Navigation section
data exfiltration
-
AA21-321A: Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activi
Original release date: November 17, 2021 Summary Actions to Take Today to Protect Against Iranian State-Sponsored Malicious Cyber Activity • Immediately patch software affected by the following vulnerabilities: CVE-2021-34473, 2018-13379, 2020-12812, and 2019-5591. • Implement Link Removed. •...- News
- Thread
- apt authentication cisa compromise cybersecurity data exfiltration exploitation fbi fortinet indicators infrastructure iran malware microsoft exchange mitigation patch management protection ransomware threat actors vulnerabilities
- Replies: 0
- Forum: Security Alerts
-
AA21-259A: APT Actors Exploiting Newly Identified Vulnerability in ManageEngine ADSelfService Plus
Original release date: September 16, 2021 Summary This Joint Cybersecurity Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 8. See the ATT&CK for Enterprise for referenced threat actor tactics and for techniques. This joint advisory is...- News
- Thread
- adselfservice apt actors authentication bypass cisa critical infrastructure cve-2021-40539 cyber command cybersecurity data exfiltration exploit fbi incident response manageengine mitigations remote code execution security advisory technical details threat actor vulnerability webshells
- Replies: 0
- Forum: Security Alerts
-
AA21-200B: Chinese State-Sponsored Cyber Operations: Observed TTPs
Original release date: July 19, 2021 Summary This advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9, and MITRE D3FEND™ framework, version 0.9.2-BETA-3. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques...- News
- Thread
- chinese cyber operations cisa credential access cyber intelligence cybersecurity data exfiltration exploitation fbi government advisory incident response information security lateral movement malware mitre att&ck national security network security tactics techniques threat actors vulnerabilities
- Replies: 0
- Forum: Security Alerts
-
AA21-076A: TrickBot Malware
Original release date: March 17, 2021 Summary This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. The Cybersecurity and Infrastructure Security Agency...- News
- Thread
- antivirus attacks cisa command and control credential theft cybersecurity data exfiltration email security fbi malware mitigation mitre att&ck network security phishing spearphishing threat intelligence trickbot trojan windows
- Replies: 0
- Forum: Security Alerts
-
AA20-352A: Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations
Original release date: December 17, 2020 Summary This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) version 8 framework. See the ATT&CK for Enterprise version 8 for all referenced threat actor tactics and techniques. The Cybersecurity and Infrastructure...- News
- Thread
- apt compliance cybersecurity data exfiltration government security identity theft incident response infrastructure security malicious code malware mitigation operational security privileged access remediation saml solarwinds supply chain technical details threat detection vulnerabilities
- Replies: 0
- Forum: Security Alerts
-
AA20-336A: Advanced Persistent Threat Actors Targeting U.S. Think Tanks
Original release date: December 1, 2020<br/><h3>Summary</h3><p class="tip-intro" style="font-size: 15px;"><em>This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the <a href="Techniques - Enterprise | MITRE ATT&CK®">ATT&CK for...- News
- Thread
- apt cisa cybersecurity data exfiltration fbi incident response malicious activity mitigation multi-factor authentication network security phishing remote access security awareness security policy tactics techniques think tanks threat actors vulnerabilities
- Replies: 0
- Forum: Security Alerts
-
AA20-304A: Iranian Advanced Persistent Threat Actor Identified Obtaining Voter Registration Data
Original release date: October 30, 2020 Summary This advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) version 7 framework. See the ATT&CK for Enterprise version 7 for all referenced threat actor tactics and techniques. This joint cybersecurity advisory...- News
- Thread
- acunetix api security cisa cyber attacks cyber threats cybersecurity data exfiltration disinformation election security fbi incident response iranian apt malicious activity mitigations reconnaissance sql injection user agents voter registration voting processes vulnerability scanning
- Replies: 0
- Forum: Security Alerts
-
AA20-301A: North Korean Advanced Persistent Threat Focus: Kimsuky
Original release date: October 27, 2020 Summary This advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) version 7 framework. See the ATT&CK for Enterprise version 7 for all referenced threat actor tactics and techniques. This joint cybersecurity advisory...- News
- Thread
- apt attack tactics command and control credential harvesting cyber threats cybersecurity data exfiltration espionage hidden cobra incident response keylogger kimsuky malware mitre att&ck north korea phishing security recommendations spearphishing threat intelligence
- Replies: 0
- Forum: Security Alerts
-
AA20-296A: Russian State-Sponsored Advanced Persistent Threat Actor Compromises U.S. Government Targets
Original release date: October 22, 2020 Summary This joint cybersecurity advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor tactics and techniques This joint cybersecurity...- News
- Thread
- brute force cisa citrix bug credentials cybersecurity data exfiltration fbi government targets incident response krb-tgt mfa microsoft exchange mitigation network compromise password reset russian apt sql injection threat actor vpn security vulnerability
- Replies: 0
- Forum: Security Alerts
-
AA20-280A: Emotet Malware
Original release date: October 6, 2020 Summary This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques. This product was written by the Cybersecurity and...- News
- Thread
- antivirus brute force cisa cybersecurity data exfiltration detection email security emotet lateral movement malicious software malware mitigation mitre network security payload phishing phishing email ransomware threat trojan
- Replies: 1
- Forum: Security Alerts
-
AA20-259A: Iran-Based Threat Actor Exploits VPN Vulnerabilities
