Navigation section

mitigation

  1. News

    AA20-227A: Phishing Emails Used to Deploy KONNI Malware

    Original release date: August 14, 2020 Summary This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques. The Cybersecurity and Infrastructure Security Agency (CISA)...
    • News
    • Thread
    • antivirus cisa command execution command shell cybersecurity data exfiltration email security keylogging konni malware mitigation mitre att&ck phishing remote access security best practices social engineering threat detection user awareness vba windows
    • Replies: 0
    • Forum: Security Alerts
  2. News

    AA20-209A: Potential Legacy Risk from Malware Targeting QNAP NAS Devices

    Original release date: July 27, 2020 Summary This is a joint alert from the United States Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC). CISA and NCSC are investigating a strain of malware known as QSnatch, which...
    • News
    • Thread
    • analysis backdoor campaigns cisa credential scraper cybersecurity exfiltration firmware infections malware mitigation nas devices ncsc network storage persistence qnap qsnatch risk security threat
    • Replies: 0
    • Forum: Security Alerts
  3. News

    AA20-206A: Threat Actor Exploitation of F5 BIG-IP CVE-2020-5902

    Original release date: July 24, 2020 Summary The Cybersecurity and Infrastructure Security Agency (CISA) is issuing this alert in response to recently disclosed exploits that target F5 BIG-IP devices that are vulnerable to CVE-2020-5902. F5 Networks, Inc. (F5) released a patch for CVE-2020-5902...
    • News
    • Thread
    • cisa credential theft cve-2020-5902 cybersecurity data exfiltration detection digital security exploitation f5 big-ip incident response it security malware mitigation network segmentation patch management remote code execution security advisory system compromise threat actor vulnerability
    • Replies: 0
    • Forum: Security Alerts
  4. News

    AA20-205A: NSA and CISA Recommend Immediate Actions to Reduce Exposure Across Operational Technologies and Control Systems

    Original release date: July 23, 2020 Summary Note: This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise and Link Removed frameworks for all referenced threat actor techniques and mitigations. Over recent...
    • News
    • Thread
    • access control attack techniques cisa control systems critical infrastructure cybersecurity data security incident response mitigation monitoring network security nsa operational technology ransomware resilience plan risk management software patching system mapping threat analysis vulnerabilities
    • Replies: 0
    • Forum: Security Alerts
  5. News

    AA20-195A: Critical Vulnerability in SAP NetWeaver AS Java

    Original release date: July 13, 2020 Summary On July 13, 2020 EST, SAP released a Link Removed to address a critical vulnerability, Link Removed, affecting the SAP NetWeaver Application Server (AS) Java component LM Configuration Wizard. An unauthenticated attacker can exploit this...
    • News
    • Thread
    • access application attacker cisa configuration cve-2020-6287 cybersecurity data exploitation integrity java mitigation monitoring netweaver patch recommendations sap security system vulnerability
    • Replies: 0
    • Forum: Security Alerts
  6. News

    AA20-126A: APT Groups Target Healthcare and Essential Services

    Original release date: May 5, 2020 Summary This is a joint alert from the United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC). CISA and NCSC continue to see indications that...
    • News
    • Thread
    • apt groups authentication covid-19 cyber incidents cybersecurity data theft healthcare incident management intellectual property malicious activity mitigation network security password spraying pharmaceuticals remote work research organizations sensitive data supply chains threat actors vpn vulnerabilities
    • Replies: 0
    • Forum: Security Alerts
  7. News

    AA20-107A: Continued Threat Actor Exploitation Post Pulse Secure VPN Patching

    Original release date: April 16, 2020 | Last revised: June 30, 2020 Summary Note: This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques and mitigations...
    • News
    • Thread
    • active directory cisa credential dumping cve-2019-11510 cybersecurity detection exploitation incident response indicators of compromise iocs lateral movement mitigation network security pulse secure ransomware remote access remote services threat actor vpn vulnerability
    • Replies: 0
    • Forum: Security Alerts
  8. News

    AA20-099A: COVID-19 Exploited by Malicious Cyber Actors

    Original release date: April 8, 2020 Summary This is a joint alert from the United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC). This alert provides information on...
    • News
    • Thread
    • apt cisa compromise covid-19 credential theft cybersecurity email security indicators malicious actors malware mitigation ncsc phishing ransomware remote access scams social engineering teleconferencing teleworking vpn
    • Replies: 0
    • Forum: Security Alerts
  9. News

    AA20-107A: Continued Threat Actor Exploitation Post Pulse Secure VPN Patching

    Original release date: April 16, 2020 Summary Note: This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques and mitigations. This Alert provides an update...
    • News
    • Thread
    • active directory credential theft cve-2019-11510 cyber threat cybersecurity data exfiltration detection exploitation incident response indicators of compromise lateral movement malware mitigation network security patching pulse secure remote access threat actor vpn vulnerability
    • Replies: 0
    • Forum: Security Alerts
  10. News

    AA20-099A: COVID-19 Exploited by Malicious Cyber Actors

    Original release date: April 8, 2020 Summary This is a joint alert from the United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC). This alert provides information on...
    • News
    • Thread
    • apt groups cisa covid-19 credential theft cyber attacks cybersecurity exploitation indicators of compromise malicious software malware mitigation ncsc phishing ransomware remote access scams social engineering teleconferencing teleworking vpn
    • Replies: 0
    • Forum: Security Alerts
  11. News

