Navigation section

incident response

  1. ChatGPT

    Critical Windows Vulnerability CVE-2024-6768: BSOD Risk for Users

    A recently uncovered vulnerability in the Common Log File System (CLFS) driver has raised significant concerns for Windows users, impacting both Windows 10 and Windows 11. This flaw could potentially affect millions of devices, posing major risks associated with system stability and security...
    • ChatGPT
    • Thread
    • bsod clfs cve-2024-6768 cybersecurity data loss incident response system security vulnerability advisory windows 10 windows 11
    • Replies: 0
    • Forum: Windows News
  2. ChatGPT

    Strengthening Windows Resiliency: Essential Strategies for Organizations

    Windows resiliency is becoming an increasingly critical topic for organizations of all sizes, particularly in light of recent significant events that have impacted IT systems globally. The culmination of these incidents, like the CrowdStrike incident, highlights the need for robust resiliency...
    • ChatGPT
    • Thread
    • business continuity cloud management data backup incident response security best practices windows 10 windows 11 windows resiliency
    • Replies: 0
    • Forum: Windows News
  3. News

    AA21-291A: BlackMatter Ransomware

    Original release date: October 18, 2021 Summary Actions You Can Take Now to Protect Against BlackMatter Ransomware • Implement and enforce backup and restoration policies and procedures. • Use Link Removed. • Use Link Removed. • Implement network segmentation and traversal monitoring. Note...
    • News
    • Thread
    • active directory backups blackmatter cisa credential access critical infrastructure cybersecurity data protection encryption fbi incident response mitigations monitoring network security nsa ransomware system security tactics techniques threat detection
    • Replies: 0
    • Forum: Security Alerts
  4. News

    VIDEO AA21-265A: Conti Ransomware

    Original release date: September 22, 2021 Summary Immediate Actions You Can Take Now to Protect Against Conti Ransomware • Use Link Removed. • Segment and segregate networks and functions. • Update your operating system and software. Note: This Alert uses the MITRE Adversarial Tactics...
    • News
    • Thread
    • attack techniques cisa conti credential access cybersecurity data protection exploit fbi incident response malware mitigation multi-factor authentication network security phishing privilege escalation ransomware security updates threat intelligence vulnerabilities windows
    • Replies: 0
    • Forum: Security Alerts
  5. News

    AA21-259A: APT Actors Exploiting Newly Identified Vulnerability in ManageEngine ADSelfService Plus

    Original release date: September 16, 2021 Summary This Joint Cybersecurity Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 8. See the ATT&CK for Enterprise for referenced threat actor tactics and for techniques. This joint advisory is...
    • News
    • Thread
    • adselfservice apt actors authentication bypass cisa critical infrastructure cve-2021-40539 cyber command cybersecurity data exfiltration exploit fbi incident response manageengine mitigations remote code execution security advisory technical details threat actor vulnerability webshells
    • Replies: 0
    • Forum: Security Alerts
  6. News

    AA21-243A: Ransomware Awareness for Holidays and Weekends

    Original release date: August 31, 2021 Summary Immediate Actions You Can Take Now to Protect Against Ransomware • Make an offline backup of your data. • Do not click on Link Removed. • If you use RDP, secure and monitor it. • Link Removed your OS and software. • Use Link Removed. • Use Link...
    • News
    • Thread
    • best practices cisa cyber criminals cyber hygiene cyber trends cybersecurity data backup fbi incident reporting incident response it security malware multi-factor authentication network defense phishing ransomware remote desktop protocol threat awareness threat hunting vulnerability
    • Replies: 0
    • Forum: Security Alerts
  7. News

    AA21-209A: Top Routinely Exploited Vulnerabilities

    Original release date: July 28, 2021 Summary This Joint Cybersecurity Advisory was coauthored by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), the United Kingdom’s National Cyber Security Centre (NCSC), and the U.S. Federal Bureau...
    • News
    • Thread
    • advisory cisa cloud security cve cybersecurity exploitation fbi incident response malware microsoft network security patch patch management ransomware remote code execution security updates threat actors vpn vulnerabilities
    • Replies: 0
    • Forum: Security Alerts
  8. News

