Found 85 bookmarks
Custom sorting
2021 Top Routinely Exploited Vulnerabilities | CISA
2021 Top Routinely Exploited Vulnerabilities | CISA
This joint Cybersecurity Advisory (CSA) was coauthored by cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom: the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS),
#cisa#uscert#csirt#cert#U.-S.-Computer-Emergency-Readiness#top#2021#top2021#EN#2022#Vulnerabilities
·cisa.gov·
2021 Top Routinely Exploited Vulnerabilities | CISA
NSA Releases Network Infrastructure Security Guidance
NSA Releases Network Infrastructure Security Guidance
The National Security Agency (NSA) has released a new Cybersecurity Technical Report (CTR): Network Infrastructure Security Guidance. The report captures best practices based on the depth and breadth of experience in supporting customers and responding to threats. Recommendations include perimeter and internal network defenses to improve monitoring and access controls throughout the network. PDF Document
#uscert#csirt#CISA#NSA#Guidance#Network#howto#bestpractices#2022#EN
·cisa.gov·
NSA Releases Network Infrastructure Security Guidance
Destructive Malware Targeting Organizations in Ukraine
Destructive Malware Targeting Organizations in Ukraine
Actions to Take Today: • Set antivirus and antimalware programs to conduct regular scans. • Enable strong spam filters to prevent phishing emails from reaching end users. • Filter network traffic. • Update software. • Require multifactor authentication. Leading up to Russia’s unprovoked attack against Ukraine, threat actors deployed destructive malware against organizations in Ukraine to destroy computer systems and render them inoperable. 
#uscert#csirt#cert#CISA#EN#2022#alert#WhisperGate#HermeticWiper#malware
·cisa.gov·
Destructive Malware Targeting Organizations in Ukraine
CISA Adds One Known Exploited Vulnerability to Catalog
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerability listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise.
#uscert#csirt#CISA#EN#CVE-2022-22620
·cisa.gov·
CISA Adds One Known Exploited Vulnerability to Catalog
Understanding and Responding to Distributed Denial-Of-Service Attacks
Understanding and Responding to Distributed Denial-Of-Service Attacks
This joint guide, Understanding and Responding to Distributed Denial-Of-Service Attacks, addresses the specific needs and challenges faced by organizations in defending against DDoS attacks. The guidance now includes detailed insight into three different types of DDoS techniques: Volumetric, attacks aiming to consume available bandwidth. Protocol, attacks which exploit vulnerabilities in network protocols. * Application, attacks targeting vulnerabilities in specific applications or running services.
#CISA#EN#2024#DDoS#guidance#US#Denial-Of-Service#Attacks
·cisa.gov·
Understanding and Responding to Distributed Denial-Of-Service Attacks
CISA, FBI, and MS-ISAC Release Advisory on Phobos Ransomware
CISA, FBI, and MS-ISAC Release Advisory on Phobos Ransomware
Today, CISA, the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint Cybersecurity Advisory (CSA), #StopRansomware: Phobos Ransomware, to disseminate known tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs), which are from incident response investigations tied to Phobos ransomware activity from as recently as February, 2024.
#cisa#EN#2024#Phobos#Ransomware#Critical-infrastructure#StopRansomware:
·cisa.gov·
CISA, FBI, and MS-ISAC Release Advisory on Phobos Ransomware
Phobos Ransomware Aggressively Targeting U.S. Critical Infrastructure
Phobos Ransomware Aggressively Targeting U.S. Critical Infrastructure
U.S. cybersecurity and intelligence agencies have warned of Phobos ransomware attacks targeting government and critical infrastructure entities, outlining the various tactics and techniques the threat actors have adopted to deploy the file-encrypting malware. "Structured as a ransomware-as-a-service (RaaS) model, Phobos ransomware actors have targeted entities including municipal and county governments, emergency services, education, public healthcare, and critical infrastructure to successfully ransom several million in U.S. dollars," the government said.
#thehackernews#EN#2024#Phobos#Ransomware#CISA#US#Critical-infrastructure
·thehackernews.com·
Phobos Ransomware Aggressively Targeting U.S. Critical Infrastructure
CISA cautions against using hacked Ivanti VPN gateways even after factory resets
CISA cautions against using hacked Ivanti VPN gateways even after factory resets
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) revealed today that attackers who hack Ivanti VPN appliances using one of multiple actively exploited vulnerabilities may be able to maintain root persistence even after performing factory resets.
