September 2024
19.09.2024
US CERT
CISA Adds One Known Exploited Vulnerability to Catalog
Title
CISA Adds One Known Exploited Vulnerability to Catalog
Published
Sept. 19, 2024, 5:28 p.m.
URL
https://www.cisa.gov/news-events/alerts/2024/09/19/cisa-adds-one-known-exploited-vulnerability-catalog
Summary
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-8963 Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive ...
04.09.2024
US CERT
Russian Military Cyber Actors Target US and Global Critical Infrastructure
Title
Russian Military Cyber Actors Target US and Global Critical Infrastructure
Published
Sept. 4, 2024, 9:01 p.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-249a
Summary
Summary The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and National Security Agency (NSA) assess that cyber actors affiliated with the Russian General Staff Main Intelligence Directorate (GRU) 161st Specialist Training Center (Unit 29155) are responsible for computer network operations against global targets for the purposes ...
August 2024
29.08.2024
US CERT
#StopRansomware: RansomHub Ransomware
Title
#StopRansomware: RansomHub Ransomware
Published
Aug. 29, 2024, 3:17 p.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-242a
Summary
Summary Note: This joint Cybersecurity Advisory is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect ...
23.08.2024
US CERT
Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations
Title
Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations
Published
Aug. 23, 2024, 6:41 p.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-241a
Summary
Summary The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Defense Cyber Crime Center (DC3) are releasing this joint Cybersecurity Advisory (CSA) to warn network defenders that, as of August 2024, a group of Iran-based cyber actors continues to exploit U.S. and foreign ...
20.08.2024
US CERT
Best Practices for Event Logging and Threat Detection
Title
Best Practices for Event Logging and Threat Detection
Published
Aug. 20, 2024, 6:35 p.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-234a
Summary
Executive Summary This publication defines a baseline for event logging best practices to mitigate cyber threats. It was developed by the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) in cooperation with the following international partners: United States (US) Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of ...
12.08.2024
US CERT
CISA Adds Six Known Exploited Vulnerabilities to Catalog
Title
CISA Adds Six Known Exploited Vulnerabilities to Catalog
Published
Aug. 12, 2024, 7:38 p.m.
URL
https://www.cisa.gov/news-events/alerts/2024/08/13/cisa-adds-six-known-exploited-vulnerabilities-catalog
Summary
CISA has added six new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-38189 Microsoft Project Remote Code Execution Vulnerability CVE-2024-38178 Microsoft Windows Scripting Engine Memory Corruption Vulnerability CVE-2024-38213 Microsoft Windows SmartScreen Security Feature Bypass Vulnerability CVE-2024-38193 Microsoft Windows Ancillary Function Driver for WinSock Privilege ...
July 2024
24.07.2024
US CERT
North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs
Title
North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs
Published
July 24, 2024, 6:37 p.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a
Summary
Summary The U.S. Federal Bureau of Investigation (FBI) and the following authoring partners are releasing this Cybersecurity Advisory to highlight cyber espionage activity associated with the Democratic People’s Republic of Korea (DPRK)’s Reconnaissance General Bureau (RGB) 3rd Bureau based in Pyongyang and Sinuiju: U.S. Cyber National Mission Force (CNMF) U.S. ...
09.07.2024
US CERT
CISA Red Team’s Operations Against a Federal Civilian Executive Branch Organization Highlights the Necessity of Defense-in-Depth
Title
CISA Red Team’s Operations Against a Federal Civilian Executive Branch Organization Highlights the Necessity of Defense-in-Depth
Published
July 9, 2024, 4:09 p.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-193a
Summary
EXECUTIVE SUMMARY In early 2023, the Cybersecurity and Infrastructure Security Agency (CISA) conducted a SILENTSHIELD red team assessment against a Federal Civilian Executive Branch (FCEB) organization. During SILENTSHIELD assessments, the red team first performs a no-notice, long-term simulation of nation-state cyber operations. The team mimics the techniques, tradecraft, and behaviors ...
08.07.2024
US CERT
People’s Republic of China (PRC) Ministry of State Security APT40 Tradecraft in Action
Title
People’s Republic of China (PRC) Ministry of State Security APT40 Tradecraft in Action
Published
July 8, 2024, 3:52 p.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-190a
Summary
Overview Background This advisory, authored by the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), the United States Cybersecurity and Infrastructure Security Agency (CISA), the United States National Security Agency (NSA), the United States Federal Bureau of Investigation (FBI), the United Kingdom National Cyber Security Centre (NCSC-UK), the Canadian ...
May 2024
10.05.2024
US CERT
#StopRansomware: Black Basta
Title
#StopRansomware: Black Basta
Published
May 10, 2024, 3:02 p.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-131a
Summary
SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations ...
April 2024
17.04.2024
US CERT
#StopRansomware: Akira Ransomware
Title
#StopRansomware: Akira Ransomware
Published
April 17, 2024, 6:23 p.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-109a
Summary
SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations ...
February 2024
26.02.2024
US CERT
#StopRansomware: Phobos Ransomware
Title
#StopRansomware: Phobos Ransomware
Published
Feb. 26, 2024, 3:51 p.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-060a
Summary
SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations ...
23.02.2024
US CERT
SVR Cyber Actors Adapt Tactics for Initial Cloud Access
Title
SVR Cyber Actors Adapt Tactics for Initial Cloud Access
Published
Feb. 23, 2024, 6:37 p.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-057a
Summary
How SVR-Attributed Actors are Adapting to the Move of Government and Corporations to Cloud Infrastructure OVERVIEW This advisory details recent tactics, techniques, and procedures (TTPs) of the group commonly known as APT29, also known as Midnight Blizzard, the Dukes, or Cozy Bear. The UK National Cyber Security Centre (NCSC) and ...
21.02.2024
US CERT
Threat Actors Exploit Multiple Vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways
