Cisa công khai
[search 0]
Thêm
Download the App!
show episodes
 
Artwork
 
Flash cybersecurity advisories from the US Government. These alerts provide timely technical and operational information, indicators of compromise, and mitigations for current major security threats, vulnerabilities, and exploits. These alerts have been edited and adapted for audio by N2K Networks as a public service.
  continue reading
 
Loading …
show series
 
CISA, FBI, the MS-ISAC, and international partners are releasing this Cybersecurity Advisory to detail LockBit ransomware incidents and provide recommended mitigations to enable network defenders to proactively improve their organization’s defenses against this ransomware operation. AA23-165A Alert, Technical Details, and Mitigations Stopransomware…
  continue reading
 
FBI and CISA are releasing this joint CSA to disseminate known CL0P ransomware IOCs and TTPs identified through FBI investigations as recently as June 2023. AA23-158A Alert, Technical Details, and Mitigations Stopransomware.gov is a whole-of-government approach that gives one central location for ransomware resources and alerts. Resource to mitigat…
  continue reading
 
Cybersecurity authorities are issuing this joint Cybersecurity Advisory to highlight a recent cluster of activity associated with a People’s Republic of China state-sponsored cyber actor, also known as Volt Typhoon. AA23-144A Alert, Technical Details, and Mitigations Active Directory and domain controller hardening: Best Practices for Securing Acti…
  continue reading
 
FBI, CISA, and the Australian Cyber Security Centre are releasing this joint Cybersecurity Advisory to disseminate known BianLian ransomware and data extortion group IOCs and TTPs identified through FBI and ACSC investigations as of March 2023. AA23-136A Alert, Technical Details, and Mitigations AA23-136A.STIX_.xml Stopransomware.gov, a whole-of-go…
  continue reading
 
FBI and CISA are releasing this joint Cybersecurity Advisory in response to the active exploitation of CVE-2023-27350. This vulnerability occurs in certain versions of PaperCut NG and PaperCut MF, software applications that help organizations manage printing services, and enables an unauthenticated actor to execute malicious code remotely without c…
  continue reading
 
The Snake implant is considered the most sophisticated cyber espionage tool designed and used by Center 16 of Russia’s Federal Security Service, or FSB, for long-term intelligence collection on sensitive targets. AA23-129A Alert, Technical Details, and Mitigations For more information on FSB and Russian state-sponsored cyber activity, please see th…
  continue reading
 
The UK National Cyber Security Centre (NCSC), NSA, CISA, and FBI are releasing this joint advisory to provide TTPs associated with APT28’s exploitation of Cisco routers in 2021. AA23-108A Alert, Technical Details, and Mitigations Malware Analysis Report Resource to mitigate a ransomware attack: CISA-Multi-State Information Sharing and Analysis Cent…
  continue reading
 
CISA, FBI, and the Multi-State Information Sharing and Analysis Center are releasing this joint advisory to share known LockBit 3.0 ransomware IOCs and TTPs identified through FBI investigations as recently as March 2023. AA23-075A Alert, Technical Details, and Mitigations Stopransomware.gov is a whole-of-government approach that gives one central …
  continue reading
 
CISA, FBI, and the Multi-State Information Sharing and Analysis Center are releasing this joint Cybersecurity Advisory to provide IT infrastructure defenders with TTPs, IOCs, and methods to detect and protect against recent exploitation against Microsoft Internet Information Services web servers. AA23-074A Alert, Technical Details, and Mitigations …
  continue reading
 
CISA and FBI are releasing this joint advisory to disseminate known Royal ransomware IOCs and TTPs identified through recent FBI threat response activities. AA23-061A Alert, Technical Details, and Mitigations AA23-061A STIX XML Royal Rumble: Analysis of Royal Ransomware (cybereason.com) DEV-0569 finds new ways to deliver Royal ransomware, various p…
  continue reading
 
The Cybersecurity and Infrastructure Security Agency is releasing this Cybersecurity Advisory detailing activity and key findings from a recent CISA red team assessment—in coordination with the assessed organization—to provide network defenders recommendations for improving their organization's cyber posture. AA23-059A Alert, Technical Details, and…
  continue reading
 