#bleepingcomputer#EN#2024#CISA#FBI#Ivanti#Warning
·bleepingcomputer.com·
CISA cautions against using hacked Ivanti VPN gateways even after factory resets
Threat Actors Exploit Multiple Vulnerabilities in Ivanti Connect Connect and Policy Secure Gateways | CISA
Threat Actors Exploit Multiple Vulnerabilities in Ivanti Connect Connect and Policy Secure Gateways | CISA
Based upon the authoring organizations’ observations during incident response activities and available industry reporting, as supplemented by CISA’s research findings, the authoring organizations recommend that the safest course of action for network defenders is to assume a sophisticated threat actor may deploy rootkit level persistence on a device that has been reset and lay dormant for an arbitrary amount of time. For example, as outlined in PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure), sophisticated actors may remain silent on compromised networks for long periods. The authoring organizations strongly urge all organizations to consider the significant risk of adversary access to, and persistence on, Ivanti Connect Secure and Ivanti Policy Secure gateways when determining whether to continue operating these devices in an enterprise environment.
#CISA#EN#2024#Ivanti#Vulnerabilities#Connect#persistence#Warning
·cisa.gov·
Threat Actors Exploit Multiple Vulnerabilities in Ivanti Connect Connect and Policy Secure Gateways | CISA
2021 Top Routinely Exploited Vulnerabilities | CISA
2021 Top Routinely Exploited Vulnerabilities | CISA
This joint Cybersecurity Advisory (CSA) was coauthored by cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom: the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS),
#cisa#uscert#csirt#cert#U.-S.-Computer-Emergency-Readiness#top#2021#top2021#EN#2022#Vulnerabilities
·cisa.gov·
2021 Top Routinely Exploited Vulnerabilities | CISA
NSA Releases Network Infrastructure Security Guidance
NSA Releases Network Infrastructure Security Guidance
The National Security Agency (NSA) has released a new Cybersecurity Technical Report (CTR): Network Infrastructure Security Guidance. The report captures best practices based on the depth and breadth of experience in supporting customers and responding to threats. Recommendations include perimeter and internal network defenses to improve monitoring and access controls throughout the network. PDF Document
#uscert#csirt#CISA#NSA#Guidance#Network#howto#bestpractices#2022#EN
·cisa.gov·
NSA Releases Network Infrastructure Security Guidance
Destructive Malware Targeting Organizations in Ukraine
Destructive Malware Targeting Organizations in Ukraine
Actions to Take Today: • Set antivirus and antimalware programs to conduct regular scans. • Enable strong spam filters to prevent phishing emails from reaching end users. • Filter network traffic. • Update software. • Require multifactor authentication. Leading up to Russia’s unprovoked attack against Ukraine, threat actors deployed destructive malware against organizations in Ukraine to destroy computer systems and render them inoperable. 
#uscert#csirt#cert#CISA#EN#2022#alert#WhisperGate#HermeticWiper#malware
·cisa.gov·
Destructive Malware Targeting Organizations in Ukraine
CISA Adds One Known Exploited Vulnerability to Catalog
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerability listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise.
#uscert#csirt#CISA#EN#CVE-2022-22620
·cisa.gov·
CISA Adds One Known Exploited Vulnerability to Catalog
Threat Actor Leverages Compromised Account of Former Employee to Access State Government Organization | CISA
Threat Actor Leverages Compromised Account of Former Employee to Access State Government Organization | CISA
The Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) conducted an incident response assessment of a state government organization’s network environment after documents containing host and user information, including metadata, were posted on a dark web brokerage site. Analysis confirmed that an unidentified threat actor compromised network administrator credentials through the account of a former employee—a technique commonly leveraged by threat actors—to successfully authenticate to an internal virtual private network (VPN) access point, further navigate the victim’s on-premises environment, and execute various lightweight directory access protocol (LDAP) queries against a domain controller.[1] Analysis also focused on the victim’s Azure environment, which hosts sensitive systems and data, as well as the compromised on-premises environment. Analysis determined there were no indications the threat actor further compromised the organization by moving laterally from the on-premises environment to the Azure environment.