Title
Threat Actors Exploit Multiple Vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways
Published
Feb. 21, 2024, 9:30 p.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-060b
Summary
SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA) and the following partners (hereafter referred to as the authoring organizations) are releasing this joint Cybersecurity Advisory to warn that cyber threat actors are exploiting previously identified vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure gateways. CISA and authoring organizations appreciate ...
14.02.2024
US CERT
Threat Actor Leverages Compromised Account of Former Employee to Access State Government Organization
Title
Threat Actor Leverages Compromised Account of Former Employee to Access State Government Organization
Published
Feb. 14, 2024, 9:19 p.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-046a
Summary
SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) conducted an incident response assessment of a state government organization’s network environment after documents containing host and user information, including metadata, were posted on a dark web brokerage site. Analysis confirmed that an ...
01.02.2024
US CERT
PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure
Title
PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure
Published
Feb. 1, 2024, 9:37 p.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-038a
Summary
SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI) assess that People’s Republic of China (PRC) state-sponsored cyber actors are seeking to pre-position themselves on IT networks for disruptive or destructive cyberattacks against U.S. critical infrastructure in the event of a ...
January 2024
12.01.2024
US CERT
Known Indicators of Compromise Associated with Androxgh0st Malware
Title
Known Indicators of Compromise Associated with Androxgh0st Malware
Published
Jan. 12, 2024, 6:13 p.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-016a
Summary
SUMMARY The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint Cybersecurity Advisory (CSA) to disseminate known indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) associated with threat actors deploying Androxgh0st malware. Multiple, ongoing investigations and trusted third party reporting ...
December 2023
19.12.2023
US CERT
#StopRansomware: ALPHV Blackcat
Title
#StopRansomware: ALPHV Blackcat
Published
Dec. 19, 2023, 3:31 p.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-353a
Summary
SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations ...
14.12.2023
US CERT
Enhancing Cyber Resilience: Insights from the CISA Healthcare and Public Health Sector Risk and Vulnerability Assessment
Title
Enhancing Cyber Resilience: Insights from the CISA Healthcare and Public Health Sector Risk and Vulnerability Assessment
Published
Dec. 14, 2023, 1:24 a.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-349a
Summary
SUMMARY In January 2023, the Cybersecurity and Infrastructure Security Agency (CISA) conducted a Risk and Vulnerability Assessment (RVA) at the request of a Healthcare and Public Health (HPH) sector organization to identify vulnerabilities and areas for improvement. An RVA is a two-week penetration test of an entire organization, with one ...
12.12.2023
US CERT
Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally
Title
Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally
Published
Dec. 12, 2023, 6:33 p.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-347a
Summary
SUMMARY The U.S. Federal Bureau of Investigation (FBI), U.S. Cybersecurity & Infrastructure Security Agency (CISA), U.S. National Security Agency (NSA), Polish Military Counterintelligence Service (SKW), CERT Polska (CERT.PL), and the UK’s National Cyber Security Centre (NCSC) assess Russian Foreign Intelligence Service (SVR) cyber actors—also known as Advanced Persistent Threat 29 ...
11.12.2023
US CERT
#StopRansomware: Play Ransomware
Title
#StopRansomware: Play Ransomware
Published
Dec. 11, 2023, 11:41 p.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-352a
Summary
SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations ...
06.12.2023
US CERT
Russian FSB Cyber Actor Star Blizzard Continues Worldwide Spear-phishing Campaigns
Title
Russian FSB Cyber Actor Star Blizzard Continues Worldwide Spear-phishing Campaigns
Published
Dec. 6, 2023, 9:18 p.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-341a
Summary
The Russia-based actor is targeting organizations and individuals in the UK and other geographical areas of interest. OVERVIEW The Russia-based actor Star Blizzard (formerly known as SEABORGIUM, also known as Callisto Group/TA446/COLDRIVER/TAG-53/BlueCharlie) continues to successfully use spear-phishing attacks against targeted organizations and individuals in the UK, and other geographical areas ...
04.12.2023
US CERT
Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers
Title
Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers
Published
Dec. 4, 2023, 7:05 p.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-339a
Summary
SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA) is releasing a Cybersecurity Advisory (CSA) in response to confirmed exploitation of CVE-2023-26360 by unidentified threat actors at a Federal Civilian Executive Branch (FCEB) agency. This vulnerability presents as an improper access control issue impacting Adobe ColdFusion versions 2018 Update 15 (and ...
01.12.2023
US CERT
IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities
Title
IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities
Published
Dec. 1, 2023, 11:21 p.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-335a
Summary
SUMMARY The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Environmental Protection Agency (EPA), and the Israel National Cyber Directorate (INCD)—hereafter referred to as "the authoring agencies"—are disseminating this joint Cybersecurity Advisory (CSA) to highlight continued malicious cyber activity against operational technology devices ...
November 2023
21.11.2023
US CERT
#StopRansomware: LockBit 3.0 Ransomware Affiliates Exploit CVE 2023-4966 Citrix Bleed Vulnerability
Title
#StopRansomware: LockBit 3.0 Ransomware Affiliates Exploit CVE 2023-4966 Citrix Bleed Vulnerability
Published
Nov. 21, 2023, 2:50 p.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-325a
Summary
SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations ...

Last Updates

BOSCH PSIRT
21.08.2024
SIEMENS CERT
12.09.2024
US CERT
19.09.2024
US CERT (ICS)
19.09.2024

By Source

Archive

2024
2023
2022
2021
2020
2019
2018
2017

Feeds