CISA, NSA, FBI, the US Department of Health and Human Services, the Republic of Korea National Intelligence Service, and the Republic of Korea Defense Security Agency are issuing this alert to highlight ongoing ransomware activity against Healthcare and Public Health Sector organizations and other critical infrastructure sector entities. AA23-040A …
  continue reading
 
CISA and the FBI are releasing this alert in response to the ongoing ransomware campaign, known as “ESXiArgs.” Malicious actors are exploiting known vulnerabilities in VMware ESXi servers that are likely running unpatched and out-of-service or out-of-date versions of VMware ESXi software to gain access and deploy ransomware. AA23-039A Alert, Techni…
  continue reading
 
CISA, NSA, and the MS-ISAC are releasing this alert to warn network defenders about malicious use of legitimate remote monitoring and management software. AA23-025A Alert, Technical Details, and Mitigations For a downloadable copy of IOCs, see AA23-025.stix Silent Push uncovers a large trojan operation featuring Amazon, Microsoft, Geek Squad, McAfe…
  continue reading
 
The FBI and CISA are releasing this alert to disseminate known Cuba Ransomware Group indicators of compromise and TTPs identified through FBI investigations. FBI and CISA would like to thank BlackBerry, ESET, The National Cyber-Forensics and Training Alliance (NCFTA), and Palo Alto Networks for their contributions to this CSA. AA22-335A Alert, Tech…
  continue reading
 
The FBI, CISA, and the Department of Health and Human Services are releasing this alert to disseminate known Hive Ransomware Group indicators of compromise and TTPs identified through FBI investigations. AA22-321A Alert, Technical Details, and Mitigations Stopransomware.gov is a whole-of-government approach that gives one central location for ranso…
  continue reading
 
From mid-June through mid-July 2022, CISA conducted an incident response engagement at a Federal Civilian Executive Branch organization where CISA observed suspected advanced persistent threat activity. In the course of incident response activities, CISA determined that cyber threat actors exploited the Log4Shell vulnerability in an unpatched VMwar…
  continue reading
 
FBI, CISA, and Department of Health and Human Services are releasing this joint advisory to provide information on the Daixin Team, a cybercrime group that is actively targeting U.S. businesses, predominantly in the Healthcare and Public Health Sector. AA22-294A Alert, Technical Details, and Mitigations Stopransomware.gov is a whole-of-government a…
  continue reading
 
This joint Cybersecurity Advisory provides the top CVEs used by the People’s Republic of China state-sponsored cyber actors. PRC cyber actors continue to exploit these known vulnerabilities and use publicly available tools to target networks of interest. PRC state-sponsored cyber actors have actively targeted U.S. and allied networks as well as sof…
  continue reading
 
From November 2021 through January 2022, the CISA responded to APT activity against a Defense Industrial Base organization’s enterprise network. During incident response activities, CISA discovered that multiple APT groups compromised the organization’s network, and some APT actors had long-term access to the environment. APT actors used an open-so…
  continue reading
 
This alert builds on previous NSA and CISA guidance to stop malicious ICS activity and reduce OT exposure. The alert documentation linked in the show notes describes TTPs that malicious actors use to compromise OT/ICS assets. It also recommends mitigations that owners and operators can use to defend their systems from each of the listed TTPs. NSA a…
  continue reading
 
In July 2022, Iranian state cyber actors—identifying as “HomeLand Justice”—launched a destructive cyber attack against the Government of Albania which rendered websites and services unavailable. An FBI investigation indicates Iranian state cyber actors acquired initial access to the victim’s network approximately 14 months before launching the dest…
  continue reading
 
This joint Cybersecurity Advisory highlights continued malicious cyber activity by advanced persistent threat actors affiliated with the Iranian Government’s Islamic Revolutionary Guard Corps. The IRGC-affiliated actors are actively targeting a broad range of entities, including entities across multiple U.S. critical infrastructure sectors as well …
  continue reading
 
CISA, the FBI, and the Multi-State Information Sharing and Analysis Center, or MS ISAC, are releasing this advisory to disseminate indicators of compromise and TTPs associated with Vice Society actors and their ransomware campaigns. The FBI, CISA, and the MS-ISAC have recently observed Vice Society actors disproportionately targeting the education …
  continue reading
 
