September 2020
Title
AA20-259A: Iran-Based Threat Actor Exploits VPN Vulnerabilities
Published
Sept. 15, 2020, 6 p.m.
Summary
Original release date: September 15, 2020SummaryThis Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques. This product was written by the Cybersecurity and Infrastructure Security Agency (CISA) with contributions from the Federal Bureau of Investigation ...
Title
AA20-258A: Chinese Ministry of State Security-Affiliated Cyber Threat Actor Activity
Published
Sept. 14, 2020, 3 p.m.
Summary
Original release date: September 14, 2020SummaryThe Cybersecurity and Infrastructure Security Agency (CISA) has consistently observed Chinese Ministry of State Security (MSS)-affiliated cyber threat actors using publicly available information sources and common, well-known tactics, techniques, and procedures (TTPs) to target U.S. Government agencies. CISA has observed these—and other threat actors with ...
Title
AA20-245A: Technical Approaches to Uncovering and Remediating Malicious Activity
Published
Sept. 1, 2020, 2:30 p.m.
Summary
Original release date: September 1, 2020 | Last revised: September 24, 2020SummaryThis joint advisory is the result of a collaborative research effort by the cybersecurity authorities of five nations: Australia,[1] Canada,[2] New Zealand,[3][4] the United Kingdom,[5] and the United States.[6] It highlights technical approaches to uncovering malicious activity and includes ...
August 2020
Title
AA20-239A: FASTCash 2.0: North Korea's BeagleBoyz Robbing Banks
Published
Aug. 26, 2020, 4:17 p.m.
Summary
Original release date: August 26, 2020 | Last revised: October 1, 2020SummaryThis Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques. This joint advisory is the result of analytic efforts among the Cybersecurity and Infrastructure ...
Title
AA20-227A: Phishing Emails Used to Deploy KONNI Malware
Published
Aug. 14, 2020, 2:59 p.m.
Summary
Original release date: August 14, 2020SummaryThis Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques. The Cybersecurity and Infrastructure Security Agency (CISA) has observed cyber actors using emails containing a Microsoft Word document with a ...
Title
AA20-225A: Malicious Cyber Actor Spoofing COVID-19 Loan Relief Webpage via Phishing Emails
Published
Aug. 12, 2020, 3:49 p.m.
Summary
Original release date: August 12, 2020 | Last revised: August 14, 2020SummaryThe Cybersecurity and Infrastructure Security Agency (CISA) is currently tracking an unknown malicious cyber actor who is spoofing the Small Business Administration (SBA) COVID-19 loan relief webpage via phishing emails. These emails include a malicious link to the spoofed ...
July 2020
Title
AA20-209A: Potential Legacy Risk from Malware Targeting QNAP NAS Devices
Published
July 27, 2020, 2:20 p.m.
Summary
Original release date: July 27, 2020SummaryThis is a joint alert from the United States Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC). CISA and NCSC are investigating a strain of malware known as QSnatch, which attackers used in late 2019 to target Network ...
Title
AA20-206A: Threat Actor Exploitation of F5 BIG-IP CVE-2020-5902
Published
July 24, 2020, 12:59 p.m.
Summary
Original release date: July 24, 2020SummaryThe Cybersecurity and Infrastructure Security Agency (CISA) is issuing this alert in response to recently disclosed exploits that target F5 BIG-IP devices that are vulnerable to CVE-2020-5902. F5 Networks, Inc. (F5) released a patch for CVE-2020-5902 on June 30, 2020.[1] Unpatched F5 BIG-IP devices are ...
Title
AA20-205A: NSA and CISA Recommend Immediate Actions to Reduce Exposure Across Operational Technologies and Control Systems
Published
July 23, 2020, 4:29 p.m.
Summary
Original release date: July 23, 2020SummaryNote: This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise and ATT&CK for Industrial Control Systems frameworks for all referenced threat actor techniques and mitigations. Over recent months, cyber actors have demonstrated their continued willingness ...
Title
AA20-198A: Malicious Cyber Actor Use of Network Tunneling and Spoofing to Obfuscate Geolocation
Published
July 16, 2020, 2:09 p.m.
Summary
Original release date: July 16, 2020SummaryThis Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) and Pre-ATT&CK frameworks. See the MITRE ATT&CK for Enterprise and Pre-ATT&CK frameworks for referenced threat actor techniques. Attributing malicious cyber activity that uses network tunneling and spoofing techniques to a specific threat ...
Title
AA20-195A: Critical Vulnerability in SAP NetWeaver AS Java
Published
July 14, 2020, 1:07 a.m.
Summary
