Dezember 2023
Titel
Russian FSB Cyber Actor Star Blizzard Continues Worldwide Spear-phishing Campaigns
Veröffentlicht
6. Dezember 2023 21:18
Text
The Russia-based actor is targeting organizations and individuals in the UK and other geographical areas of interest. OVERVIEW The Russia-based actor Star Blizzard (formerly known as SEABORGIUM, also known as Callisto Group/TA446/COLDRIVER/TAG-53/BlueCharlie) continues to successfully use spear-phishing attacks against targeted organizations and individuals in the UK, and other geographical areas ...
Titel
Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers
Veröffentlicht
4. Dezember 2023 19:05
Text
SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA) is releasing a Cybersecurity Advisory (CSA) in response to confirmed exploitation of CVE-2023-26360 by unidentified threat actors at a Federal Civilian Executive Branch (FCEB) agency. This vulnerability presents as an improper access control issue impacting Adobe ColdFusion versions 2018 Update 15 (and ...
Titel
IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities
Veröffentlicht
1. Dezember 2023 23:21
Text
SUMMARY The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Environmental Protection Agency (EPA), and the Israel National Cyber Directorate (INCD)—hereafter referred to as "the authoring agencies"—are disseminating this joint Cybersecurity Advisory (CSA) to highlight continued malicious cyber activity against operational technology devices ...
November 2023
Titel
#StopRansomware: LockBit 3.0 Ransomware Affiliates Exploit CVE 2023-4966 Citrix Bleed Vulnerability
Veröffentlicht
21. November 2023 14:50
Text
SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations ...
Titel
Scattered Spider
Veröffentlicht
15. November 2023 15:55
Text
SUMMARY The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint Cybersecurity Advisory (CSA) in response to recent activity by Scattered Spider threat actors against the commercial facilities sectors and subsectors. This advisory provides tactics, techniques, and procedures (TTPs) obtained through FBI investigations ...
Titel
#StopRansomware: Rhysida Ransomware
Veröffentlicht
14. November 2023 17:45
Text
SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders detailing various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect ...
Oktober 2023
Titel
Threat Actors Exploit Atlassian Confluence CVE-2023-22515 for Initial Access to Networks
Veröffentlicht
13. Oktober 2023 22:48
Text
SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing this joint Cybersecurity Advisory (CSA) in response to the active exploitation of CVE-2023-22515. This recently disclosed vulnerability affects certain versions of Atlassian Confluence Data Center and Server, ...
Titel
#StopRansomware: AvosLocker Ransomware (Update)
Veröffentlicht
10. Oktober 2023 17:46
Text
SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations ...
Titel
NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations
Veröffentlicht
2. Oktober 2023 21:42
Text
A plea for network defenders and software manufacturers to fix common problems. EXECUTIVE SUMMARY The National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint cybersecurity advisory (CSA) to highlight the most common cybersecurity misconfigurations in large organizations, and detail the tactics, techniques, and procedures ...
September 2023
Titel
People's Republic of China-Linked Cyber Actors Hide in Router Firmware
Veröffentlicht
26. September 2023 21:45
Text
Executive Summary The United States National Security Agency (NSA), the U.S. Federal Bureau of Investigation (FBI), the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Japan National Police Agency (NPA), and the Japan National Center of Incident Readiness and Strategy for Cybersecurity (NISC) (hereafter referred to as the “authoring agencies”) ...
Titel
#StopRansomware: Snatch Ransomware
Veröffentlicht
18. September 2023 23:27
Text
SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations ...
Titel
Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475
Veröffentlicht
6. September 2023 19:03
Text
SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and Cyber National Mission Force (CNMF) identified the presence of indicators of compromise (IOCs) at an Aeronautical Sector organization as early as January 2023. Analysts confirmed that nation-state advanced persistent threat (APT) actors exploited CVE-2022-47966 to gain ...
August 2023
Titel
Identification and Disruption of QakBot Infrastructure
Veröffentlicht
29. August 2023 21:28
Text
SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) are releasing this joint Cybersecurity Advisory (CSA) to disseminate QakBot infrastructure indicators of compromise (IOCs) identified through FBI investigations as of August 2023. On August 25, FBI and international partners executed a coordinated operation to disrupt ...
Titel
2022 Top Routinely Exploited Vulnerabilities
Veröffentlicht
2. August 2023 20:57
Text