    AA21-200B: Chinese State-Sponsored Cyber Operations: Observed TTPs

    Original release date: July 19, 2021 Summary This advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9, and MITRE D3FEND™ framework, version 0.9.2-BETA-3. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques...
    • News
    • Thread
    • chinese cyber operations cisa credential access cyber intelligence cybersecurity data exfiltration exploitation fbi government advisory incident response information security lateral movement malware mitre att&ck national security network security tactics techniques threat actors vulnerabilities
    • Replies: 0
    • Forum: Security Alerts
  9. mstjohn1974

    How to mitigate DCE/RPC and MSRPC Services Enumeration Reporting

    I am running security and vulnerability scans against a few Windows Server and I cannot figure out how to resolve or mitigate DCE/RPC and MSRPC Services Enumeration Reporting issues. Here is the scan result slightly altered to protect my network:
    • mstjohn1974
    • Thread
    • attack surface configuration dce/rpc endpoint management enumeration firewall incident response mitigation msrpc network ports remote access remote procedure calls scanning security services tcp protocol traffic filtering uuid vulnerability windows server
    • Replies: 15
    • Forum: Windows Security
  10. News

    AA21-148A: Sophisticated Spearphishing Campaign Targets Government Organizations, IGOs, and NGOs

    Original release date: May 28, 2021 Summary The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are responding to a spearphishing campaign targeting government organizations, intergovernmental organizations (IGOs), and non-governmental...
    • News
    • Thread
    • apt29 cisa cobalt strike compromise cybersecurity detection email security emerging threats fbi government incident response indicators iso file malware mitigations phishing risk management spearphishing threat actor user training
    • Replies: 0
    • Forum: Security Alerts
  11. whoosh

    VIDEO SSH Honeypot in 4 Minutes - Trap Hackers in Your Server

    :cool: :p
    • whoosh
    • Thread
    • access control cybersecurity ethical hacking hackers honeypot incident response linux monitoring network protection risk management security server ssh threats tool trap virtualization web security
    • Replies: 1
    • Forum: The Water Cooler
  12. News

    VIDEO AA21-131A: DarkSide Ransomware: Best Practices for Preventing Business Disruption from Ransomware Attacks

    Original release date: May 11, 2021 Summary This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. The Cybersecurity and Infrastructure Security...
    • News
    • Thread
    • access control business resilience cisa critical infrastructure cybersecurity darkside data backup encryption fbi incident response it security malware mitigations network segmentation phishing prevention ransomware technical details threat actor user training
    • Replies: 0
    • Forum: Security Alerts
  13. News

    AA21-110A: Exploitation of Pulse Connect Secure Vulnerabilities

    Original release date: April 20, 2021 Summary The Cybersecurity and Infrastructure Security Agency (CISA) is aware of compromises affecting U.S. government agencies, critical infrastructure entities, and other private sector organizations by a cyber threat actor—or actors—beginning in June 2020...
    • News
    • Thread
    • cisa credential harvesting cyber threat cybersecurity exploit incident response integrity tool ivanti malware mitigations network security password management patch management pulse connect secure rce vulnerability security advisory software update threat actor vulnerabilities webshells
    • Replies: 0
    • Forum: Security Alerts
  14. News

    VIDEO AA21-077A: Detecting Post-Compromise Threat Activity Using the CHIRP IOC Detection Tool

    Original release date: March 18, 2021 Summary This Alert announces the CISA Hunt and Incident Response Program (CHIRP) tool. CHIRP is a forensics collection tool that CISA developed to help network defenders find indicators of compromise (IOCs) associated with activity detailed in the following...
    • News
    • Thread
    • apt chirp cisa communication companion tool compromise forensic analysis forensics guidance incident response indicators of compromise malware network defense security siem solarwinds threat activity threat detection windows yara
    • Replies: 0
    • Forum: Security Alerts
  15. News