Original release date: July 13, 2020SummaryOn July 13, 2020 EST, SAP released a security update to address a critical vulnerability, CVE-2020-6287, affecting the SAP NetWeaver Application Server (AS) Java component LM Configuration Wizard. An unauthenticated attacker can exploit this vulnerability through the Hypertext Transfer Protocol (HTTP) to take control of ...
Title
AA20-183A: Defending Against Malicious Cyber Activity Originating from Tor
Published
July 2, 2020, 3 a.m.
Summary
Original release date: July 1, 2020 | Last revised: July 2, 2020SummaryThis advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) and Pre-ATT&CK framework. See the ATT&CK for Enterprise and Pre-ATT&CK frameworks for referenced threat actor techniques. This advisory—written by the Cybersecurity Security and Infrastructure Security Agency (CISA) ...
June 2020
Title
AA20-182A: EINSTEIN Data Trends – 30-day Lookback
Published
June 30, 2020, 4:34 p.m.
Summary
Original release date: June 30, 2020SummaryCybersecurity and Infrastructure Security Agency (CISA) analysts have compiled the top detection signatures that have been the most active over the month of May in our national Intrusion Detection System (IDS), known as EINSTEIN. This information is meant to give the reader a closer look ...
May 2020
Title
AA20-133A: Top 10 Routinely Exploited Vulnerabilities
Published
May 12, 2020, 3 p.m.
Summary
Original release date: May 12, 2020SummaryThe Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the broader U.S. Government are providing this technical guidance to advise IT security professionals at public and private sector organizations to place an increased priority on patching the most commonly known ...
Title
AA20-126A: APT Groups Target Healthcare and Essential Services
Published
May 5, 2020, 2:58 p.m.
Summary
Original release date: May 5, 2020SummaryThis is a joint alert from the United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC). CISA and NCSC continue to see indications that advanced persistent threat (APT) groups are exploiting the ...
April 2020
Title
AA20-120A: Microsoft Office 365 Security Recommendations
Published
April 29, 2020, 4:41 p.m.
Summary
Original release date: April 29, 2020SummaryAs organizations adapt or change their enterprise collaboration capabilities to meet “telework” requirements, many organizations are migrating to Microsoft Office 365 (O365) and other cloud collaboration services. Due to the speed of these deployments, organizations may not be fully considering the security configurations of these ...
Title
AA20-107A: Continued Threat Actor Exploitation Post Pulse Secure VPN Patching
Published
April 16, 2020, 3:21 p.m.
Summary
Original release date: April 16, 2020 | Last revised: June 30, 2020SummaryNote: This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques and mitigations. This Alert provides an update to Cybersecurity and Infrastructure Security ...
Title
AA20-106A: Guidance on the North Korean Cyber Threat
Published
April 15, 2020, 2:31 p.m.
Summary
Original release date: April 15, 2020 | Last revised: June 23, 2020SummaryThe U.S. Departments of State, the Treasury, and Homeland Security, and the Federal Bureau of Investigation are issuing this advisory as a comprehensive resource on the North Korean cyber threat for the international community, network defenders, and the public. ...
Title
AA20-099A: COVID-19 Exploited by Malicious Cyber Actors
Published
April 8, 2020, 2 p.m.
Summary
Original release date: April 8, 2020SummaryThis is a joint alert from the United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC). This alert provides information on exploitation by cybercriminal and advanced persistent threat (APT) groups of the ...
March 2020
Title
AA20-073A: Enterprise VPN Security
Published
March 13, 2020, 1:08 p.m.
Summary
Original release date: March 13, 2020 | Last revised: April 15, 2020SummaryAs organizations prepare for possible impacts of Coronavirus Disease 2019 (COVID-19), many may consider alternate workplace options for their employees. Remote work options—or telework—require an enterprise virtual private network (VPN) solution to connect employees to an organization’s information technology ...
February 2020
Title
AA20-049A: Ransomware Impacting Pipeline Operations
Published
Feb. 18, 2020, 2:06 p.m.
Summary
Original release date: February 18, 2020 | Last revised: June 30, 2020SummaryNote: This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) framework. See the MITRE ATT&CK for Enterprise and ATT&CK for Industrial Control Systems (ICS) frameworks for all referenced threat actor techniques and mitigations. The Cybersecurity ...

Last Updates

BOSCH PSIRT
31.10.2024
SIEMENS CERT
26.11.2024
US CERT
08.11.2024
US CERT (ICS)
03.12.2024

By Source

Archive

2024
2023
2022
2021
2020
2019
2018
2017

Feeds