-
AA21-042A: Compromise of U.S. Water Treatment Facility
Original release date: February 11, 2021 Summary On February 5, 2021, unidentified cyber actors obtained unauthorized access to the supervisory control and data acquisition (SCADA) system at a U.S. drinking water treatment plant. The unidentified actors used the SCADA system’s software to...- News
- Thread
- access denied cisa cyber hygiene cyber threats cybersecurity epa exploitation fbi hygiene infrastructure security legacy systems mitigation password management physical security rdp vulnerability scada teamviewer water treatment windows 7
- Replies: 0
- Forum: Security Alerts
-
AA21-008A: Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments
Original release date: January 8, 2021 Summary This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. This Alert is a companion alert to Link Removed...- News
- Thread
- advanced persistent threats api access azure security cisa cloud forensics cybersecurity data breach forensic tools hawk identity management malware microsoft 365 mitigation network oauth tokens privilege escalation security protocols software security sparrow tool threat detection
- Replies: 0
- Forum: Security Alerts
-
AA20-352A: Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations
Original release date: December 17, 2020 Summary This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) version 8 framework. See the ATT&CK for Enterprise version 8 for all referenced threat actor tactics and techniques. The Cybersecurity and Infrastructure...- News
- Thread
- apt cybersecurity data exfiltration government security identity theft incident response infrastructure security malicious software malware mitigation operational security privileged access regulatory compliance remediation saml solarwinds supply chain technical details threat detection vulnerability
- Replies: 0
- Forum: Security Alerts
-
AA20-345A: Cyber Actors Target K-12 Distance Learning Education to Cause Disruptions and Steal Data
Original release date: December 10, 2020<br/><h3>Summary</h3><p>This Joint Cybersecurity Advisory was coauthored by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC).</p>...- News
- Thread
- command and control cyber threats cybersecurity data theft ddos distance learning education k-12 malware mitigation network security phishing ransomware remote learning security student data trojan video conferencing vulnerability
- Replies: 0
- Forum: Security Alerts
-
AA20-336A: Advanced Persistent Threat Actors Targeting U.S. Think Tanks
Original release date: December 1, 2020<br/><h3>Summary</h3><p class="tip-intro" style="font-size: 15px;"><em>This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the <a href="Techniques - Enterprise | MITRE ATT&CK®">ATT&CK for...- News
- Thread
- apt cisa cybersecurity data exfiltration fbi incident response malicious software mitigation multi-factor authentication network security phishing remote access security awareness security policies tactics techniques think tank threat actors vulnerability
- Replies: 0
- Forum: Security Alerts
-
AA20-304A: Iranian Advanced Persistent Threat Actor Identified Obtaining Voter Registration Data
Original release date: October 30, 2020 Summary This advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) version 7 framework. See the ATT&CK for Enterprise version 7 for all referenced threat actor tactics and techniques. This joint cybersecurity advisory...- News
- Thread
- acunetix api security cisa cyber threats cybersecurity data exfiltration disinformation election security fbi incident response iranian apt malicious software mitigation reconnaissance sql injection user agent voter registration voting processes vulnerability scanning
- Replies: 0
- Forum: Security Alerts
-
AA20-302A: Ransomware Activity Targeting the Healthcare and Public Health Sector
Original release date: October 28, 2020 Summary This advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) version 7 framework. See the ATT&CK for Enterprise version 7 for all referenced threat actor tactics and techniques. This joint cybersecurity advisory...- News
- Thread
- cisa continuity planning cyber threats cybersecurity data security data theft encryption fbi healthcare incident response malware mitigation network security phishing public health ransomware ryuk threat detection trickbot user awareness
- Replies: 0
- Forum: Security Alerts
-
AA20-296A: Russian State-Sponsored Advanced Persistent Threat Actor Compromises U.S. Government Targets
Original release date: October 22, 2020 Summary This joint cybersecurity advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor tactics and techniques This joint cybersecurity...- News
- Thread
- brute force cisa citrix issue credentials cybersecurity data exfiltration exchange server fbi government targets incident response krb-tgt mfa mitigation network compromise password reset russian apt sql injection threat actors vpn vulnerability
- Replies: 0
- Forum: Security Alerts
-
AA20-283A: APT Actors Chaining Vulnerabilities Against SLTT, Critical Infrastructure, and Elections Organizations
Original release date: October 9, 2020 Summary This joint cybersecurity advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques. Note: the analysis in this joint...- News
- Thread
- active directory apt cisa cve-2020-1472 cybersecurity elections exploitation fortinet incident response legacy systems malware mitigation monitoring netlogon network security privilege escalation remote access vpn vulnerability windows
- Replies: 0
- Forum: Security Alerts
-
AA20-280A: Emotet Malware
Original release date: October 6, 2020 Summary This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques. This product was written by the Cybersecurity and...- News
- Thread
- antivirus brute force cisa cybersecurity data exfiltration detection email security emotet lateral movement malicious software malware mitigation mitre network security payload phishing ransomware threats trojan
- Replies: 1
- Forum: Security Alerts
-
AA20-275A: Potential for China Cyber Response to Heightened U.S.–China Tensions
