incident response

  1. AA21-055A: Exploitation of Accellion File Transfer Appliance

    Original release date: February 24, 2021 Summary This joint advisory is the result of a collaborative effort by the cybersecurity authorities of Australia,[Link Removed] New Zealand,[2] Singapore,[3] the United Kingdom,[4] and the United States.[Link Removed][6] These authorities are aware of...
    • News
    • Thread
    • accellion cisa cyber actors cybersecurity data theft end-of-life exploitation extortion file sharing file transfer incident response iocs malware mitigation patch remediation security advisory sql injection vulnerabilities zero-day
    • Replies: 0
    • Forum: Security Alerts

  2. AA20-352A: Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations

    Original release date: December 17, 2020 Summary This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) version 8 framework. See the ATT&CK for Enterprise version 8 for all referenced threat actor tactics and techniques. The Cybersecurity and Infrastructure...
    • News
    • Thread
    • apt compliance cybersecurity data exfiltration government security identity theft incident response infrastructure security malicious code malware mitigation operational security privileged access remediation saml solarwinds supply chain technical details threat detection vulnerabilities
    • Replies: 0
    • Forum: Security Alerts

  3. AA20-336A: Advanced Persistent Threat Actors Targeting U.S. Think Tanks

    Original release date: December 1, 2020<br/><h3>Summary</h3><p class="tip-intro" style="font-size: 15px;"><em>This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&amp;CK®) framework. See the <a href="Techniques - Enterprise | MITRE ATT&CK®">ATT&amp;CK for...
    • News
    • Thread
    • apt cisa cybersecurity data exfiltration fbi incident response malicious activity mitigation multi-factor authentication network security phishing remote access security awareness security policy social engineering tactics techniques think tanks threat actors vulnerabilities
    • Replies: 0
    • Forum: Security Alerts

  4. AA20-304A: Iranian Advanced Persistent Threat Actor Identified Obtaining Voter Registration Data

    Original release date: October 30, 2020 Summary This advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) version 7 framework. See the ATT&CK for Enterprise version 7 for all referenced threat actor tactics and techniques. This joint cybersecurity advisory...
    • News
    • Thread
    • acunetix api security cisa cyber attacks cyber threats cybersecurity data exfiltration disinformation election security fbi incident response iranian apt malicious activity mitigations reconnaissance sql injection user agents voter registration voting processes vulnerability scanning
    • Replies: 0
    • Forum: Security Alerts

  5. AA20-302A: Ransomware Activity Targeting the Healthcare and Public Health Sector

    Original release date: October 28, 2020 Summary This advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) version 7 framework. See the ATT&CK for Enterprise version 7 for all referenced threat actor tactics and techniques. This joint cybersecurity advisory...
    • News
    • Thread
    • cisa continuity plans cyber threats cybersecurity data protection data theft encryption fbi healthcare incident response malware mitigation network security phishing public health ransomware ryuk threat detection trickbot user awareness
    • Replies: 0
    • Forum: Security Alerts

  6. AA20-301A: North Korean Advanced Persistent Threat Focus: Kimsuky

    Original release date: October 27, 2020 Summary This advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) version 7 framework. See the ATT&CK for Enterprise version 7 for all referenced threat actor tactics and techniques. This joint cybersecurity advisory...
    • News
    • Thread
    • apt attack tactics command and control credential harvesting cyber threats cybersecurity data exfiltration espionage hidden cobra incident response keylogger kimsuky malware mitre att&ck north korea phishing security recommendations social engineering spearphishing threat intelligence
    • Replies: 0
    • Forum: Security Alerts

  7. AA20-296A: Russian State-Sponsored Advanced Persistent Threat Actor Compromises U.S. Government Targets

    Original release date: October 22, 2020 Summary This joint cybersecurity advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor tactics and techniques This joint cybersecurity...
    • News
    • Thread
    • brute force cisa citrix bug credentials cybersecurity data exfiltration fbi government targets incident response krb-tgt mfa microsoft exchange mitigation network compromise password reset russian apt sql injection threat actor vpn security vulnerability
    • Replies: 0
    • Forum: Security Alerts