    AA20-073A: Enterprise VPN Security

    Original release date: March 13, 2020 Summary As organizations prepare for possible impacts of Coronavirus Disease 2019 (COVID-19), many may consider alternate workplace options for their employees. Remote work options—or telework—require an enterprise virtual private network (VPN) solution to...
    • News
    • Thread
    • access authentication cisa connections cybersecurity incident response infrastructure it security malware mfa mitigation nist patching phishing remote work security telework updates vpn vulnerabilities
    • Replies: 0
    • Forum: Security Alerts
  12. News

    VIDEO AA20-049A: Ransomware Impacting Pipeline Operations

    Original release date: February 18, 2020 Summary Note: This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) framework. See the MITRE ATT&CK for Enterprise and Link Removed frameworks for all referenced threat actor techniques and mitigations. CISA...
    • News
    • Thread
    • cisa control systems cybersecurity data backup data integrity emergency response hmi incident response infrastructure it network loss of productivity mitigation network segmentation operational technology ot network phishing pipeline security ransomware spearphishing threat actor
    • Replies: 0
    • Forum: Security Alerts
  13. News

    AA20-020A: Critical Vulnerability in Citrix Application Delivery Controller, Gateway, and SD-WAN WANOP

    Original release date: January 20, 2020<br/><h3>Summary</h3><p>On January 19, 2020, Citrix released firmware updates for Citrix Application Delivery Controller (ADC) and Citrix Gateway versions 11.1 and 12.0 to address CVE-2019-19781. Citrix expects to release updates for other vulnerable...
    • News
    • Thread
    • adc appliances cisa citrix code execution critical cve-2019-19781 cybersecurity detection exploitation firmware gateway impact mitigation nsa remote sd-wan security update vulnerability
    • Replies: 0
    • Forum: Security Alerts
  14. News

    AA20-014A: Critical Vulnerabilities in Microsoft Windows Operating Systems

    Original release date: January 14, 2020 Summary New vulnerabilities are continually emerging, but the best defense against attackers exploiting patched vulnerabilities is simple: keep software up to date. Timely patching is one of the most efficient and cost-effective steps an organization can...
    • News
    • Thread
    • certificate cryptoapi cve-2020-0601 cve-2020-0609 cve-2020-0610 cve-2020-0611 cybersecurity exploitation information technology malware mitigation network patch management patching rdp remote desktop security threats vulnerabilities windows
    • Replies: 0
    • Forum: Security Alerts
  15. News

    AA20-010A: Continued Exploitation of Pulse Secure VPN Vulnerability

    Original release date: January 10, 2020 Summary Unpatched Pulse Secure VPN servers continue to be an attractive target for malicious actors. Affected organizations that have not applied the software patch to fix a remote code execution (RCE) vulnerability, known as CVE-2019-11510, can become...
    • News
    • Thread
    • cisa cve-2019-11510 cyber attacks cybersecurity exploitation incident response malware mitigation network security patch management pulse secure rce remote access security advisory software update threat actors unauthorized access unpatched servers vpn vulnerability
    • Replies: 0
    • Forum: Security Alerts
  16. News

    AA19-339A: Dridex Malware

    Original release date: December 5, 2019 Summary This Alert is the result of recent collaboration between the Department of the Treasury Financial Sector Cyber Information Group (CIG) and the Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) to identify and share...
    • News
    • Thread
    • bots cisa cybersecurity data breach dridex exploits financial fincen indicators of compromise intrusion detection intrusion prevention malspam malware mitigation phishing privacy ransomware security best practices trojan vulnerabilities
    • Replies: 0
    • Forum: Security Alerts
  17. News

    AA19-168A: Microsoft Operating Systems BlueKeep Vulnerability

    Original release date: June 17, 2019 Summary The Cybersecurity and Infrastructure Security Agency (CISA) is issuing this Activity Alert to provide information on a vulnerability, known as “BlueKeep,” that exists in the following Microsoft Windows Operating Systems (OSs), including both 32- and...
    • News
    • Thread
    • bluekeep cisa cve-2019-0708 cybersecurity end-of-life exploitation malware microsoft mitigation network authentication operating systems patch management patches rdp remote access security tcp port user rights vulnerability windows
    • Replies: 0
    • Forum: Security Alerts
  18. News

    TA18-276B: Advanced Persistent Threat Activity Exploiting Managed Service Providers

    Original release date: October 3, 2018 Systems Affected Network Systems Overview The National Cybersecurity and Communications Integration Center (NCCIC) is aware of ongoing APT actor activity attempting to infiltrate the networks of global managed service providers (MSPs). Since May 2016...
    • News
    • Thread
    • apt authentication cloud security credential theft cybersecurity data protection incident reporting incident response logging managed service providers mitigation network architecture network security operational controls powershell risk management supply chain system integrity technical alert threat detection
    • Replies: 0
    • Forum: Security Alerts
  19. News

    Web Application Firewalls Aren’t Doing the Job, Survey Finds

    Security, administration and cost issues mitigate the effectiveness of web application firewalls. Continue reading...
    • News
    • Thread
    • administration cost issues cybersecurity effectiveness firewalls mitigation network protection security survey web application
    • Replies: 0
    • Forum: Live RSS Feeds
  20. News

    AA19-122A: New Exploits for Unsecure SAP Systems

    Original release date: May 02, 2019 Summary The Cybersecurity and Infrastructure Security Agency (CISA) is issuing this activity alert in response to recently disclosed exploits that target unsecure configurations of SAP components. [1] Technical Details A presentation at the April 2019...
    • News
    • Thread
    • access control acls cisa configuration cybersecurity exploits internet exposure message server mitigation network security os commands presentation remote code execution research routing sap security recommendations security tools snc vulnerabilities
    • Replies: 0
    • Forum: Security Alerts
Back
Top