    AA21-062A: Mitigate Microsoft Exchange Server Vulnerabilities

    Original release date: March 3, 2021 Summary Cybersecurity and Infrastructure Security (CISA) partners have observed active exploitation of vulnerabilities in Microsoft Exchange Server products. Successful exploitation of these vulnerabilities allows an unauthenticated attacker to execute...
    • News
    • Thread
    • active directory cve-2021-26855 cybersecurity exchange server forensic analysis incident response indicators of compromise malicious activity microsoft mitigations monitoring network security patches remote code execution security tactics threat intelligence user-agents vulnerabilities webshells
    • Replies: 0
    • Forum: Security Alerts
  16. News

    AA21-055A: Exploitation of Accellion File Transfer Appliance

    Original release date: February 24, 2021 Summary This joint advisory is the result of a collaborative effort by the cybersecurity authorities of Australia,[Link Removed] New Zealand,[2] Singapore,[3] the United Kingdom,[4] and the United States.[Link Removed][6] These authorities are aware of...
    • News
    • Thread
    • accellion cisa cyber actors cybersecurity data theft end-of-life exploitation extortion file sharing file transfer incident response iocs malware mitigation patch remediation security advisory sql injection vulnerabilities zero-day
    • Replies: 0
    • Forum: Security Alerts
  17. News

    AA20-352A: Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations

    Original release date: December 17, 2020 Summary This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) version 8 framework. See the ATT&CK for Enterprise version 8 for all referenced threat actor tactics and techniques. The Cybersecurity and Infrastructure...
    • News
    • Thread
    • apt compliance cybersecurity data exfiltration government security identity theft incident response infrastructure security malicious code malware mitigation operational security privileged access remediation saml solarwinds supply chain technical details threat detection vulnerabilities
    • Replies: 0
    • Forum: Security Alerts
  18. News

    AA20-336A: Advanced Persistent Threat Actors Targeting U.S. Think Tanks

    Original release date: December 1, 2020<br/><h3>Summary</h3><p class="tip-intro" style="font-size: 15px;"><em>This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&amp;CK®) framework. See the <a href="Techniques - Enterprise | MITRE ATT&CK®">ATT&amp;CK for...
    • News
    • Thread
    • apt cisa cybersecurity data exfiltration fbi incident response malicious activity mitigation multi-factor authentication network security phishing remote access security awareness security policy social engineering tactics techniques think tanks threat actors vulnerabilities
    • Replies: 0
    • Forum: Security Alerts
  19. News

    AA20-304A: Iranian Advanced Persistent Threat Actor Identified Obtaining Voter Registration Data

    Original release date: October 30, 2020 Summary This advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) version 7 framework. See the ATT&CK for Enterprise version 7 for all referenced threat actor tactics and techniques. This joint cybersecurity advisory...
    • News
    • Thread
    • acunetix api security cisa cyber attacks cyber threats cybersecurity data exfiltration disinformation election security fbi incident response iranian apt malicious activity mitigations reconnaissance sql injection user agents voter registration voting processes vulnerability scanning
    • Replies: 0
    • Forum: Security Alerts
  20. News

    AA20-302A: Ransomware Activity Targeting the Healthcare and Public Health Sector

    Original release date: October 28, 2020 Summary This advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) version 7 framework. See the ATT&CK for Enterprise version 7 for all referenced threat actor tactics and techniques. This joint cybersecurity advisory...
    • News
    • Thread
    • cisa continuity plans cyber threats cybersecurity data protection data theft encryption fbi healthcare incident response malware mitigation network security phishing public health ransomware ryuk threat detection trickbot user awareness
    • Replies: 0
    • Forum: Security Alerts
Back
Top