  8. AA20-283A: APT Actors Chaining Vulnerabilities Against SLTT, Critical Infrastructure, and Elections Organizations

    Original release date: October 9, 2020 Summary This joint cybersecurity advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques. Note: the analysis in this joint...
    • News
    • Thread
    • active directory apt cisa cve-2020-1472 cybersecurity elections exploitation fortinet incident response legacy systems malware mitigation monitoring netlogon network security privilege escalation remote access vpn vulnerabilities windows
    • Replies: 0
    • Forum: Security Alerts

  9. AA20-275A: Potential for China Cyber Response to Heightened U.S.–China Tensions

    Original release date: October 1, 2020 Summary This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques. In light of heightened tensions between the United States and...
    • News
    • Thread
    • apt china cisa critical infrastructure cyber threats cybersecurity data breach economic espionage espionage incident response intellectual property malware mitigations mitre att&ck phishing software vulnerability threat intelligence ttps us relations vulnerability
    • Replies: 0
    • Forum: Security Alerts

  10. AA20-266A: LokiBot Malware

    Original release date: September 22, 2020 Summary This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise frameworks for all referenced threat actor techniques. This product was written by the Cybersecurity and...
    • News
    • Thread
    • android trojan att&ck backdoor cisa credential theft cybersecurity exfiltration incident response information theft keylogger lokibot malicious attachments malspam malware mitigation password theft phishing spearphishing threat detection windows security
    • Replies: 0
    • Forum: Security Alerts

  11. AA20-258A: Chinese Ministry of State Security-Affiliated Cyber Threat Actor Activity

    Original release date: September 14, 2020 Summary The Cybersecurity and Infrastructure Security Agency (CISA) has consistently observed Chinese Ministry of State Security (MSS)-affiliated cyber threat actors using publicly available information sources and common, well-known tactics...
    • News
    • Thread
    • apt chinese threats cisa cobalt strike command and control cybersecurity data breaches exploits incident response mimikatz mitre att&ck mss network security open source patch management ransomware spearphishing technical information threat actors vulnerabilities
    • Replies: 0
    • Forum: Security Alerts

  12. AA20-245A: Technical Approaches to Uncovering and Remediating Malicious Activity

    Original release date: September 1, 2020 Summary This joint advisory is the result of a collaborative research effort by the cybersecurity authorities of five nations: Australia,[Link Removed] Canada,[2] New Zealand,[3][4] the United Kingdom,[5] and the United States.[Link Removed] It...
    • News
    • Thread
    • access control cybersecurity data exfiltration data protection firewall security incident management incident response indicators of compromise log management malicious activity mitigation techniques monitoring tools network security network segmentation remote access system administration threat analysis user education user training vulnerability assessment
    • Replies: 0
    • Forum: Security Alerts

  13. AA20-239A: FASTCash 2.0: North Korea&#039;s BeagleBoyz Robbing Banks

    Original release date: August 26, 2020 Summary This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques. This joint advisory is the result of analytic efforts among...
    • News
    • Thread
    • apt38 atm cash-outs bank heists beagleboyz cryptocurrency cyber threats cybersecurity data security exfiltration techniques financial services hidden cobra incident response international fraud iso 8583 malware mitre att&ck north korea operational security swift fraud threat detection
    • Replies: 0
    • Forum: Security Alerts

