mitigation

  1. AA20-126A: APT Groups Target Healthcare and Essential Services

    Original release date: May 5, 2020 Summary This is a joint alert from the United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC). CISA and NCSC continue to see indications that...
    • News
    • Thread
    • apt groups authentication covid 19 cyber incident cybersecurity data theft healthcare incident management intellectual property malicious software mitigation network security password spraying pharmaceuticals remote work research organizations sensitive data supply chain threat actors vpn vulnerabilities
    • Replies: 0
    • Forum: Security Alerts

  2. AA20-107A: Continued Threat Actor Exploitation Post Pulse Secure VPN Patching

    Original release date: April 16, 2020 | Last revised: June 30, 2020 Summary Note: This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques and mitigations...
    • News
    • Thread
    • active directory cisa credential dumping cve-2019-11510 cybersecurity detection exploitation incident response indicators of compromise iocs lateral movement mitigation network security pulse secure ransomware remote access remote services threat actors vpn vulnerability
    • Replies: 0
    • Forum: Security Alerts

  3. AA20-106A: Guidance on the North Korean Cyber Threat

    Original release date: April 15, 2020 | Last revised: June 23, 2020 Summary The U.S. Departments of State, the Treasury, and Homeland Security, and the Federal Bureau of Investigation are issuing this advisory as a comprehensive resource on the North Korean cyber threat for the international...
    • News
    • Thread
    • awareness critical infrastructure cryptojacking cyber threats cybercrime cybersecurity digital currency dprk espionage extortion financial crime government hidden cobra international cooperation malware mitigation network defense north korea ransomware sanctions
    • Replies: 0
    • Forum: Security Alerts

  4. AA20-099A: COVID-19 Exploited by Malicious Cyber Actors

    Original release date: April 8, 2020 Summary This is a joint alert from the United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC). This alert provides information on...
    • News
    • Thread
    • apt cisa compromise covid 19 credential theft cybersecurity email security indicator malicious actors malware mitigation ncsc phishing ransomware remote access scam social engineering teleconferencing telework vpn
    • Replies: 0
    • Forum: Security Alerts

  5. VIDEO AA20-049A: Ransomware Impacting Pipeline Operations

    Original release date: February 18, 2020 | Last revised: June 30, 2020 Summary Note: This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) framework. See the MITRE ATT&CK for Enterprise and Link Removed frameworks for all referenced threat actor...
    • News
    • Thread
    • access control backup cisa cybersecurity data security emergency planning incident response industrial control systems it networks mitigation multipoint authentication network segmentation operational technology ot networks pipeline productivity ransomware spear phishing threat actors user training
    • Replies: 0
    • Forum: Security Alerts

  6. AA20-182A: EINSTEIN Data Trends – 30-day Lookback

    Original release date: June 30, 2020 Summary Cybersecurity and Infrastructure Security Agency (CISA) analysts have compiled the top detection signatures that have been the most active over the month of May in our national Intrusion Detection System (IDS), known as EINSTEIN. This information is...
    • News
    • Thread
    • analysis cisa compartments cybersecurity detection einstein ids kovter malware mitigation netsupport network rat security snort tcpsecurity threats update vulnerability xmrig
    • Replies: 0
    • Forum: Security Alerts

  7. AA20-133A: Top 10 Routinely Exploited Vulnerabilities

    Original release date: May 12, 2020 Summary The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the broader U.S. Government are providing this technical guidance to advise IT security professionals at public and private sector...
    • News
    • Thread
    • apachestruts cisa cloud computing cve cybersecurity education exploitation malware microsoft mitigation network security ole patch management ransomware remote work security best practices threats vpn vulnerabilities
    • Replies: 0
    • Forum: Security Alerts

  8. AA20-126A: APT Groups Target Healthcare and Essential Services

    Original release date: May 5, 2020 Summary This is a joint alert from the United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC). CISA and NCSC continue to see indications that...
    • News
    • Thread
    • apt groups cisa covid 19 cybersecurity data breach healthcare incident management intellectual property malware mitigation ncsc password spraying pharmaceuticals remote work research organizations security policies sensitive data supply chain threat actors vulnerabilities
    • Replies: 0
    • Forum: Security Alerts

  9. AA20-120A: Microsoft Office 365 Security Recommendations

    Original release date: April 29, 2020 Summary As organizations adapt or change their enterprise collaboration capabilities to meet “telework” requirements, many organizations are migrating to Microsoft Office 365 (O365) and other cloud collaboration services. Due to the speed of these...
    • News
    • Thread
    • administrator alert audit logs authentication best practices cloud solutions collaboration cybersecurity legacy protocols microsoft microsoft 365 mitigation multi-factor recommendations regulatory compliance roles security siem telework threats
    • Replies: 0
    • Forum: Security Alerts

  10. AA20-107A: Continued Threat Actor Exploitation Post Pulse Secure VPN Patching

    Original release date: April 16, 2020 Summary Note: This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques and mitigations. This Alert provides an update...
    • News
    • Thread
    • active directory credential theft cve-2019-11510 cyber threats cybersecurity data exfiltration detection exploitation incident response indicators of compromise lateral movement malware mitigation network security patch management pulse secure remote access threat actors vpn vulnerability
    • Replies: 0
    • Forum: Security Alerts

  11. AA20-099A: COVID-19 Exploited by Malicious Cyber Actors

    Original release date: April 8, 2020 Summary This is a joint alert from the United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC). This alert provides information on...
    • News
    • Thread
    • apt groups cisa covid 19 credential theft cyber threats cybersecurity exploitation indicators of compromise malicious software malware mitigation ncsc phishing ransomware remote access scam social engineering teleconferencing telework vpn
    • Replies: 0
    • Forum: Security Alerts

