Targets Windows Users with ToneShell Malware Disguised as Google Chrome appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Two sophisticated ransomware operations have emerged as significant threats to managed service providers (MSPs) and small businesses, with the Akira and Lynx groups deploying advanced attack techniques that combine stolen credentials with vulnerability exploitation. These ransomware-as-a-service (RaaS) operations have collectively compromised over 365 organizations, demonstrating their effectiveness in targeting high-value infrastructure providers that serve multiple […]

The post Akira and Lynx Ransomware Attacking Managed Service Providers With Stolen Login Credential and Vulnerabilities appeared first on Cyber Security News.

It’s a “pivotal” moment for Sean Cairncross, fresh off his Senate confirmation in a changing federal cyber landscape.

The post New National Cyber Director Cairncross faces challenges on policy, bureaucracy, threats appeared first on CyberScoop.

Creator/Author/Presenter: Eleanor Mount

Our deep appreciation to Security BSides - San Francisco and the Creators/Authors/Presenters for publishing their BSidesSF 2025 video content on YouTube. Originating from the conference’s events held at the lauded CityView / AMC Metreon - certainly a venue like no other; and via the organization's YouTube channel.

Additionally, the organization is welcoming volunteers for the BSidesSF Volunteer Force, as well as their Program Team & Operations roles. See their succinct BSidesSF 'Work With Us' page, in which, the appropriate information is to be had!

Permalink

The post BSidesSF 2025: Third-Party Risk Management: SOC 2s, Security Questionnaires, And Psychosis appeared first on Security Boulevard.

Trend Micro releases a temporary mitigation tool to reduce exposure to two unpatched zero-day command injection vulnerabilities which have been exploited.

On August 5, Trend Micro released a security advisory for two critical flaws affecting on-prem versions of Apex One Management Console. According to the advisory, Trend Micro has observed active exploitation of the vulnerabilities.

According to Trend Micro, these two CVEs are the same, however CVE-2025-54987 was issued for a different CPU architecture.

CVE-2025-54987 and CVE-2025-54948 are both command injection vulnerabilities affecting the management console of on-prem installations of Trend Micro Apex One. An unauthenticated attacker with network or physical access to a vulnerable machine can upload arbitrary files, allowing the attacker to execute commands and achieve code execution. While two CVEs were issued, the advisory notes that CVE-2025-54987 was issued for a different CPU architecture than CVE-2025-54948.

Trend Micro Apex One™ as a Service and Trend Vision One Endpoint Security - Standard Endpoint Protection have been mitigated to these vulnerabilities as of July 31 and are not impacted by them. At this time, only on-prem installations of Apex One are affected.

Historical exploitation of Apex One

Apex One has been targeted by threat actors in the past, including zero-day exploitation of flaws affecting on-prem installations. CVE-2020-8467 and CVE-2020-8468 were addressed in March 2020 after in the wild exploitation was discovered, followed by CVE-2022-40139 in September 2022. As of the time this blog was published on August 6, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) lists nine vulnerabilities in Apex One in its Catalog of Known Exploited Vulnerabilities (KEV).

As of the time this blog was published on August 6, Trend Micro’s security advisory for these vulnerabilities notes that a patch has not yet been released and is to be expected “around the middle of August 2025.” We will update the blog with further updates and solution steps once patches are released.

In the meantime, a short-term mitigation tool has been released. This tool can be used to protect against known exploits and disables “the ability for administrators to utilize the Remote Install Agent function to deploy agents.”

While successful exploitation requires an attacker to either have physical access or network access to the management interface, Trend Micro suggests that customers who have publicly exposed the management console's IP address also consider additional mitigation factors to restrict access to the management console.

A list of Tenable plugins for this vulnerability can be found on the individual CVE pages for CVE-2025-54987 and CVE-2025-54948 as they’re released. This link will display all available plugins for these vulnerabilities, including upcoming plugins in our Plugins Pipeline.

• Trend Micro Security Advisory: ITW CRITICAL SECURITY BULLETIN: Trend Micro Apex One™ (On-Premise) Management Console Command Injection RCE Vulnerabilities

Join Tenable's Research Special Operations (RSO) Team on the Tenable Community.

Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.

The post CVE-2025-54987, CVE-2025-54948: Trend Micro Apex One Command Injection Zero-Days Exploited In The Wild appeared first on Security Boulevard.

Trend Micro releases a temporary mitigation tool to reduce exposure to two unpatched zero-day command injection vulnerabilities which have been exploited.

On August 5, Trend Micro released a security advisory for two critical flaws affecting on-prem versions of Apex One Management Console. According to the advisory, Trend Micro has observed active exploitation of the vulnerabilities.

According to Trend Micro, these two CVEs are the same, however CVE-2025-54987 was issued for a different CPU architecture.