CISA and the Multi-State Information Sharing & Analysis Center, or MS-ISAC are publishing this joint Cybersecurity Advisory in response to active exploitation of multiple Common Vulnerabilities and Exposures against Zimbra Collaboration Suite, an enterprise cloud-hosted collaboration software and email platform. AA22-228A Alert, Technical Details, …
  continue reading
 
Zeppelin ransomware functions as a ransomware-as-a-service (RaaS), and since 2019, actors have used this malware to target a wide range of businesses and critical infrastructure organizations. Actors use remote desktop protocol (RDP), SonicWall firewall vulnerabilities, and phishing campaigns to gain initial access to victim networks and then deplo…
  continue reading
 
This joint Cybersecurity Advisory was coauthored by CISA and the Australian Cyber Security Centre, or ACSC. This advisory provides details on the top malware strains observed in 2021. AA22-216A Alert, Technical Details, and Mitigations For alerts on malicious and criminal cyber activity, see the FBI Internet Crime Complaint Center webpage. For more…
  continue reading
 
CISA and the US Coast Guard Cyber Command are releasing this joint Cybersecurity Advisory to warn network defenders that cyber threat actors, including state-sponsored APT actors, have continued to exploit CVE-2021-44228 (Log4Shell) in VMware Horizon and Unified Access Gateway servers to obtain initial access to organizations that did not apply ava…
  continue reading
 
The FBI, CISA, and the Department of the Treasury are releasing this joint Cybersecurity Advisory to provide information on Maui ransomware, which has been used by North Korean state-sponsored cyber actors since at least May 2021 to target Healthcare and Public Health Sector organizations. AA22-187A Alert, Technical Details, and Mitigations Stairwe…
  continue reading
 
CISA, the FBI, the Department of the Treasury, and the Financial Crimes Enforcement Network are releasing this alert to provide information on MedusaLocker ransomware. Observed as recently as May 2022, MedusaLocker actors predominantly rely on vulnerabilities in Remote Desktop Protocol to access victims’ networks. AA22-181A Alert, Technical Details…
  continue reading
 
CISA and the US Coast Guard Cyber Command are releasing this joint Cybersecurity Advisory to warn network defenders that cyber threat actors, including state-sponsored APT actors, have continued to exploit CVE-2021-44228 (Log4Shell) in VMware Horizon and Unified Access Gateway servers to obtain initial access to organizations that did not apply ava…
  continue reading
 
This joint Cybersecurity Advisory describes the ways in which People’s Republic of China state-sponsored cyber actors continue to exploit publicly known vulnerabilities in order to establish a broad network of compromised global infrastructure. These actors use the network to exploit a wide variety of targets worldwide, including public and private…
  continue reading
 
Malicious cyber actors are exploiting multiple critical vulnerabilities in VMware products. Successful exploitation permits malicious actors to trigger a server-side template injection that may result in remote code execution or escalation of privileges to root level access. CISA has updated this alert with additional indicators of compromise, dete…
  continue reading
 
The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Department of the Treasury (Treasury), and the Financial Crimes Enforcement Network (FinCEN) are releasing this joint Cybersecurity Advisory to provide information about the Karakurt data extortion group, also known as the Karakurt Team and K…
  continue reading
 
CISA is releasing this cybersecurity advisory to warn organizations that malicious cyber actors are exploiting CVE-2022-22954 and CVE-2022-22960. These vulnerabilities affect versions of VMware products. Successful exploitation permits malicious actors to trigger a server-side template injection that may result in remote code execution or escalatio…
  continue reading
 
CISA and the Multi-State Information Sharing & Analysis Center (MS-ISAC), are releasing this joint Cybersecurity Advisory in response to active exploitation of CVE-2022-1388. This vulnerability is a critical iControl REST authentication bypass vulnerability affecting multiple versions of F5 Networks BIG-IP. AA22-138A Alert, Technical Details, and M…
  continue reading
 
This joint cybersecurity advisory was coauthored by the cybersecurity authorities of the US, Canada, New Zealand, the Netherlands, and the UK. Cyber actors routinely exploit poor security configurations, weak controls, and other poor cyber hygiene practices to gain initial access or as part of other tactics to compromise a victim’s system. This joi…
  continue reading
 
