CISA gives companies free tools to protect in the cloud

U.S. Agency for Cybersecurity and Infrastructure Protection (CISA) published news bulletin with details on free tools and best practices for protecting digital assets after moving to the cloud from on-premises environments.

The newsletter helps cybersecurity teams reduce the risk of information theft and disclosure, as well as data encryption and ransomware attacks. These tools are designed to help you solve the critical challenges of identifying, detecting, and resolving known vulnerabilities and cyberthreats that arise when managing cloud or hybrid environments.

Dedicated tools complement the built-in tools provided by cloud service providers and help improve network infrastructure resilience, strengthen security measures, quickly identify compromises, carefully display potential threat vectors, and effectively detect malicious activity after a breach.

IN list of free tools introduced and developed by CISA in collaboration with partners include:

• Cybersecurity Evaluation Tool (CSET) : helps organizations assess the state of cybersecurity of the enterprise and assets;
• SCuBAGear (Secure Cloud Business Applications Gear) : Helps you compare company configurations with CISA baseline recommendations for Microsoft 365;
• Untitled Goose Tool : Helps detect signs of malicious activity and respond to incidents in Microsoft cloud environments, including Microsoft 365 and Azure AD;
• Decider : maps the attacker’s behavior to the MITER ATT&CK platform;
• Memory Forensic on Cloud (Japan CERT) : Creates a memory forensic environment on Amazon Web Services (AWS).

While these tools are not comprehensive, they can help detect malicious activity, increase resilience against cyberattacks, and assist in remediation and investigations. The announcement is part of an ongoing effort to protect critical infrastructure from cyber threats by providing organizations with timely warnings and guidance.

For example, CISA recently required federal agencies to fix vulnerability in Arm Mali GPU driver immediately which is actively exploited by cybercriminals and has been fixed in the latest Android security updates.

Also CISA, in conjunction with the FBI, Center for Internet Security (MS-ISAC) and the Canadian Center for Cyber ​​Security (CCCS) noted that hackers use new options Truebot malware to attack organizations in the US and Canada. Since May 31, specialists have begun to notice a surge in financially motivated TrueBot activity.

In addition, in July CISA warned of a critical vulnerability , found in systems of the cardiological equipment of the medical company Medtronic. The vulnerability allows hackers to steal, delete or change data, as well as penetrate the network of a medical organization. In addition, using this error, an attacker can remotely execute code on the device and carry out DoS attacks.