Hundreds of US government devices are breaking new rules on security

Cybersecurity researchers from Censys has found hundreds of computer endpoints belonging to various Federal Civilian Executive Branch (FCEB) organizations are breaking CISA’s rules on security.

As such, they represent a huge risk and could be targeted with malware, ransomware, data exfiltration, identity theft, and various other forms of cybercrime.

The Cybersecurity and Infrastructure Security Agency (CISA) recently published the Binding Operational Directive, a new directive that discusses how Federal agencies and other departments are to safeguard employee, contractor, and user data.

Two weeks to comply

These organizations, which count more than 50, have 14 days after being notified of the fallacy, to remedy the issues and secure their devices, it was said.

In total, more than 13,000 individual hosts are exposed to Internet access, which are distributed across more than 100 systems. Breaking the numbers down, the researchers found 1,300 Internet-exposed hosts can be accessed via IPv4.

> Second ransomware group reported exploiting GoAnywhere security flaw

> Procter & Gamble is the latest big GoAnywhere zero-day victim

> Check out the best firewalls around

“We discovered nearly 250 instances of web interfaces for hosts exposing network appliances, many of which were running remote protocols such as SSH and TELNET,” the researchers said. “Over 15 instances of exposed remote access protocols such as FTP, SMB, NetBIOS, and SNMP were also found running on FCEB-related hosts.”

The researchers also found a number of servers with apps such as MOVEit, GoAnywhere MFT, and SolarWinds Serv-U, all of which are managed file transfer services that have been previously abused to steal sensitive data. Dozens of major companies were affected in recent times by these incidents.

Roughly a dozen of hosts have exposed directory listings which could result in data leaks. Some were hosting Barracuda Email Security Gateway appliances which were also recently targeted with zero-day attacks.

CISA said it will soon scan for vulnerable endpoints and notify the owners of the results. Furthermore, the agency will offer its IT experts to help affected organizations remedy their issues.

Via: BleepingComputer

Two weeks to comply

Best Zero Gaming Gambling enterprise slot game chimney sweep Incentives 2024: Better United states No-deposit cinderellas ball slot machine Codes Current Modify

50 Free Revolves No-deposit inside the aloha party play slot British Score fifty Free Revolves Added bonus To your Membership

One other Better Dating sites for Elite sports athletes Worth taking into consideration

Enjoy Continue That which you Win Ports That have 100 percent free Local casino Incentives!

Currency reptile riches slot machine Heat Casino slot games Play Free Ainsworth Harbors Online

Better 100 percent free Spins No-deposit Bonuses to have casino igame 25 free spins 2024 Earn Real money

King from Pets jugglenaut online slot Slot Comment to have 2024

Happy Bird Casino No-deposit Bonuses fifty 100 percent free Revolves Book betway casino no deposit bonus free spins from Lifeless

Pay Because of the Cellular telephone Local casino British Deposit by Mobile phone Bill

Play Pets Slot machine slot devils heat game by IGT 100 percent free

Vulkan Vegas Gambling establishment Isis online slot machine fifty 100 percent free Spins No-deposit Password

Get casino GoWild $100 free spins Daily 100 Free Revolves No-deposit Also provides at the top Ports inside the Oct 2024