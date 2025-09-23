erek
"After the attackers' malicious activity triggered additional EDR alerts, the SOC team isolated the server and launched an investigation with CISA's assistance.
CISA is now urging network defenders to expedite patching critical vulnerabilities (especially those added to its Known Exploited Vulnerabilities catalog), ensure security operations centers continuously monitor EDR alerts for suspicious network activity, and strengthen their incident response plans.
In July, the U.S. cybersecurity agency issued another advisory following a proactive hunt engagement at a U.S. critical infrastructure organization.
While it didn't find evidence of malicious activity on its network, it discovered many cybersecurity risks, including but not limited to insecurely stored credentials, shared local admin credentials across multiple workstations, unrestricted remote access for local administrator accounts, insufficient logging, and network segmentation configuration issues."
Source: https://www.bleepingcomputer.com/ne...ached-federal-agency-using-geoserver-exploit/
