0

AA22-137A: Weak Security Controls and Practices Routinely Exploited for Initial Access

May 17, 2022 / in Uncategorized

Original release date: May 17, 2022 Summary Best Practices to Protect Your Systems: • Control access. • Harden Credentials. • Establish centralized log management. • Use antivirus solutions. • Employ detection tools. • Operate services exposed on internet-accessible hosts with secure configurations. • Keep software updated. Cyber actors routinely exploit poor security configurations (either misconfigured…

Read More
0

AA22-131A: Protecting Against Cyber Threats to Managed Service Providers and their Customers

May 11, 2022 / in Uncategorized

Original release date: May 11, 2022 Summary Tactical actions for MSPs and their customers to take today: • Identify and disable accounts that are no longer in use. • Enforce MFA on MSP accounts that access the customer environment and monitor for unexplained failed authentication. • Ensure MSP-customer contracts transparently identify ownership of ICT security…

Read More
0

AA22-117A: 2021 Top Routinely Exploited Vulnerabilities

Apr 27, 2022 / in Uncategorized

Original release date: April 27, 2022 Summary This joint Cybersecurity Advisory (CSA) was coauthored by cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom: the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security…

Read More
0

AA22-110A: Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure

Apr 20, 2022 / in Uncategorized

Original release date: April 20, 2022 Summary Actions critical infrastructure organizations should implement to immediately protect against Russian state-sponsored and criminal cyber threats: • Patch all systems. Prioritize patching known exploited vulnerabilities. • Enforce multifactor authentication. • Secure and monitor Remote Desktop Protocol and other risky services. • Provide end-user awareness and training. The cybersecurity…

Read More
0

AA22-108A: TraderTraitor: North Korean State-Sponsored APT Targets Blockchain Companies

Apr 18, 2022 / in Uncategorized

Original release date: April 18, 2022 Summary Actions to take today to mitigate cyber threats to cryptocurrency: • Patch all systems. • Prioritize patching known exploited vulnerabilities. • Train users to recognize and report phishing attempts. • Use multifactor authentication. The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the…

Read More
0

AA22-103A: APT Cyber Tools Targeting ICS/SCADA Devices

Apr 13, 2022 / in Uncategorized

Original release date: April 13, 2022 Summary Actions to Take Today to Protect ICS/SCADA Devices: • Enforce multifactor authentication for all remote access to ICS networks and devices whenever possible. • Change all passwords to ICS/SCADA devices and systems on a consistent schedule, especially all default passwords, to device-unique strong passwords to mitigate password brute…

Read More
0

AA22-083A: Tactics, Techniques, and Procedures of Indicted State-Sponsored Russian Cyber Actors Targeting the Energy Sector

Mar 24, 2022 / in Uncategorized

Original release date: March 24, 2022 Summary Actions to Take Today to Protect Energy Sector Networks: • Implement and ensure robust network segmentation between IT and ICS networks. • Enforce MFA to authenticate to a system. • Manage the creation of, modification of, use of—and permissions associated with—privileged accounts. This joint Cybersecurity Advisory (CSA)—coauthored by…

Read More
0

AA22-076A: Strengthening Cybersecurity of SATCOM Network Providers and Customers

Mar 17, 2022 / in Uncategorized

Original release date: March 17, 2022 Summary Actions to Take Today: • Use secure methods for authentication. • Enforce principle of least privilege. • Review trust relationships. • Implement encryption. • Ensure robust patching and system configuration audits. • Monitor logs for suspicious activity. • Ensure incident response, resilience, and continuity of operations plans are…

Read More
0

AA22-074A: Russian State-Sponsored Cyber Actors Gain Network Access by Exploiting Default Multifactor Authentication Protocols and “PrintNightmare” Vulnerability

Mar 15, 2022 / in Uncategorized

Original release date: March 15, 2022 Summary Multifactor Authentication (MFA): A Cybersecurity Essential • MFA is one of the most important cybersecurity practices to reduce the risk of intrusions—according to industry research, users who enable MFA are up to 99 percent less likely to have an account compromised. • Every organization should enforce MFA for…

Read More
0

AA22-057A: Destructive Malware Targeting Organizations in Ukraine

Feb 26, 2022 / in Uncategorized

Original release date: February 26, 2022 | Last revised: March 1, 2022 Summary Actions to Take Today: • Set antivirus and antimalware programs to conduct regular scans. • Enable strong spam filters to prevent phishing emails from reaching end users. • Filter network traffic. • Update software. • Require multifactor authentication. Leading up to Russia’s…

Read More