Truebot Malware Variants Abound, According to CISA Advisory
US and Canadian government agencies find that new variants of the malware are increasingly being utilized.
Stay informed on the latest CISA updates, guidelines, and alerts critical for robust information security and cyber threat prevention.
Search across headline titles and summaries.
Background for this topic.
Cybersecurity and Infrastructure Security Agency (CISA) is the U.S. Department of Homeland Security agency for reducing cyber and physical risks to critical infrastructure and federal civilian networks. Created by the 2018 CISA Act, it works with government and industry, publishes alerts and guidance, and coordinates assistance during significant incidents. Its direct federal-network role chiefly covers the Federal Civilian Executive Branch, including .gov; private-sector engagement is often voluntary or sector-specific.
Practitioners use CISA advisories and the Known Exploited Vulnerabilities catalog to prioritize patching where exploitation has been observed, and consult applicable directives and incident-response guidance. CISA supports vulnerability reporting and promotes controls such as multifactor authentication, logging, and tested recovery. A CISA alert is an actionable risk signal, not proof every organization is affected; teams should verify product, version, exposure, and obligations.
US and Canadian government agencies find that new variants of the malware are increasingly being utilized.
CISA ordered federal agencies today to patch a high-severity Arm Mali GPU kernel driver privilege escalation flaw added to its list of actively exploited vulnerabilities and addressed with this month's Android security updates. [...]
CISA and the FBI warned today of new Truebot malware variants deployed on networks compromised using a critical remote code execution (RCE) vulnerability in the Netwrix Auditor software in attacks targeting organizations across the United States and Canada. [...]
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has placed a set of eight flaws to the Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation