November 2024
Title
2023 Top Routinely Exploited Vulnerabilities
Published
Nov. 8, 2024, 10:04 p.m.
Summary
Summary The following cybersecurity agencies coauthored this joint Cybersecurity Advisory (hereafter collectively referred to as the authoring agencies): United States: The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and National Security Agency (NSA) Australia: Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) Canada: Canadian Centre ...
October 2024
Title
Microsoft Releases October 2024 Security Updates
Published
Oct. 8, 2024, 8:41 p.m.
Summary
Microsoft released security updates to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following and apply necessary updates: Microsoft Security Update Guide for October
September 2024
Title
Iranian Cyber Actors’ Brute Force and Credential Access Activity Compromises Critical Infrastructure Organizations
Published
Sept. 30, 2024, 6:28 p.m.
Summary
Summary The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), the Communications Security Establishment Canada (CSE), the Australian Federal Police (AFP), and Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC) are releasing this joint Cybersecurity Advisory to warn network defenders ...
Title
CISA Adds One Known Exploited Vulnerability to Catalog
Published
Sept. 19, 2024, 5:28 p.m.
Summary
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-8963 Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive ...
Title
Russian Military Cyber Actors Target US and Global Critical Infrastructure
Published
Sept. 4, 2024, 9:01 p.m.
Summary
Summary The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and National Security Agency (NSA) assess that cyber actors affiliated with the Russian General Staff Main Intelligence Directorate (GRU) 161st Specialist Training Center (Unit 29155) are responsible for computer network operations against global targets for the purposes ...
August 2024
Title
#StopRansomware: RansomHub Ransomware
Published
Aug. 29, 2024, 3:17 p.m.
Summary
Summary Note: This joint Cybersecurity Advisory is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect ...
Title
Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations
Published
Aug. 23, 2024, 6:41 p.m.
Summary
Summary The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Defense Cyber Crime Center (DC3) are releasing this joint Cybersecurity Advisory (CSA) to warn network defenders that, as of August 2024, a group of Iran-based cyber actors continues to exploit U.S. and foreign ...
Title
Best Practices for Event Logging and Threat Detection
Published
Aug. 20, 2024, 6:35 p.m.
Summary
Executive Summary This publication defines a baseline for event logging best practices to mitigate cyber threats. It was developed by the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) in cooperation with the following international partners: United States (US) Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of ...
Title
CISA Adds Six Known Exploited Vulnerabilities to Catalog
Published
Aug. 12, 2024, 7:38 p.m.
Summary
CISA has added six new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-38189 Microsoft Project Remote Code Execution Vulnerability CVE-2024-38178 Microsoft Windows Scripting Engine Memory Corruption Vulnerability CVE-2024-38213 Microsoft Windows SmartScreen Security Feature Bypass Vulnerability CVE-2024-38193 Microsoft Windows Ancillary Function Driver for WinSock Privilege ...
Title
Enhancing Cyber Resilience: Insights from CISA Red Team Assessment of a US Critical Infrastructure Sector Organization
Published
Aug. 2, 2024, 7:17 p.m.
Summary
EXECUTIVE SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA) conducted a red team assessment (RTA) at the request of a critical infrastructure organization. During RTAs, CISA’s red team simulates real-world malicious cyber operations to assess an organization’s cybersecurity detection and response capabilities. In coordination with the assessed organization, CISA is ...
July 2024
Title
North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs
Published
July 24, 2024, 6:37 p.m.
Summary
Summary The U.S. Federal Bureau of Investigation (FBI) and the following authoring partners are releasing this Cybersecurity Advisory to highlight cyber espionage activity associated with the Democratic People’s Republic of Korea (DPRK)’s Reconnaissance General Bureau (RGB) 3rd Bureau based in Pyongyang and Sinuiju: U.S. Cyber National Mission Force (CNMF) U.S. ...
Title
CISA Red Team’s Operations Against a Federal Civilian Executive Branch Organization Highlights the Necessity of Defense-in-Depth
Published
July 9, 2024, 4:09 p.m.
Summary
EXECUTIVE SUMMARY In early 2023, the Cybersecurity and Infrastructure Security Agency (CISA) conducted a SILENTSHIELD red team assessment against a Federal Civilian Executive Branch (FCEB) organization. During SILENTSHIELD assessments, the red team first performs a no-notice, long-term simulation of nation-state cyber operations. The team mimics the techniques, tradecraft, and behaviors ...
Title
People’s Republic of China (PRC) Ministry of State Security APT40 Tradecraft in Action
Published
July 8, 2024, 3:52 p.m.
Summary
Overview Background This advisory, authored by the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), the United States Cybersecurity and Infrastructure Security Agency (CISA), the United States National Security Agency (NSA), the United States Federal Bureau of Investigation (FBI), the United Kingdom National Cyber Security Centre (NCSC-UK), the Canadian ...
May 2024
Title
#StopRansomware: Black Basta
Published
May 10, 2024, 3:02 p.m.
Summary
SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations ...
April 2024
Title
#StopRansomware: Akira Ransomware
Published
April 17, 2024, 6:23 p.m.
Summary
SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations ...
February 2024
Title
#StopRansomware: Phobos Ransomware
Published
Feb. 26, 2024, 3:51 p.m.
Summary
SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations ...
Title
SVR Cyber Actors Adapt Tactics for Initial Cloud Access
Published
Feb. 23, 2024, 6:37 p.m.
Summary
How SVR-Attributed Actors are Adapting to the Move of Government and Corporations to Cloud Infrastructure OVERVIEW This advisory details recent tactics, techniques, and procedures (TTPs) of the group commonly known as APT29, also known as Midnight Blizzard, the Dukes, or Cozy Bear. The UK National Cyber Security Centre (NCSC) and ...
Title
Threat Actors Exploit Multiple Vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways
Published
Feb. 21, 2024, 9:30 p.m.
Summary
SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA) and the following partners (hereafter referred to as the authoring organizations) are releasing this joint Cybersecurity Advisory to warn that cyber threat actors are exploiting previously identified vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure gateways. CISA and authoring organizations appreciate ...
Title
Threat Actor Leverages Compromised Account of Former Employee to Access State Government Organization
Published
Feb. 14, 2024, 9:19 p.m.
Summary
SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) conducted an incident response assessment of a state government organization’s network environment after documents containing host and user information, including metadata, were posted on a dark web brokerage site. Analysis confirmed that an ...
Title
PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure
Published
Feb. 1, 2024, 9:37 p.m.
Summary
SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI) assess that People’s Republic of China (PRC) state-sponsored cyber actors are seeking to pre-position themselves on IT networks for disruptive or destructive cyberattacks against U.S. critical infrastructure in the event of a ...
January 2024
Title
Known Indicators of Compromise Associated with Androxgh0st Malware
Published
Jan. 12, 2024, 6:13 p.m.
Summary
SUMMARY The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint Cybersecurity Advisory (CSA) to disseminate known indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) associated with threat actors deploying Androxgh0st malware. Multiple, ongoing investigations and trusted third party reporting ...
December 2023
Title
#StopRansomware: ALPHV Blackcat
Published
Dec. 19, 2023, 3:31 p.m.
Summary
SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations ...
Title
Enhancing Cyber Resilience: Insights from the CISA Healthcare and Public Health Sector Risk and Vulnerability Assessment
Published
Dec. 14, 2023, 1:24 a.m.
Summary
SUMMARY In January 2023, the Cybersecurity and Infrastructure Security Agency (CISA) conducted a Risk and Vulnerability Assessment (RVA) at the request of a Healthcare and Public Health (HPH) sector organization to identify vulnerabilities and areas for improvement. An RVA is a two-week penetration test of an entire organization, with one ...
Title
Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally
Published
Dec. 12, 2023, 6:33 p.m.
Summary
SUMMARY The U.S. Federal Bureau of Investigation (FBI), U.S. Cybersecurity & Infrastructure Security Agency (CISA), U.S. National Security Agency (NSA), Polish Military Counterintelligence Service (SKW), CERT Polska (CERT.PL), and the UK’s National Cyber Security Centre (NCSC) assess Russian Foreign Intelligence Service (SVR) cyber actors—also known as Advanced Persistent Threat 29 ...
Title
#StopRansomware: Play Ransomware
Published
Dec. 11, 2023, 11:41 p.m.
Summary
SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations ...

Last Updates

BOSCH PSIRT
31.10.2024
SIEMENS CERT
26.11.2024
US CERT
08.11.2024
US CERT (ICS)
03.12.2024

By Source

Archive

2024
2023
2022
2021
2020
2019
2018
2017

Feeds