CVE-2025-54987 and CVE-2025-54948 are both command injection vulnerabilities affecting the management console of on-prem installations of Trend Micro Apex One. An unauthenticated attacker with network or physical access to a vulnerable machine can upload arbitrary files, allowing the attacker to execute commands and achieve code execution. While two CVEs were issued, the advisory notes that CVE-2025-54987 was issued for a different CPU architecture than CVE-2025-54948.

Trend Micro Apex One™ as a Service and Trend Vision One Endpoint Security - Standard Endpoint Protection have been mitigated to these vulnerabilities as of July 31 and are not impacted by them. At this time, only on-prem installations of Apex One are affected.

Historical exploitation of Apex One

Apex One has been targeted by threat actors in the past, including zero-day exploitation of flaws affecting on-prem installations. CVE-2020-8467 and CVE-2020-8468 were addressed in March 2020 after in the wild exploitation was discovered, followed by CVE-2022-40139 in September 2022. As of the time this blog was published on August 6, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) lists nine vulnerabilities in Apex One in its Catalog of Known Exploited Vulnerabilities (KEV).

As of the time this blog was published on August 6, Trend Micro’s security advisory for these vulnerabilities notes that a patch has not yet been released and is to be expected “around the middle of August 2025.” We will update the blog with further updates and solution steps once patches are released.

In the meantime, a short-term mitigation tool has been released. This tool can be used to protect against known exploits and disables “the ability for administrators to utilize the Remote Install Agent function to deploy agents.”

While successful exploitation requires an attacker to either have physical access or network access to the management interface, Trend Micro suggests that customers who have publicly exposed the management console's IP address also consider additional mitigation factors to restrict access to the management console.

A list of Tenable plugins for this vulnerability can be found on the individual CVE pages for CVE-2025-54987 and CVE-2025-54948 as they’re released. This link will display all available plugins for these vulnerabilities, including upcoming plugins in our Plugins Pipeline.

• Trend Micro Security Advisory: ITW CRITICAL SECURITY BULLETIN: Trend Micro Apex One™ (On-Premise) Management Console Command Injection RCE Vulnerabilities

Join Tenable's Research Special Operations (RSO) Team on the Tenable Community.

Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.

You must login to view this content

With over $100 million on the table in FY25 cybersecurity grants, state, local and tribal governments have until August 15, 2025 to apply to secure critical cyber funding to strengthen their defenses.

On August 1st, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Emergency Management Agency (FEMA) announced the FY 2025 Notice of Funding Opportunity (NOFO) for the State and Local Cybersecurity Grant Program (SLCGP), releasing over $100 million in federal grants to help state, local, tribal and territorial governments build critical cyber resilience. 

The funding supports two programs:

• SLCGP: $91.7 million for state and local governments
• Tribal Cybersecurity Grant Program (TCGP): $12.1 million for tribal governments

SLTT governments face growing threats -- from ransomware and data breaches to rising attacks on operational technology (OT) systems like water, transportation and emergency services. With limited resources and aging infrastructure, many are vulnerable to disruptions with real world consequences. The grants offer a critical opportunity to strengthen defenses and build lasting cyber resilience. 

• Application deadline: August 15, 2025 at 5:00 p.m. ET via FEMA’s Grants.gov submission portal.
• Awards announced: September 9, 2025
• Cybersecurity plan deadline: All applicants must resubmit their current CISA-approved plan, revised if necessary, by January 30, 2026, and annually thereafter.

As in previous years, your application must address at least one of these program objectives:

• Establish governance: Build or improve cybersecurity governance structures and cybersecurity plans to strengthen incident response and operational continuity.
• Assess cyber posture: Understand your current cybersecurity maturity and identify gaps through continuous testing, evaluation and structured assessments.
• Implement risk-based protections: Apply security measures aligned with your organization’s specific risks.
• Train the workforce: Provide role-based cybersecurity training for all relevant staff. 

These objectives align with CISA’s Cybersecurity Performance Goals (CPGs), ensuring funded activities deliver measurable, sustainable improvements in cyber resilience. 

• SLCGP: States apply through their State Administrative Agencies (SAAs), with 80% of funds passed to local governments.
• TCGP: Tribal governments apply directly.

Tenable’s unified cybersecurity solutions directly align with SLCGP objectives and priorities, helping SLTTs gain visibility, reduce risk and build sustainable cyber resilience across IT and OT environments. 

The Tenable One Exposure Management Platform gives governments a complete, unified view of their cyber risk across IT, cloud , OT, IoT, web applications and identity systems. It supports multiple objectives by helping agencies:

• Understand their cybersecurity posture through continuous asset discovery, vulnerability assessment and risk-based prioritization.
• Implement risk-based protections using contextualized insights and attack path analysis
• Support governance and planning efforts with reporting and metrics that align with CISA’s CPGs. 

As threats to critical infrastructure like water systems and emergency services increase, it's crucial to secure both IT and OT environments. The FY25 NOFO specifically funds “targeted cybersecurity investments” to help SLTT governments strengthen the security and resilience of their critical infrastructure and services. 