Original release date: September 15, 2020 Summary This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques. This product was written by the Cybersecurity and...- News
- Thread
- cisa cve cybersecurity data exfiltration exploits fbi initial access iran mitigations network defense persistence rdp remote access security tactics techniques threat actor vpn vulnerabilities web shells
- Replies: 0
- Forum: Security Alerts
-
AA20-245A: Technical Approaches to Uncovering and Remediating Malicious Activity
Original release date: September 1, 2020 Summary This joint advisory is the result of a collaborative research effort by the cybersecurity authorities of five nations: Australia,[Link Removed] Canada,[2] New Zealand,[3][4] the United Kingdom,[5] and the United States.[Link Removed] It...- News
- Thread
- access control cybersecurity data exfiltration data protection firewall security incident management incident response indicators of compromise log management malicious activity mitigation techniques monitoring tools network security network segmentation remote access system administration threat analysis user education user training vulnerability assessment
- Replies: 0
- Forum: Security Alerts
-
AA20-227A: Phishing Emails Used to Deploy KONNI Malware
Original release date: August 14, 2020 Summary This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques. The Cybersecurity and Infrastructure Security Agency (CISA)...- News
- Thread
- antivirus cisa command execution command shell cybersecurity data exfiltration email security keylogging konni malware mitigation mitre att&ck phishing remote access security best practices threat detection user awareness vba windows
- Replies: 0
- Forum: Security Alerts
-
AA20-206A: Threat Actor Exploitation of F5 BIG-IP CVE-2020-5902
Original release date: July 24, 2020 Summary The Cybersecurity and Infrastructure Security Agency (CISA) is issuing this alert in response to recently disclosed exploits that target F5 BIG-IP devices that are vulnerable to CVE-2020-5902. F5 Networks, Inc. (F5) released a patch for CVE-2020-5902...- News
- Thread
- cisa credential theft cve-2020-5902 cybersecurity data exfiltration detection digital security exploitation f5 big-ip incident response it security malware mitigation network segmentation patch management remote code execution security advisory system compromise threat actor vulnerability
- Replies: 0
- Forum: Security Alerts
-
AA20-183A: Defending Against Malicious Cyber Activity Originating from Tor
Original release date: July 1, 2020 Summary This advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) and Pre-ATT&CK framework. See the ATT&CK for Enterprise and Pre-ATT&CK frameworks for referenced threat actor techniques. This advisory—written by the...- News
- Thread
- anonymity apt cisa command and control cybersecurity data exfiltration data manipulation denial of service exploitation fbi incident response indicators of compromise malicious activity network monitoring network security reconnaissance risk mitigation security tools threat actors tor
- Replies: 0
- Forum: Security Alerts
-
AA20-107A: Continued Threat Actor Exploitation Post Pulse Secure VPN Patching
Original release date: April 16, 2020 Summary Note: This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques and mitigations. This Alert provides an update...- News
- Thread
- active directory credential theft cve-2019-11510 cyber threat cybersecurity data exfiltration detection exploitation incident response indicators of compromise lateral movement malware mitigation network security patching pulse secure remote access threat actor vpn vulnerability
- Replies: 0
- Forum: Security Alerts
-
TA18-086A: Brute Force Attacks Conducted by Cyber Actors
Original release date: March 27, 2018 Systems Affected Networked systems Overview According to information derived from FBI investigations, malicious cyber actors are increasingly using a style of brute force attack known as password spraying against organizations in the United States and...- News
- Thread
- attack indicators brute force cloud applications cyber attacks cyber security data exfiltration dhs email security fbi federated authentication malicious actors multi-factor authentication network intrusion nist guidelines security policies single sign-on tactics threat mitigation victim environment
- Replies: 0
- Forum: Security Alerts
-
TA17-164A: HIDDEN COBRA – North Korea’s DDoS Botnet Infrastructure
Original release date: June 13, 2017 Systems Affected Networked Systems Overview This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). This alert provides technical details on the...- News
- Thread
- adversaries analysis botnet cve cyber operations cybersecurity data exfiltration ddos deltacharlie dhs fbi hidden cobra incident response malware mitigation network security north korea security practices threat detection vulnerabilities
- Replies: 0
- Forum: Security Alerts
-
TA15-314A: Web Shells – Threat Awareness and Guidance
Original release date: November 10, 2015 Systems Affected Web servers that allow web shells Overview This alert describes the frequent use of web shells as an exploitation vector. Web shells can be used to obtain unauthorized access and can lead to wider network compromise. This alert...- News
- Thread
- application security asp command control cyber security data exfiltration detection exploitation incident response malware mitigation network compromise perl php python remote access security practices threat updates vulnerabilities web shells
- Replies: 0
- Forum: Security Alerts
-
Windows 7 Extracting USB Artifacts from Windows 7
Link Removed - Invalid URL USBDeview - View all installed/connected USB devices on your systemView any installed/connected USB device on your system Link Removed The article discusses some of the artifacts that a USB storage device leaves on a system when it has been plugged in, how...- cybercore
- Thread
- computer forensics data exfiltration event timing forensic examination guid historical data malicious activity malware network security ntuser.dat registry sensitive information setupapi.log storage devices usb analysis usb artifacts usb security usbdeview windows 7
- Replies: 0
- Forum: Windows Tutorials