The cybersecurity authorities of the UK, Australia, Canada, New Zealand, and the US have observed a recent increase in malicious cyber activity against managed service providers (MSPs). Allied cybersecurity authorities expect state-sponsored cyber actors to increase their targeting of MSPs in an attempt to exploit provider-customer trust relationsh…
  continue reading
 
The US government attributes cyberattacks on satellite communication (SATCOM) networks to Russian state-sponsored malicious cyber actors. The FBI and CISA are aware of possible threats to US and international SATCOM networks. Intrusions into SATCOM networks could create risk in customer environments. AA22-076A Alert, Technical Details, and Mitigati…
  continue reading
 
This joint Cybersecurity Advisory was coauthored by cybersecurity authorities of the US, Australia, Canada, New Zealand, and the UK. This advisory provides details on the top 15 Common Vulnerabilities and Exposures (CVEs) routinely exploited by malicious cyber actors in 2021, as well as other CVEs frequently exploited. AA22-117A Alert, Technical De…
  continue reading
 
The allied cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom are releasing this joint Cybersecurity Advisory (CSA). The intent of this joint CSA is to warn organizations that Russia’s invasion of Ukraine could expose organizations both within and beyond the region to increased malicious cyber act…
  continue reading
 
This joint Cybersecurity Advisory highlights the cyber threat associated with cryptocurrency thefts and tactics used by a North Korean state-sponsored APT group since at least 2020. This group is commonly tracked by the cybersecurity industry as Lazarus Group, APT38, BlueNoroff, and Stardust Chollima. As of April 2022, North Korea’s Lazarus Group h…
  continue reading
 
The DOE, CISA, NSA, and the FBI are releasing this joint Cybersecurity Advisory to warn that certain APT actors have demonstrated the ability to gain full system access to multiple ICS/SCADA devices, including: Schneider Electric programmable logic controllers, OMRON Sysmac NEX programmable logic controllers, and Open Platform Communications Unifie…
  continue reading
 
The FBI and CISA are releasing this joint Cybersecurity Advisory to warn organizations that Russian state-sponsored cyber actors have gained network access through exploitation of default MFA protocols and a known vulnerability. As early as May 2021, Russian state-sponsored cyber actors took advantage of a misconfigured account set to default MFA p…
  continue reading
 
The FBI and CISA are aware of possible threats to U.S. and international satellite communication (SATCOM) networks. Successful intrusions into SATCOM networks could create risk in SATCOM network providers’ customer environments. AA22-076A Alert, Technical Details, and Mitigations CISA Shields Up Technical Guidance NSA Cybersecurity Advisory: Protec…
  continue reading
 
This Joint Cybersecurity Advisory between CISA and the FBI provides technical information on WhisperGate and HermeticWiper malware as well as open-source indicators of compromise for organizations to detect and prevent the malware. Additionally, this alert provides recommended guidance and considerations for organizations to address as part of netw…
  continue reading
 
This joint Cybersecurity Advisory provides information on multiple intrusion campaigns conducted by state-sponsored Russian cyber actors from 2011 to 2018 that targeted US and international Energy Sector organizations. CISA, the FBI, and DOE assess that state-sponsored Russian cyber operations continue to pose a threat to Energy Sector networks and…
  continue reading
 
The FBI, CISA, US Cyber Command Cyber National Mission Force, and the United Kingdom’s National Cyber Security Centre have observed a group of Iranian government-sponsored APT actors, known as MuddyWater, conducting cyber espionage and other malicious cyber operations targeting a range of government and private-sector organizations across sectors—i…
  continue reading
 
CISA, the UK’s National Cyber Security Centre (NCSC), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) have identified that the actor known as Sandworm or Voodoo Bear is using a new malware, Cyclops Blink. CISA, the NCSC, and the FBI have previously attributed the Sandworm actor to the Russian General Staff Main Int…
  continue reading
 
CISA, the FBI, and NSA have observed Russian state-sponsored cyber actors regularly target US cleared defense contractors from at least January 2020 through February 2022. The actors have targeted both large and small defense contractors and subcontractors with varying levels of cybersecurity protocols and resources. These defense contractors suppo…
  continue reading
 
Loading …

Hướng dẫn sử dụng nhanh