Original release date: October 1, 2020 Summary This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques. In light of heightened tensions between the United States and...- News
- Thread
- apt china cisa critical infrastructure cyber threats cybersecurity data breach espionage incident response intellectual property malware mitigation mitre att&ck phishing threat intelligence ttps us relations vulnerability
- Replies: 0
- Forum: Security Alerts
-
AA20-266A: LokiBot Malware
Original release date: September 22, 2020 Summary This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise frameworks for all referenced threat actor techniques. This product was written by the Cybersecurity and...- News
- Thread
- android trojan att&ck backdoor cisa credential theft cybersecurity data theft exfiltration incident response keylogger lokibot malspam malware mitigation password theft phishing spear phishing threat detection windows security
- Replies: 0
- Forum: Security Alerts
-
AA20-259A: Iran-Based Threat Actor Exploits VPN Vulnerabilities
Original release date: September 15, 2020 Summary This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques. This product was written by the Cybersecurity and...- News
- Thread
- cisa cve cybersecurity data exfiltration exploit fbi initial access iran mitigation network defense persistence rdp remote access security tactics techniques threat actors vpn vulnerability web shells
- Replies: 0
- Forum: Security Alerts
-
AA20-245A: Technical Approaches to Uncovering and Remediating Malicious Activity
Original release date: September 1, 2020 Summary This joint advisory is the result of a collaborative research effort by the cybersecurity authorities of five nations: Australia,[Link Removed] Canada,[2] New Zealand,[3][4] the United Kingdom,[5] and the United States.[Link Removed] It...- News
- Thread
- access control cybersecurity data exfiltration data security firewall incident management incident response indicators of compromise log management malicious software mitigation monitoring network security network segmentation remote access system administration threat analysis user education user training vulnerability
- Replies: 0
- Forum: Security Alerts
-
AA20-227A: Phishing Emails Used to Deploy KONNI Malware
Original release date: August 14, 2020 Summary This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques. The Cybersecurity and Infrastructure Security Agency (CISA)...- News
- Thread
- antivirus cisa command execution cybersecurity data exfiltration email security keylogging konni malware mitigation mitre att&ck phishing remote access security best practices shell commands threat detection user awareness vba windows
- Replies: 0
- Forum: Security Alerts
-
AA20-225A: Malicious Cyber Actor Spoofing COVID-19 Loan Relief Webpage via Phishing Emails
Original release date: August 12, 2020 Summary The Cybersecurity and Infrastructure Security Agency (CISA) is currently tracking an unknown malicious cyber actor who is spoofing the Small Business Administration (SBA) COVID-19 loan relief webpage via phishing emails. These emails include a...- News
- Thread
- access denied antivirus best practices cisa covid 19 credential theft cybersecurity email security government security indicator links malicious actors malware mitigation phishing remote attack sba threats vulnerability zero trust
- Replies: 0
- Forum: Security Alerts
-
AA20-209A: Potential Legacy Risk from Malware Targeting QNAP NAS Devices
Original release date: July 27, 2020 Summary This is a joint alert from the United States Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC). CISA and NCSC are investigating a strain of malware known as QSnatch, which...- News
- Thread
- analysis backdoor campaign cisa credential scraper cybersecurity exfiltration firmware infection malware mitigation nas ncsc network storage persistence qnap qsnatch risk security threats
- Replies: 0
- Forum: Security Alerts
-
AA20-206A: Threat Actor Exploitation of F5 BIG-IP CVE-2020-5902
Original release date: July 24, 2020 Summary The Cybersecurity and Infrastructure Security Agency (CISA) is issuing this alert in response to recently disclosed exploits that target F5 BIG-IP devices that are vulnerable to CVE-2020-5902. F5 Networks, Inc. (F5) released a patch for CVE-2020-5902...- News
- Thread
- cisa credential theft cve-2020-5902 cybersecurity data exfiltration detection digital security exploitation f5 big-ip incident response malware mitigation network segmentation patch management remote code execution security security advisory system compromise threat actors vulnerability
- Replies: 0
- Forum: Security Alerts
-
AA20-205A: NSA and CISA Recommend Immediate Actions to Reduce Exposure Across Operational Technologies and Control Systems
Original release date: July 23, 2020 Summary Note: This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise and Link Removed frameworks for all referenced threat actor techniques and mitigations. Over recent...- News
- Thread
- access control attack techniques cisa critical infrastructure cybersecurity data security incident response industrial control systems mitigation monitoring network security nsa operational technology patch management ransomware resilience planning risk management system mapping threat analysis vulnerability
- Replies: 0
- Forum: Security Alerts
-
AA20-198A: Malicious Cyber Actor Use of Network Tunneling and Spoofing to Obfuscate Geolocation
Original release date: July 16, 2020 Summary This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) and Pre-ATT&CK frameworks. See the MITRE ATT&CK for Enterprise and Pre-ATT&CK frameworks for referenced threat actor techniques. Attributing...- News
- Thread
- access control antivirus best practices cybersecurity denial of service email security firewall geolocation incident response malicious software mitigation network spoofing private network removable media security updates situational awareness spoofing threat actors tunneling vulnerability
- Replies: 0
- Forum: Security Alerts