CISA Says it Will Continue Monitoring Russian Cyber Threats
The US Department of Homeland Security says the Cybersecurity and Infrastructure Security Agency (CISA) will continue monitoring cyber threats from Russia, asserting that media reports to the contrary are false. The Guardian reported that CISA staff received a memo directing them to prioritize threats from China, with no mention of Russia. Tricia McLaughlin, Assistant Secretary for Public Affairs at DHS, told CyberScoop that such a memo was never sent, adding, "CISA remains committed to addressing all cyber threats to U.S. critical infrastructure, including from Russia. There has been no change in our posture or priority on this front."
The Guardian's story is separate from reports that Defense Secretary Pete Hegseth ordered Cyber Command to halt offensive operations against Russia during negotiations over the war in Ukraine. The Pentagon hasn't officially commented on these reports, but Bloomberg cites an anonymous senior defense official as saying that "Hegseth has neither canceled nor delayed any cyber operations directed against malicious Russian targets and there has been no stand-down order whatsoever from that priority."
Kim Zetter at Zero Day has written up a useful summary that clarifies reporting on these two stories.
Multiple Vulnerabilities in VMware ESXi, Workstation, and Fusion Could Allow for Local Code Execution
Multiple vulnerabilities have been discovered in VMware ESXi, Workstation, and Fusion could allow for local code execution. VMware ESXi, Workstation, and Fusion are all virtualization products that allow users to run virtual machines (VMs) on their computers. Successful exploitation of these vulnerability could allow for local code execution in the context of the administrator account. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Affected Systems:
- VMware ESXi 8.0, 7.0
- VMware Workstation 17.x
- VMware Fusion 13.x
- VMware Cloud Foundation 5.x, 4.5x
- VMware Telco Cloud Platform 5.x, 4.x, 3.x, 2.x
- VMware Telco Cloud Infrastructure 3.x, 2.x
Risk:
- Large and medium business entities: High
- Small business entities: Medium
Remediation Recommendations
- Ensure all devices using VMware products have the latest version(s) installed
- Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it)
References
Texas City Declares State of Emergency Following Cyberattack
The border city of Mission, Texas, has declared a state of emergency following a cyberattack that potentially exposed all of the city government's data, the Record reports. Mission's mayor sent a letter to Texas Governor Greg Abbott requesting a state-level emergency declaration, saying, "The City of Mission, Texas, has suffered a cybersecurity incident such that the entire City computer server is at severe risk of a cyberattack that could release protected personal information, protected health information, civil and criminal records, and/or any and all other data held by the City of Mission and all departments within the City. I have determined that this incident is of such severity and magnitude that extraordinary measures must be taken to alleviate the immeasurable and imminent cybersecurity incident."
Employee Screening Company Discloses Breach
Affecting More Than 3 Million People
Texas-based employee screening company DISA Global Solutions has disclosed a data breach affecting more than 3.3 million people, SecurityWeek reports. The breach occurred in early 2024 when an "unauthorized third party accessed a limited portion" of the company's environment and exfiltrated data. The company said the breach involved names, Social Security numbers, driver’s license numbers, other government ID numbers, and financial account information.
DISA says it's "unaware of any attempted or actual misuse of any information involved in this incident," and is offering free credit monitoring for affected individuals. SecurityWeek notes that no ransomware groups have claimed responsibility for the incident.
Botnets Exploit Critical IP Camera Vulnerability
The US Cybersecurity and Infrastructure Security Agency (CISA) has published an advisory on an actively exploited vulnerability (CVE-2025-1316) affecting Edimax IP cameras. The flaw can lead to remote code execution, and received a CVSS score of 9.3.
SecurityWeek reports that multiple Mirai-based botnets are exploiting the vulnerability. Researchers at Akamai, who discovered the flaw, told SecurityWeek that attackers have been exploiting it since fall of last year.