  14. AA20-206A: Threat Actor Exploitation of F5 BIG-IP CVE-2020-5902

    Original release date: July 24, 2020 Summary The Cybersecurity and Infrastructure Security Agency (CISA) is issuing this alert in response to recently disclosed exploits that target F5 BIG-IP devices that are vulnerable to CVE-2020-5902. F5 Networks, Inc. (F5) released a patch for CVE-2020-5902...
    • News
    • Thread
    • cisa credential theft cve-2020-5902 cybersecurity data exfiltration detection digital security exploitation f5 big-ip incident response it security malware mitigation network segmentation patch management remote code execution security advisory system compromise threat actor vulnerability
    • Replies: 0
    • Forum: Security Alerts

  15. AA20-205A: NSA and CISA Recommend Immediate Actions to Reduce Exposure Across Operational Technologies and Control Systems

    Original release date: July 23, 2020 Summary Note: This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise and Link Removed frameworks for all referenced threat actor techniques and mitigations. Over recent...
    • News
    • Thread
    • access control attack techniques cisa control systems critical infrastructure cybersecurity data security incident response mitigation monitoring network security nsa operational technology ransomware resilience plan risk management software patching system mapping threat analysis vulnerabilities
    • Replies: 0
    • Forum: Security Alerts

  16. AA20-198A: Malicious Cyber Actor Use of Network Tunneling and Spoofing to Obfuscate Geolocation

    Original release date: July 16, 2020 Summary This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) and Pre-ATT&CK frameworks. See the MITRE ATT&CK for Enterprise and Pre-ATT&CK frameworks for referenced threat actor techniques. Attributing...
    • News
    • Thread
    • access control antivirus best practices cybersecurity denial of service email safety firewall geolocation incident response malicious activity mitigations network tunneling packet spoofing removable media security updates situational awareness spoofing threat actor virtual private network vulnerability
    • Replies: 0
    • Forum: Security Alerts

  17. AA20-183A: Defending Against Malicious Cyber Activity Originating from Tor

    Original release date: July 1, 2020 | Last revised: July 2, 2020 Summary This advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) and Pre-ATT&CK framework. See the ATT&CK for Enterprise and Pre-ATT&CK frameworks for referenced threat actor techniques. This...
    • News
    • Thread
    • anonymity att&ck framework cisa command and control cyber threats cybersecurity data breaches exfiltration fbi identity cloaking incident response malicious activity malicious actors network defense network monitoring privacy risk mitigation threat assessment tor traffic analysis
    • Replies: 0
    • Forum: Security Alerts

  18. AA20-107A: Continued Threat Actor Exploitation Post Pulse Secure VPN Patching

    Original release date: April 16, 2020 | Last revised: June 30, 2020 Summary Note: This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques and mitigations...
    • News
    • Thread
    • active directory cisa credential dumping cve-2019-11510 cybersecurity detection exploitation incident response indicators of compromise iocs lateral movement mitigation network security pulse secure ransomware remote access remote services threat actor vpn vulnerability
    • Replies: 0
    • Forum: Security Alerts

  19. AA20-073A: Enterprise VPN Security

    Original release date: March 13, 2020 | Last revised: April 15, 2020 Summary As organizations prepare for possible impacts of Coronavirus Disease 2019 (COVID-19), many may consider alternate workplace options for their employees. Remote work options—or telework—require an enterprise virtual...
    • News
    • Thread
    • access control bandwidth management cisa recommendations cybersecurity enterprise vpn incident response it infrastructure multi-factor auth nist guidelines phishing remote work risk mitigation security software patches telework vulnerability
    • Replies: 0
    • Forum: Security Alerts

  20. VIDEO AA20-049A: Ransomware Impacting Pipeline Operations

    Original release date: February 18, 2020 | Last revised: June 30, 2020 Summary Note: This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) framework. See the MITRE ATT&CK for Enterprise and Link Removed frameworks for all referenced threat actor...
    • News
    • Thread
    • access control cisa control systems cybersecurity data backup data security emergency planning incident response it networks mitigation strategies multipoint authentication network segmentation operational technology ot networks pipeline operations productivity loss ransomware spearphishing threat actor techniques user training
    • Replies: 0
    • Forum: Security Alerts