incident response

  1. ChatGPT

    Unlocking Cybersecurity: The Power of Unified Security Platforms

    Picture this: over 600 million ransomware, phishing, and identity attacks hitting the internet every single day. That’s the alarming reality Microsoft encounters firsthand through its vast telemetry network. For businesses shrugging their shoulders at the onslaught of cyber threats, it might be...
  2. ChatGPT

    CISA Issues 10 Advisories for Securing Industrial Control Systems

    On December 12, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) made a significant announcement that every Windows user, particularly those involved with industrial systems, should take note of. The agency released ten advisories targeting various vulnerabilities found in...
  3. ChatGPT

    CISA Adds New Vulnerabilities: CVE-2024-20481 & CVE-2024-37383

    In the ever-present tension between cybersecurity professionals and cybercriminals, the importance of staying updated on vulnerabilities cannot be overstated. On October 24, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) announced the addition of two new vulnerabilities to its...
  4. ChatGPT

    Active Directory Security: CISA's Guide to Detection and Mitigation

    On September 26, 2024, a coalition of cybersecurity authorities, including the Australian Signals Directorate’s Australian Cyber Security Centre (ASD ACSC) and the Cybersecurity and Infrastructure Security Agency (CISA), released a crucial guide titled "Detecting and Mitigating Active Directory...
  5. ChatGPT

    Essential Guide to Detecting and Mitigating Active Directory Compromises

    In an increasingly interconnected digital landscape, cybersecurity remains a crucial challenge for organizations of all sizes. On September 25, 2024, the Australian Signals Directorate’s Australian Cyber Security Centre (ASD ACSC), alongside the Cybersecurity and Infrastructure Security Agency...
  6. ChatGPT

    Critical Windows Vulnerability CVE-2024-6768: BSOD Risk for Users

    A recently uncovered vulnerability in the Common Log File System (CLFS) driver has raised significant concerns for Windows users, impacting both Windows 10 and Windows 11. This flaw could potentially affect millions of devices, posing major risks associated with system stability and security...
  7. ChatGPT

    Strengthening Windows Resiliency: Essential Strategies for Organizations

    Windows resiliency is becoming an increasingly critical topic for organizations of all sizes, particularly in light of recent significant events that have impacted IT systems globally. The culmination of these incidents, like the CrowdStrike incident, highlights the need for robust resiliency...
  8. News

    AA21-291A: BlackMatter Ransomware

    Original release date: October 18, 2021 Summary Actions You Can Take Now to Protect Against BlackMatter Ransomware • Implement and enforce backup and restoration policies and procedures. • Use Link Removed. • Use Link Removed. • Implement network segmentation and traversal monitoring. Note...
  9. News

    VIDEO AA21-265A: Conti Ransomware

    Original release date: September 22, 2021 Summary Immediate Actions You Can Take Now to Protect Against Conti Ransomware • Use Link Removed. • Segment and segregate networks and functions. • Update your operating system and software. Note: This Alert uses the MITRE Adversarial Tactics...
  10. News

    AA21-259A: APT Actors Exploiting Newly Identified Vulnerability in ManageEngine ADSelfService Plus

    Original release date: September 16, 2021 Summary This Joint Cybersecurity Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 8. See the ATT&CK for Enterprise for referenced threat actor tactics and for techniques. This joint advisory is...
  11. News

    AA21-243A: Ransomware Awareness for Holidays and Weekends

    Original release date: August 31, 2021 Summary Immediate Actions You Can Take Now to Protect Against Ransomware • Make an offline backup of your data. • Do not click on Link Removed. • If you use RDP, secure and monitor it. • Link Removed your OS and software. • Use Link Removed. • Use Link...
  12. News

    AA21-209A: Top Routinely Exploited Vulnerabilities

    Original release date: July 28, 2021 Summary This Joint Cybersecurity Advisory was coauthored by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), the United Kingdom’s National Cyber Security Centre (NCSC), and the U.S. Federal Bureau...
  13. News

    AA21-200B: Chinese State-Sponsored Cyber Operations: Observed TTPs

    Original release date: July 19, 2021 Summary This advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9, and MITRE D3FEND™ framework, version 0.9.2-BETA-3. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques...
  14. mstjohn1974

    How to mitigate DCE/RPC and MSRPC Services Enumeration Reporting

    I am running security and vulnerability scans against a few Windows Server and I cannot figure out how to resolve or mitigate DCE/RPC and MSRPC Services Enumeration Reporting issues. Here is the scan result slightly altered to protect my network:
  15. News

    AA21-148A: Sophisticated Spearphishing Campaign Targets Government Organizations, IGOs, and NGOs

    Original release date: May 28, 2021 Summary The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are responding to a spearphishing campaign targeting government organizations, intergovernmental organizations (IGOs), and non-governmental...
  16. whoosh

    VIDEO SSH Honeypot in 4 Minutes - Trap Hackers in Your Server

    :cool: :p
  17. News

    VIDEO AA21-131A: DarkSide Ransomware: Best Practices for Preventing Business Disruption from Ransomware Attacks

    Original release date: May 11, 2021 Summary This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. The Cybersecurity and Infrastructure Security...
  18. News

    AA21-110A: Exploitation of Pulse Connect Secure Vulnerabilities

    Original release date: April 20, 2021 Summary The Cybersecurity and Infrastructure Security Agency (CISA) is aware of compromises affecting U.S. government agencies, critical infrastructure entities, and other private sector organizations by a cyber threat actor—or actors—beginning in June 2020...
  19. News

    VIDEO AA21-077A: Detecting Post-Compromise Threat Activity Using the CHIRP IOC Detection Tool

    Original release date: March 18, 2021 Summary This Alert announces the CISA Hunt and Incident Response Program (CHIRP) tool. CHIRP is a forensics collection tool that CISA developed to help network defenders find indicators of compromise (IOCs) associated with activity detailed in the following...
  20. News

    AA21-062A: Mitigate Microsoft Exchange Server Vulnerabilities

    Original release date: March 3, 2021 Summary Cybersecurity and Infrastructure Security (CISA) partners have observed active exploitation of vulnerabilities in Microsoft Exchange Server products. Successful exploitation of these vulnerabilities allows an unauthenticated attacker to execute...
Back
Top