  12. AA20-073A: Enterprise VPN Security

    Original release date: March 13, 2020 Summary As organizations prepare for possible impacts of Coronavirus Disease 2019 (COVID-19), many may consider alternate workplace options for their employees. Remote work options—or telework—require an enterprise virtual private network (VPN) solution to...
    • News
    • Thread
    • access authentication cisa connection cybersecurity incident response infrastructure malware mfa mitigation nist patch management phishing remote work security telework update vpn vulnerabilities
    • Replies: 0
    • Forum: Security Alerts

  13. VIDEO AA20-049A: Ransomware Impacting Pipeline Operations

    Original release date: February 18, 2020 Summary Note: This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) framework. See the MITRE ATT&CK for Enterprise and Link Removed frameworks for all referenced threat actor techniques and mitigations. CISA...
    • News
    • Thread
    • backup cisa cybersecurity data integrity emergency hmi incident response industrial control systems infrastructure mitigation network network segmentation operational technology ot network phishing pipeline security productivity ransomware spear phishing threat actors
    • Replies: 0
    • Forum: Security Alerts

  14. AA20-031A: Detecting Citrix CVE-2019-19781

    Original release date: January 31, 2020 Summary Unknown cyber network exploitation (CNE) actors have successfully compromised numerous organizations that employed vulnerable Citrix devices through a critical vulnerability known as CVE-2019-19781.Link Removed Though mitigations were released...
    • News
    • Thread
    • alert apache backdoor citrix cve-2019-19781 cybersecurity detection exploitation firmware intrusion iocs log review mitigation network network traffic process remediation security technical vulnerability
    • Replies: 0
    • Forum: Security Alerts

  15. AA20-020A: Critical Vulnerability in Citrix Application Delivery Controller, Gateway, and SD-WAN WANOP

    Original release date: January 20, 2020<br/><h3>Summary</h3><p>On January 19, 2020, Citrix released firmware updates for Citrix Application Delivery Controller (ADC) and Citrix Gateway versions 11.1 and 12.0 to address CVE-2019-19781. Citrix expects to release updates for other vulnerable...
    • News
    • Thread
    • adc appliances cisa citrix critical cve-2019-19781 cybersecurity detection execution exploitation firmware gateway impact mitigation nsa remote sd-wan security update vulnerability
    • Replies: 0
    • Forum: Security Alerts

  16. AA20-014A: Critical Vulnerabilities in Microsoft Windows Operating Systems

    Original release date: January 14, 2020 Summary New vulnerabilities are continually emerging, but the best defense against attackers exploiting patched vulnerabilities is simple: keep software up to date. Timely patching is one of the most efficient and cost-effective steps an organization can...
    • News
    • Thread
    • certificate cryptography api cve-2020-0601 cve-2020-0609 cve-2020-0610 cve-2020-0611 cybersecurity exploitation information technology malware mitigation network patch management rdp remote desktop security threats vulnerabilities windows
    • Replies: 0
    • Forum: Security Alerts

  17. AA20-010A: Continued Exploitation of Pulse Secure VPN Vulnerability

    Original release date: January 10, 2020 Summary Unpatched Pulse Secure VPN servers continue to be an attractive target for malicious actors. Affected organizations that have not applied the software patch to fix a remote code execution (RCE) vulnerability, known as CVE-2019-11510, can become...
    • News
    • Thread
    • access denied cisa cve-2019-11510 cyber threats cybersecurity exploitation incident response malware mitigation network security patch management pulse secure rce remote access security advisory software update threat actors unpatched servers vpn vulnerability
    • Replies: 0
    • Forum: Security Alerts

  18. AA20-006A: Potential for Iranian Cyber Response to U.S. Military Strike in Baghdad

    Original release date: January 6, 2020 Summary The Cybersecurity and Infrastructure Security Agency (CISA) is sharing the following information with the cybersecurity community as a primer for assisting in the protection of our Nation’s critical infrastructure in light of the current tensions...
    • News
    • Thread
    • apt techniques cisa critical infrastructure cyber defense cyber threats cybersecurity data theft ddos incident response iranian cyber irgc malware mitigation network monitoring phishing security best practices threat intelligence user training vulnerability management
    • Replies: 0
    • Forum: Security Alerts

  19. AA19-339A: Dridex Malware

    Original release date: December 5, 2019 Summary This Alert is the result of recent collaboration between the Department of the Treasury Financial Sector Cyber Information Group (CIG) and the Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) to identify and share...
    • News
    • Thread
    • bots cisa cybersecurity data breach dridex exploit financial fincen indicators of compromise intrusion detection intrusion prevention malspam malware mitigation phishing privacy ransomware security best practices trojan vulnerabilities
    • Replies: 0
    • Forum: Security Alerts

  20. AA19-290A: Microsoft Ending Support for Windows 7 and Windows Server 2008 R2

    Original release date: October 17, 2019 Summary On January 14, 2020, Microsoft will end extended support for their Windows 7 and Windows Server 2008 R2 operating systems.[1] After this date, these products will no longer receive free technical support, or software and security updates...
    • News
    • Thread
    • business cloud computing cybersecurity data confidentiality data integrity end of support legacy systems malware mitigation operating system regulatory compliance risk assessment security updates software bugs system resources tech support upgrade windows 7 windows server
    • Replies: 0
    • Forum: Security Alerts