#CISA#EN#2024#Compromised#Account#Former-Employee#advisory
·cisa.gov·
Threat Actor Leverages Compromised Account of Former Employee to Access State Government Organization | CISA
Technology News Government News Get more insights with the Recorded Future Intelligence Cloud. Learn more. In alerting about two Citrix bugs, CISA recommends immediate attention for one
Technology News Government News Get more insights with the Recorded Future Intelligence Cloud. Learn more. In alerting about two Citrix bugs, CISA recommends immediate attention for one
Two bugs in Citrix technology are drawing serious attention this week from the Cybersecurity and Infrastructure Security Agency. CISA says federal agencies much patch one of the vulnerabilities — tagged as CVE-2023-6548 — by January 24. It’s one of the rare times the cyber agency has put a remediation date of less than three weeks on a vulnerability. CISA did not respond to requests for comment about why the remediation timeline was shorter than most. The other bug — listed as CVE-2023-6548 — must be fixed by February 7. CISA’s alerts are aimed at federal agencies but often serve as general warnings for the public.
#therecord#EN#2024#Citrix#CVE-2023-6548#CISA
·therecord.media·
Technology News Government News Get more insights with the Recorded Future Intelligence Cloud. Learn more. In alerting about two Citrix bugs, CISA recommends immediate attention for one
2021 Top Routinely Exploited Vulnerabilities | CISA
2021 Top Routinely Exploited Vulnerabilities | CISA
This joint Cybersecurity Advisory (CSA) was coauthored by cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom: the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS),
#cisa#uscert#csirt#cert#U.-S.-Computer-Emergency-Readiness#top#2021#top2021#EN#2022#Vulnerabilities
·cisa.gov·
2021 Top Routinely Exploited Vulnerabilities | CISA
NSA Releases Network Infrastructure Security Guidance
NSA Releases Network Infrastructure Security Guidance
The National Security Agency (NSA) has released a new Cybersecurity Technical Report (CTR): Network Infrastructure Security Guidance. The report captures best practices based on the depth and breadth of experience in supporting customers and responding to threats. Recommendations include perimeter and internal network defenses to improve monitoring and access controls throughout the network. PDF Document
#uscert#csirt#CISA#NSA#Guidance#Network#howto#bestpractices#2022#EN
·cisa.gov·
NSA Releases Network Infrastructure Security Guidance
Destructive Malware Targeting Organizations in Ukraine
Destructive Malware Targeting Organizations in Ukraine
Actions to Take Today: • Set antivirus and antimalware programs to conduct regular scans. • Enable strong spam filters to prevent phishing emails from reaching end users. • Filter network traffic. • Update software. • Require multifactor authentication. Leading up to Russia’s unprovoked attack against Ukraine, threat actors deployed destructive malware against organizations in Ukraine to destroy computer systems and render them inoperable. 
#uscert#csirt#cert#CISA#EN#2022#alert#WhisperGate#HermeticWiper#malware
·cisa.gov·
Destructive Malware Targeting Organizations in Ukraine
CISA Adds One Known Exploited Vulnerability to Catalog
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerability listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise.
#uscert#csirt#CISA#EN#CVE-2022-22620
·cisa.gov·
CISA Adds One Known Exploited Vulnerability to Catalog
Russian FSB Cyber Actor Star Blizzard Continues Worldwide Spear-phishing Campaigns | CISA
Russian FSB Cyber Actor Star Blizzard Continues Worldwide Spear-phishing Campaigns | CISA
The Russia-based actor Star Blizzard (formerly known as SEABORGIUM, also known as Callisto Group/TA446/COLDRIVER/TAG-53/BlueCharlie) continues to successfully use spear-phishing attacks against targeted organizations and individuals in the UK, and other geographical areas of interest, for information-gathering activity. The UK National Cyber Security Centre (NCSC), the US Cybersecurity and Infrastructure Security Agency (CISA), the US Federal Bureau of Investigation (FBI), the US National Security Agency (NSA), the US Cyber National Mission Force (CNMF), the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), the Canadian Centre for Cyber Security (CCCS), and the New Zealand National Cyber Security Centre (NCSC-NZ) assess that Star Blizzard is almost certainly subordinate to the Russian Federal Security Service (FSB) Centre 18.
#cisa#EN#2023#US#Russia#FSB#Star-Blizzard#SEABORGIUM#spear-phishing#attacks#UK
·cisa.gov·
Russian FSB Cyber Actor Star Blizzard Continues Worldwide Spear-phishing Campaigns | CISA