CISA Reveals 'Pattern' of Ransomware Attacks Against SimpleHelp RMM
A new Cybersecurity and Infrastructure Security Agency (CISA) advisory warned ransomware actors have been actively exploiting a critical SimpleHelp flaw since January.
Stay informed on the latest CISA updates, guidelines, and alerts critical for robust information security and cyber threat prevention.
Search across headline titles and summaries.
Background for this topic.
Cybersecurity and Infrastructure Security Agency (CISA) is the U.S. Department of Homeland Security agency for reducing cyber and physical risks to critical infrastructure and federal civilian networks. Created by the 2018 CISA Act, it works with government and industry, publishes alerts and guidance, and coordinates assistance during significant incidents. Its direct federal-network role chiefly covers the Federal Civilian Executive Branch, including .gov; private-sector engagement is often voluntary or sector-specific.
Practitioners use CISA advisories and the Known Exploited Vulnerabilities catalog to prioritize patching where exploitation has been observed, and consult applicable directives and incident-response guidance. CISA supports vulnerability reporting and promotes controls such as multifactor authentication, logging, and tested recovery. A CISA alert is an actionable risk signal, not proof every organization is affected; teams should verify product, version, exposure, and obligations.
A new Cybersecurity and Infrastructure Security Agency (CISA) advisory warned ransomware actors have been actively exploiting a critical SimpleHelp flaw since January.
Jen Easterly and Ciaran Martin called for a universal, vendor-neutral cyber threat actor naming system
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday disclosed that ransomware actors are targeting unpatched SimpleHelp Remote Monitoring and Management (RMM) instances to compromise customers of an unnamed utility billing software provider
A CISA advisory urged all software vendors and downstream customers to check if they are impacted by unpatched versions of the SimpleHelp RMM tool
Good news: The vendor patched the flaw in January. Bad news: Not everyone got the memo Ransomware criminals infected a utility billing software providers' customers, and in some cases disrupted services, after exploiting unpatched versions of SimpleHelp’s remote monitoring and management (RMM) tool, according to a Thursday CISA alert.…
Another Top Cybersecurity and Infrastructure Security Agency Official DepartsThe U.S. Cybersecurity and Infrastructure Security Agency notched another high-level departure with the departure of Bridget Bean, CISA's acting director since the Trump administration took power in January. The agency lists Madhu Gottumukkala, CISA deputy director, as the new acting director.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added two critical security flaws impacting Erlang/Open Telecom Platform (OTP) SSH and Roundcube to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation
PLUS: Doxxers jailed; Botnets bounce back; CISA questioned over app-vetting program closure; And more Infosec in Brief If a cyberattack hit critical infrastructure in the US, it would likely crumble, former deputy national security adviser and NSA cybersecurity director Anne Neuberger said last week.…