SUMMARY The following cybersecurity agencies coauthored this joint Cybersecurity Advisory (CSA): United States: The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI) Australia: Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) Canada: Canadian Centre for Cyber Security (CCCS) New Zealand: New Zealand ...
Titel
Threat Actors Exploiting Ivanti EPMM Vulnerabilities
Veröffentlicht
1. August 2023 16:42
Text
SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA) and the Norwegian National Cyber Security Centre (NCSC-NO) are releasing this joint Cybersecurity Advisory (CSA) in response to active exploitation of CVE-2023-35078 and CVE-2023-35081. Advanced persistent threat (APT) actors exploited CVE-2023-35078 as a zero day from at least April 2023 through July ...
Juli 2023
Titel
Preventing Web Application Access Control Abuse
Veröffentlicht
26. Juli 2023 23:10
Text
SUMMARY The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC), U.S. Cybersecurity and Infrastructure Security Agency (CISA), and U.S. National Security Agency (NSA) are releasing this joint Cybersecurity Advisory to warn vendors, designers, and developers of web applications and organizations using web applications about insecure direct object reference (IDOR) vulnerabilities. ...
Titel
Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells
Veröffentlicht
20. Juli 2023 21:28
Text
SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA) is releasing this Cybersecurity Advisory to warn network defenders about exploitation of CVE-2023-3519, an unauthenticated remote code execution (RCE) vulnerability affecting NetScaler (formerly Citrix) Application Delivery Controller (ADC) and NetScaler Gateway. In June 2023, threat actors exploited this vulnerability as a zero-day ...
Titel
Enhanced Monitoring to Detect APT Activity Targeting Outlook Online
Veröffentlicht
11. Juli 2023 23:55
Text
SUMMARY In June 2023, a Federal Civilian Executive Branch (FCEB) agency identified suspicious activity in their Microsoft 365 (M365) cloud environment. The agency reported the activity to Microsoft and the Cybersecurity and Infrastructure Security Agency (CISA), and Microsoft determined that advanced persistent threat (APT) actors accessed and exfiltrated unclassified Exchange ...
Titel
Increased Truebot Activity Infects U.S. and Canada Based Networks
Veröffentlicht
5. Juli 2023 23:30
Text
SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Canadian Centre for Cyber Security (CCCS) are releasing this joint Cybersecurity Advisory (CSA) in response to cyber threat actors leveraging newly identified Truebot malware variants against ...
Juni 2023
Titel
Understanding Ransomware Threat Actors: LockBit
Veröffentlicht
12. Juni 2023 18:22
Text
SUMMARY In 2022, LockBit was the most deployed ransomware variant across the world and continues to be prolific in 2023. Since January 2020, affiliates using LockBit have attacked organizations of varying sizes across an array of critical infrastructure sectors, including financial services, food and agriculture, education, energy, government and emergency ...
Titel
#StopRansomware: CL0P Ransomware Gang Exploits CVE-2023-34362 MOVEit Vulnerability
Veröffentlicht
6. Juni 2023 22:58
Text
SUMMARY Note: this joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations ...
Mai 2023
Titel
People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection
Veröffentlicht
23. Mai 2023 20:06
Text
Summary The United States and international cybersecurity authorities are issuing this joint Cybersecurity Advisory (CSA) to highlight a recently discovered cluster of activity of interest associated with a People’s Republic of China (PRC) state-sponsored cyber actor, also known as Volt Typhoon. Private sector partners have identified that this activity affects ...
Titel
#StopRansomware: BianLian Ransomware Group
Veröffentlicht
15. Mai 2023 18:29
Text
Summary Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations ...
Titel
Malicious Actors Exploit CVE-2023-27350 in PaperCut MF and NG
Veröffentlicht
10. Mai 2023 23:35
Text
SUMMARY The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint Cybersecurity Advisory (CSA) in response to the active exploitation of CVE-2023-27350. This vulnerability occurs in certain versions of PaperCut NG and PaperCut MF and enables an unauthenticated actor to execute malicious code ...
Titel
Hunting Russian Intelligence “Snake” Malware
Veröffentlicht
8. Mai 2023 23:02
Text
SUMMARY The Snake implant is considered the most sophisticated cyber espionage tool designed and used by Center 16 of Russia’s Federal Security Service (FSB) for long-term intelligence collection on sensitive targets. To conduct operations using this tool, the FSB created a covert peer-to-peer (P2P) network of numerous Snake-infected computers worldwide. ...

Letzte Updates

BOSCH PSIRT
31.10.2024
SIEMENS CERT
22.11.2024
US CERT
08.11.2024
US CERT (ICS)
21.11.2024

Nach Quelle

Archiv

2024
2023
2022
2021
2020
2019
2018
2017

Feeds