CISA and FBI Release Joint Advisories Regarding Russian and Iranian APT Actors

Original release date: October 22, 2020

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released two joint cybersecurity advisories on widespread advanced persistent threat (APT) activity.

AA20-296A updates a previous joint CISA-FBI cybersecurity advisory and provides information on Russian state-sponsored actors targeting U.S. state, local, tribal, and territorial (SLTT) government networks, as well as aviation networks. In limited instances, this activity has resulted in unauthorized access to IT systems used by U.S. election officials.

AA20-296B details Iranian APT actors working to influence and interfere with the U.S. elections to sow discord among voters and undermine public confidence in the U.S. electoral process. These actors have taken part in spear-phishing campaigns, website defacements, and disinformation campaigns to spread obtained U.S. voter-registration data, anti-American propaganda, and misinformation about voter suppression, voter fraud, and ballot fraud.

Both joint cybersecurity advisories contain information on exploited vulnerabilities and recommended mitigation actions for affected organizations to pursue.

This product is provided subject to this Notification and this Privacy & Use policy.

Cisco Releases Security Updates for Multiple Products

Original release date: October 22, 2020

Cisco has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Cisco security page and apply the necessary updates.

 

This product is provided subject to this Notification and this Privacy & Use policy.

Fuzzilli – JavaScript Engine Fuzzing Library

Fuzzilli – JavaScript Engine Fuzzing Library

Fuzzilii is a JavaScript engine fuzzing library, it’s a coverage-guided fuzzer for dynamic language interpreters based on a custom intermediate language (“FuzzIL”) which can be mutated and translated to JavaScript.

When fuzzing for core interpreter bugs, e.g. in JIT compilers, semantic correctness of generated programs becomes a concern. This is in contrast to most other scenarios, e.g. fuzzing of runtime APIs, in which case semantic correctness can easily be worked around by wrapping the generated code in try-catch constructs.

Read the rest of Fuzzilli – JavaScript Engine Fuzzing Library now! Only available at Darknet.