0

AA23-039A: ESXiArgs Ransomware Virtual Machine Recovery Guidance

Feb 8, 2023 / in Uncategorized

Original release date: February 8, 2023 Summary The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are releasing this joint Cybersecurity Advisory (CSA) in response to the ongoing ransomware campaign, known as “ESXiArgs.” Malicious actors may be exploiting known vulnerabilities in VMware ESXi servers that are likely running unpatched and…

Read More
0

AA23-025A: Protecting Against Malicious Use of Remote Monitoring and Management Software

Jan 25, 2023 / in Uncategorized

Original release date: January 25, 2023 Summary The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Multi-State Information Sharing and Analysis Center (MS-ISAC) (hereafter referred to as the “authoring organizations”) are releasing this joint Cybersecurity Advisory (CSA) to warn network defenders about malicious use of legitimate remote monitoring and management (RMM) software….

Read More
0

AA22-335A: #StopRansomware: Cuba Ransomware

Dec 1, 2022 / in Uncategorized

Original release date: December 1, 2022 Summary Actions to take today to mitigate cyber threats from ransomware: • Prioritize remediating known exploited vulnerabilities. • Train users to recognize and report phishing attempts. • Enable and enforce phishing-resistant multifactor authentication. Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories…

Read More
0

Dridex Malware

Nov 17, 2022 / in Uncategorized

Summary This Alert is the result of recent collaboration between the Department of the Treasury Financial Sector Cyber Information Group (CIG) and the Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) to identify and share information with the financial services sector. Treasury and the Cybersecurity and Infrastructure Security Agency (CISA) are providing this report…

Read More
0

Publicly Available Tools Seen in Cyber Incidents Worldwide

Nov 17, 2022 / in Uncategorized

Summary This report is a collaborative research effort by the cyber security authorities of five nations: Australia, Canada, New Zealand, the United Kingdom, and the United States.[1][2][3][4][5] In it we highlight the use of five publicly available tools, which have been used for malicious purposes in recent cyber incidents around the world. The five tools…

Read More
0

SamSam Ransomware

Nov 17, 2022 / in Uncategorized

Summary The Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) and the Federal Bureau of Investigation (FBI) are issuing this activity alert to inform computer network defenders about SamSam ransomware, also known as MSIL/Samas.A. Specifically, this product shares analysis of vulnerabilities that cyber actors exploited to deploy this ransomware. In addition,…

Read More
0

Continued Exploitation of Pulse Secure VPN Vulnerability

Nov 17, 2022 / in Uncategorized

Summary Unpatched Pulse Secure VPN servers continue to be an attractive target for malicious actors. Affected organizations that have not applied the software patch to fix an arbitrary file reading vulnerability, known as CVE-2019-11510, can become compromised in an attack.[1] Although Pulse Secure [2] disclosed the vulnerability and provided software patches for the various affected…

Read More
0

DNS Infrastructure Hijacking Campaign

Nov 17, 2022 / in Uncategorized

Summary The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), is aware of a global Domain Name System (DNS) infrastructure hijacking campaign. Using compromised credentials, an attacker can modify the location to which an organization’s domain name resources resolve. This enables the attacker to redirect user traffic…

Read More
0

AA22-321A: #StopRansomware: Hive Ransomware

Nov 17, 2022 / in Uncategorized

Original release date: November 17, 2022 Summary Actions to Take Today to Mitigate Cyber Threats from Ransomware: • Prioritize remediating known exploited vulnerabilities. • Enable and enforce multifactor authentication with strong passwords • Close unused ports and remove any application not deemed necessary for day-to-day operations. Note: This joint Cybersecurity Advisory (CSA) is part of…

Read More