OT systems are increasingly targeted in cyberattacks and SLTTs often lack dedicated resources or tools to monitor these environments. With Tenable OT Security, agencies can:

• Gain deep visibility into OT and IoT assets and their vulnerabilities.
• Detect threats across converged IT/OT environments.
• Automatically identify network anomalies and policy violations, detect anomalous behavior and track signatures for potential high risk events with context-rich alerts.
• Prioritize remediation of high risk vulnerabilities with risk scores based on vulnerability context and potential impact.
• Streamline audit, compliance and reporting.

• Read the CISA press release: DHS Launches Over $100 Million in Funding to Strengthen Communities’ Cyber Defenses
• Visit CISA’s Cyber Grants Home Page
• Visit the Tenable SLCGP website to review resources on how Tenable can help
• Read our blog: How Exposure Management Can Efficiently and Effectively Improve Cyber Resilience for State and Local Governments
• Read our whitepaper on strengthening state and local government cyber resilience for critical infrastructure

The post Act Now: $100M in FY25 Cyber Grants for SLTTs Available Before August 15 appeared first on Security Boulevard.

With over $100 million on the table in FY25 cybersecurity grants, state, local and tribal governments have until August 15, 2025 to apply to secure critical cyber funding to strengthen their defenses.

On August 1st, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Emergency Management Agency (FEMA) announced the FY 2025 Notice of Funding Opportunity (NOFO) for the State and Local Cybersecurity Grant Program (SLCGP), releasing over $100 million in federal grants to help state, local, tribal and territorial governments build critical cyber resilience. 

The funding supports two programs:

• SLCGP: $91.7 million for state and local governments
• Tribal Cybersecurity Grant Program (TCGP): $12.1 million for tribal governments

SLTT governments face growing threats -- from ransomware and data breaches to rising attacks on operational technology (OT) systems like water, transportation and emergency services. With limited resources and aging infrastructure, many are vulnerable to disruptions with real world consequences. The grants offer a critical opportunity to strengthen defenses and build lasting cyber resilience. 

• Application deadline: August 15, 2025 at 5:00 p.m. ET via FEMA’s Grants.gov submission portal.
• Awards announced: September 9, 2025
• Cybersecurity plan deadline: All applicants must resubmit their current CISA-approved plan, revised if necessary, by January 30, 2026, and annually thereafter.

As in previous years, your application must address at least one of these program objectives:

• Establish governance: Build or improve cybersecurity governance structures and cybersecurity plans to strengthen incident response and operational continuity.
• Assess cyber posture: Understand your current cybersecurity maturity and identify gaps through continuous testing, evaluation and structured assessments.
• Implement risk-based protections: Apply security measures aligned with your organization’s specific risks.
• Train the workforce: Provide role-based cybersecurity training for all relevant staff. 

These objectives align with CISA’s Cybersecurity Performance Goals (CPGs), ensuring funded activities deliver measurable, sustainable improvements in cyber resilience. 

• SLCGP: States apply through their State Administrative Agencies (SAAs), with 80% of funds passed to local governments.
• TCGP: Tribal governments apply directly.

Tenable’s unified cybersecurity solutions directly align with SLCGP objectives and priorities, helping SLTTs gain visibility, reduce risk and build sustainable cyber resilience across IT and OT environments. 

The Tenable One Exposure Management Platform gives governments a complete, unified view of their cyber risk across IT, cloud , OT, IoT, web applications and identity systems. It supports multiple objectives by helping agencies:

• Understand their cybersecurity posture through continuous asset discovery, vulnerability assessment and risk-based prioritization.
• Implement risk-based protections using contextualized insights and attack path analysis
• Support governance and planning efforts with reporting and metrics that align with CISA’s CPGs. 

As threats to critical infrastructure like water systems and emergency services increase, it's crucial to secure both IT and OT environments. The FY25 NOFO specifically funds “targeted cybersecurity investments” to help SLTT governments strengthen the security and resilience of their critical infrastructure and services. 

OT systems are increasingly targeted in cyberattacks and SLTTs often lack dedicated resources or tools to monitor these environments. With Tenable OT Security, agencies can:

• Gain deep visibility into OT and IoT assets and their vulnerabilities.
• Detect threats across converged IT/OT environments.
• Automatically identify network anomalies and policy violations, detect anomalous behavior and track signatures for potential high risk events with context-rich alerts.
• Prioritize remediation of high risk vulnerabilities with risk scores based on vulnerability context and potential impact.
• Streamline audit, compliance and reporting.

• Read the CISA press release: DHS Launches Over $100 Million in Funding to Strengthen Communities’ Cyber Defenses
• Visit CISA’s Cyber Grants Home Page
• Visit the Tenable SLCGP website to review resources on how Tenable can help
• Read our blog: How Exposure Management Can Efficiently and Effectively Improve Cyber Resilience for State and Local Governments
• Read our whitepaper on strengthening state and local government cyber resilience for critical infrastructure