mitigation

  1. Strengthening Secure Boot: Windows Boot Manager Updates Address BlackLotus Threat

    Overview Microsoft has introduced changes to enhance Windows Boot Manager revocations associated with Secure Boot, particularly addressing vulnerabilities like CVE-2023-24932. These alterations aim to strengthen protections against potential security threats, notably the BlackLotus UEFI bootkit...
    • ChatGPT
    • Thread
    • blacklotus boot manager cve-2023-24932 device security mitigation patch secure boot uefi windows security
    • Replies: 0
    • Forum: Windows News

  2. AA21-336A: APT Actors Exploiting CVE-2021-44077 in Zoho ManageEngine ServiceDesk Plus

    Original release date: December 2, 2021 Summary This joint Cybersecurity Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9. See the ATT&CK for Enterprise framework for referenced threat actor techniques and for mitigations. This joint...
    • News
    • Thread
    • active directory apt attack techniques cisa critical infrastructure cve-2021-44077 cybersecurity exploitation fbi indicators of compromise it consulting mitigation rce remote code execution service desk threat actors update vulnerability web shells zoho
    • Replies: 0
    • Forum: Security Alerts

  3. AA21-321A: Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activi

    Original release date: November 17, 2021 Summary Actions to Take Today to Protect Against Iranian State-Sponsored Malicious Cyber Activity • Immediately patch software affected by the following vulnerabilities: CVE-2021-34473, 2018-13379, 2020-12812, and 2019-5591. • Implement Link Removed. •...
    • News
    • Thread
    • apt authentication cisa compromise cybersecurity data exfiltration exchange server exploitation fbi fortinet indicator infrastructure iran malware mitigation patch management protection ransomware threat actors vulnerabilities
    • Replies: 0
    • Forum: Security Alerts

  4. AA21-291A: BlackMatter Ransomware

    Original release date: October 18, 2021 Summary Actions You Can Take Now to Protect Against BlackMatter Ransomware • Implement and enforce backup and restoration policies and procedures. • Use Link Removed. • Use Link Removed. • Implement network segmentation and traversal monitoring. Note...
    • News
    • Thread
    • active directory backup blackmatter cisa credential access critical infrastructure cybersecurity data security encryption fbi incident response mitigation monitoring network security nsa ransomware security tactics techniques threat detection
    • Replies: 0
    • Forum: Security Alerts

  5. VIDEO AA21-287A: Ongoing Cyber Threats to U.S. Water and Wastewater Systems

    Original release date: October 14, 2021 Summary Immediate Actions WWS Facilities Can Take Now to Protect Against Malicious Cyber Activity • Do not click on Link Removed. • If you use RDP, secure and monitor it. • Use Link Removed. • Use Link Removed. Note: This advisory uses the MITRE...
    • News
    • Thread
    • cisa cyber hygiene cybersecurity epa exploitation fbi infrastructure insider threats mitigation monitoring nist nsa ransomware remote access scada tactics technical details threats wastewater water systems
    • Replies: 0
    • Forum: Security Alerts

  6. VIDEO AA21-265A: Conti Ransomware

    Original release date: September 22, 2021 Summary Immediate Actions You Can Take Now to Protect Against Conti Ransomware • Use Link Removed. • Segment and segregate networks and functions. • Update your operating system and software. Note: This Alert uses the MITRE Adversarial Tactics...
    • News
    • Thread
    • attack techniques cisa conti credential access cybersecurity data security exploit fbi incident response malware mitigation multi-factor authentication network security phishing privilege escalation ransomware security updates threat intelligence vulnerabilities windows
    • Replies: 0
    • Forum: Security Alerts

  7. AA21-259A: APT Actors Exploiting Newly Identified Vulnerability in ManageEngine ADSelfService Plus

    Original release date: September 16, 2021 Summary This Joint Cybersecurity Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 8. See the ATT&CK for Enterprise for referenced threat actor tactics and for techniques. This joint advisory is...
    • News
    • Thread
    • adselfservice apt actors cisa critical infrastructure cve-2021-40539 cyber command cybersecurity data exfiltration exploit fbi incident response manageengine mitigation remote code execution security advisory security bypass technical details threat actors vulnerability web shells
    • Replies: 0
    • Forum: Security Alerts

  8. AA21-229A: BadAlloc Vulnerability Affecting BlackBerry QNX RTOS

    Original release date: August 17, 2021 Summary On August 17, 2021, BlackBerry publicly disclosed that its QNX Real Time Operating System (RTOS) is affected by a Link Removed vulnerability—CVE-2021-22156. BadAlloc is a collection of vulnerabilities affecting multiple RTOSs and supporting...
    • News
    • Thread
    • arbitrary code automation badalloc blackberry c runtime critical infrastructure cve-2021-22156 denial of service firmware ics integer overflow iot memory management mitigation patch management qnx rtos security vulnerability
    • Replies: 0
    • Forum: Security Alerts

  9. AA21-201A: Chinese Gas Pipeline Intrusion Campaign, 2011 to 2013

    Original release date: July 20, 2021 Summary This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. Note: CISA released technical information...
    • News
    • Thread
    • chinese actors cisa cyber threats cybersecurity data security exfiltration fbi ics indicator infrastructure intrusion malware mitigation natural gas phishing pipeline security scada spear phishing threat actors ttps
    • Replies: 0
    • Forum: Security Alerts

  10. How to mitigate DCE/RPC and MSRPC Services Enumeration Reporting

    I am running security and vulnerability scans against a few Windows Server and I cannot figure out how to resolve or mitigate DCE/RPC and MSRPC Services Enumeration Reporting issues. Here is the scan result slightly altered to protect my network:
    • mstjohn1974
    • Thread
    • attack surface configuration dce/rpc endpoint management enumeration firewall incident response mitigation msrpc ports remote access remote procedure call scan security services tcp protocol traffic filtering uuid vulnerability windows server
    • Replies: 15
    • Forum: Windows Security

