0

AA23-025A: Protecting Against Malicious Use of Remote Monitoring and Management Software

Jan 25, 2023 / in Uncategorized

Original release date: January 25, 2023 Summary The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Multi-State Information Sharing and Analysis Center (MS-ISAC) (hereafter referred to as the “authoring organizations”) are releasing this joint Cybersecurity Advisory (CSA) to warn network defenders about malicious use of legitimate remote monitoring and management (RMM) software….

Read More
0

AA22-335A: #StopRansomware: Cuba Ransomware

Dec 1, 2022 / in Uncategorized

Original release date: December 1, 2022 Summary Actions to take today to mitigate cyber threats from ransomware: • Prioritize remediating known exploited vulnerabilities. • Train users to recognize and report phishing attempts. • Enable and enforce phishing-resistant multifactor authentication. Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories…

Read More
0

Dridex Malware

Nov 17, 2022 / in Uncategorized

Summary This Alert is the result of recent collaboration between the Department of the Treasury Financial Sector Cyber Information Group (CIG) and the Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) to identify and share information with the financial services sector. Treasury and the Cybersecurity and Infrastructure Security Agency (CISA) are providing this report…

Read More
0

Publicly Available Tools Seen in Cyber Incidents Worldwide

Nov 17, 2022 / in Uncategorized

Summary This report is a collaborative research effort by the cyber security authorities of five nations: Australia, Canada, New Zealand, the United Kingdom, and the United States.[1][2][3][4][5] In it we highlight the use of five publicly available tools, which have been used for malicious purposes in recent cyber incidents around the world. The five tools…

Read More
0

SamSam Ransomware

Nov 17, 2022 / in Uncategorized

Summary The Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) and the Federal Bureau of Investigation (FBI) are issuing this activity alert to inform computer network defenders about SamSam ransomware, also known as MSIL/Samas.A. Specifically, this product shares analysis of vulnerabilities that cyber actors exploited to deploy this ransomware. In addition,…

Read More
0

Continued Exploitation of Pulse Secure VPN Vulnerability

Nov 17, 2022 / in Uncategorized

Summary Unpatched Pulse Secure VPN servers continue to be an attractive target for malicious actors. Affected organizations that have not applied the software patch to fix an arbitrary file reading vulnerability, known as CVE-2019-11510, can become compromised in an attack.[1] Although Pulse Secure [2] disclosed the vulnerability and provided software patches for the various affected…

Read More
0

DNS Infrastructure Hijacking Campaign

Nov 17, 2022 / in Uncategorized

Summary The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), is aware of a global Domain Name System (DNS) infrastructure hijacking campaign. Using compromised credentials, an attacker can modify the location to which an organization’s domain name resources resolve. This enables the attacker to redirect user traffic…

Read More
0

AA22-321A: #StopRansomware: Hive Ransomware

Nov 17, 2022 / in Uncategorized

Original release date: November 17, 2022 Summary Actions to Take Today to Mitigate Cyber Threats from Ransomware: • Prioritize remediating known exploited vulnerabilities. • Enable and enforce multifactor authentication with strong passwords • Close unused ports and remove any application not deemed necessary for day-to-day operations. Note: This joint Cybersecurity Advisory (CSA) is part of…

Read More
0

AA22-320A: Iranian Government-Sponsored APT Actors Compromise Federal Network, Deploy Crypto Miner, Credential Harvester

Nov 16, 2022 / in Uncategorized

Original release date: November 16, 2022 Summary From mid-June through mid-July 2022, CISA conducted an incident response engagement at a Federal Civilian Executive Branch (FCEB) organization where CISA observed suspected advanced persistent threat (APT) activity. In the course of incident response activities, CISA determined that cyber threat actors exploited the Log4Shell vulnerability in an unpatched…

Read More
0

AA22-294A: #StopRansomware: Daixin Team

Oct 21, 2022 / in Uncategorized

Original release date: October 21, 2022 Summary Actions to take today to mitigate cyber threats from ransomware: • Install updates for operating systems, software, and firmware as soon as they are released. • Require phishing-resistant MFA for as many services as possible. • Train users to recognize and report phishing attempts. Note: This joint Cybersecurity…

Read More