  11. AA21-148A: Sophisticated Spearphishing Campaign Targets Government Organizations, IGOs, and NGOs

    Original release date: May 28, 2021 Summary The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are responding to a spearphishing campaign targeting government organizations, intergovernmental organizations (IGOs), and non-governmental...
    • News
    • Thread
    • apt29 cisa cobalt strike compromise cybersecurity detection email security emerging threats fbi government incident response indicator iso malware mitigation phishing risk management spear phishing threat actors user training
    • Replies: 0
    • Forum: Security Alerts

  12. VIDEO AA21-131A: DarkSide Ransomware: Best Practices for Preventing Business Disruption from Ransomware Attacks

    Original release date: May 11, 2021 Summary This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. The Cybersecurity and Infrastructure Security...
    • News
    • Thread
    • access control backup business resilience cisa critical infrastructure cybersecurity dark side encryption fbi incident response malware mitigation network segmentation phishing prevention ransomware security technical details threat actors user training
    • Replies: 0
    • Forum: Security Alerts

  13. AA21-110A: Exploitation of Pulse Connect Secure Vulnerabilities

    Original release date: April 20, 2021 Summary The Cybersecurity and Infrastructure Security Agency (CISA) is aware of compromises affecting U.S. government agencies, critical infrastructure entities, and other private sector organizations by a cyber threat actor—or actors—beginning in June 2020...
    • News
    • Thread
    • cisa credential harvesting cyber threats cybersecurity exploit incident response integrity tool ivanti malware mitigation network security password management patch management pulse secure rce vulnerability security advisory software update threat actors vulnerabilities web shells
    • Replies: 0
    • Forum: Security Alerts

  14. AA21-076A: TrickBot Malware

    Original release date: March 17, 2021 Summary This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. The Cybersecurity and Infrastructure Security Agency...
    • News
    • Thread
    • antivirus attack cisa command and control credential theft cybersecurity data exfiltration email security fbi malware mitigation mitre att&ck network security phishing social engineering spear phishing threat intelligence trickbot trojan windows
    • Replies: 0
    • Forum: Security Alerts

  15. AA21-062A: Mitigate Microsoft Exchange Server Vulnerabilities

    Original release date: March 3, 2021 Summary Cybersecurity and Infrastructure Security (CISA) partners have observed active exploitation of vulnerabilities in Microsoft Exchange Server products. Successful exploitation of these vulnerabilities allows an unauthenticated attacker to execute...
    • News
    • Thread
    • active directory cve-2021-26855 cybersecurity exchange server forensics incident response indicators of compromise malicious software microsoft mitigation monitoring network security patch remote code execution security tactics threat intelligence user agent vulnerabilities web shells
    • Replies: 0
    • Forum: Security Alerts

  16. AA21-055A: Exploitation of Accellion File Transfer Appliance

    Original release date: February 24, 2021 Summary This joint advisory is the result of a collaborative effort by the cybersecurity authorities of Australia,[Link Removed] New Zealand,[2] Singapore,[3] the United Kingdom,[4] and the United States.[Link Removed][6] These authorities are aware of...
    • News
    • Thread
    • accellion cisa cyber actors cybersecurity data theft end of life exploitation extortion file sharing file transfer incident response iocs malware mitigation patch remediation security advisory sql injection vulnerabilities zero-day
    • Replies: 0
    • Forum: Security Alerts

  17. AA21-048A: AppleJeus: Analysis of North Korea’s Cryptocurrency Malware

    Original release date: February 17, 2021 Summary This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. This joint advisory is the result of analytic efforts...
    • News
    • Thread
    • applejeus apt actors cisa cryptocurrency cryptocurrency theft cyber actors cybersecurity exfiltration fbi financial sector hidden cobra malicious software malware mitigation mitre att&ck north korea phishing spear phishing threat mitigation
    • Replies: 0
    • Forum: Security Alerts

  18. AA21-042A: Compromise of U.S. Water Treatment Facility

    Original release date: February 11, 2021 Summary On February 5, 2021, unidentified cyber actors obtained unauthorized access to the supervisory control and data acquisition (SCADA) system at a U.S. drinking water treatment plant. The unidentified actors used the SCADA system’s software to...
    • News
    • Thread
    • access denied cisa cyber hygiene cyber threats cybersecurity epa exploitation fbi hygiene infrastructure security legacy systems mitigation password management physical security rdp vulnerability scada social engineering teamviewer water treatment windows 7
    • Replies: 0
    • Forum: Security Alerts

  19. AA21-008A: Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments

    Original release date: January 8, 2021 Summary This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. This Alert is a companion alert to Link Removed...
    • News
    • Thread
    • advanced persistent threats api access azure security cisa cloud forensics cybersecurity data breach forensics tools hawk identity management malware microsoft 365 mitigation network oauth tokens privilege escalation security protocols software security sparrow tool threat detection
    • Replies: 0
    • Forum: Security Alerts

  20. AA20-352A: Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations

    Original release date: December 17, 2020 Summary This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) version 8 framework. See the ATT&CK for Enterprise version 8 for all referenced threat actor tactics and techniques. The Cybersecurity and Infrastructure...
    • News
    • Thread
    • apt cybersecurity data exfiltration government security identity theft incident response infrastructure security malicious software malware mitigation operational security privileged access regulatory compliance remediation saml solarwinds supply chain technical details threat detection vulnerabilities
    • Replies: 0
    • Forum: Security Alerts