mitigation

  1. AA20-345A: Cyber Actors Target K-12 Distance Learning Education to Cause Disruptions and Steal Data

    Original release date: December 10, 2020<br/><h3>Summary</h3><p>This Joint Cybersecurity Advisory was coauthored by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC).</p>...
    • News
    • Thread
    • command and control cyber threats cybersecurity data theft ddos distance learning education k-12 malware mitigation network security phishing ransomware remote learning security social engineering student data trojan video conferencing vulnerabilities
    • Replies: 0
    • Forum: Security Alerts

  2. AA20-336A: Advanced Persistent Threat Actors Targeting U.S. Think Tanks

    Original release date: December 1, 2020<br/><h3>Summary</h3><p class="tip-intro" style="font-size: 15px;"><em>This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&amp;CK®) framework. See the <a href="Techniques - Enterprise | MITRE ATT&CK®">ATT&amp;CK for...
    • News
    • Thread
    • apt cisa cybersecurity data exfiltration fbi incident response malicious software mitigation multi-factor authentication network security phishing remote access security awareness security policies social engineering tactics techniques think tanks threat actors vulnerabilities
    • Replies: 0
    • Forum: Security Alerts

  3. AA20-304A: Iranian Advanced Persistent Threat Actor Identified Obtaining Voter Registration Data

    Original release date: October 30, 2020 Summary This advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) version 7 framework. See the ATT&CK for Enterprise version 7 for all referenced threat actor tactics and techniques. This joint cybersecurity advisory...
    • News
    • Thread
    • acunetix api security cisa cyber threats cybersecurity data exfiltration disinformation election security fbi incident response iranian apt malicious software mitigation reconnaissance sql injection user agent voter registration voting processes vulnerability scanning
    • Replies: 0
    • Forum: Security Alerts

  4. AA20-302A: Ransomware Activity Targeting the Healthcare and Public Health Sector

    Original release date: October 28, 2020 Summary This advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) version 7 framework. See the ATT&CK for Enterprise version 7 for all referenced threat actor tactics and techniques. This joint cybersecurity advisory...
    • News
    • Thread
    • cisa continuity planning cyber threats cybersecurity data security data theft encryption fbi healthcare incident response malware mitigation network security phishing public health ransomware ryuk threat detection trickbot user awareness
    • Replies: 0
    • Forum: Security Alerts

  5. AA20-296A: Russian State-Sponsored Advanced Persistent Threat Actor Compromises U.S. Government Targets

    Original release date: October 22, 2020 Summary This joint cybersecurity advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor tactics and techniques This joint cybersecurity...
    • News
    • Thread
    • brute force cisa citrix issue credentials cybersecurity data exfiltration exchange server fbi government targets incident response krb-tgt mfa mitigation network compromise password reset russian apt sql injection threat actors vpn vulnerability
    • Replies: 0
    • Forum: Security Alerts

  6. AA20-283A: APT Actors Chaining Vulnerabilities Against SLTT, Critical Infrastructure, and Elections Organizations

    Original release date: October 9, 2020 Summary This joint cybersecurity advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques. Note: the analysis in this joint...
    • News
    • Thread
    • active directory apt cisa cve-2020-1472 cybersecurity elections exploitation fortinet incident response legacy systems malware mitigation monitoring netlogon network security privilege escalation remote access vpn vulnerabilities windows
    • Replies: 0
    • Forum: Security Alerts

  7. AA20-280A: Emotet Malware

    Original release date: October 6, 2020 Summary This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques. This product was written by the Cybersecurity and...
    • News
    • Thread
    • antivirus brute force cisa cybersecurity data exfiltration detection email security emotet lateral movement malicious software malware mitigation mitre network security payload phishing ransomware threats trojan
    • Replies: 1
    • Forum: Security Alerts

  8. AA20-275A: Potential for China Cyber Response to Heightened U.S.–China Tensions

    Original release date: October 1, 2020 Summary This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques. In light of heightened tensions between the United States and...
    • News
    • Thread
    • apt china cisa critical infrastructure cyber threats cybersecurity data breach espionage incident response intellectual property malware mitigation mitre att&ck phishing threat intelligence ttps us relations vulnerability
    • Replies: 0
    • Forum: Security Alerts

  9. AA20-266A: LokiBot Malware

    Original release date: September 22, 2020 Summary This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise frameworks for all referenced threat actor techniques. This product was written by the Cybersecurity and...
    • News
    • Thread
    • android trojan att&ck backdoor cisa credential theft cybersecurity data theft exfiltration incident response keylogger lokibot malicious attachments malspam malware mitigation password theft phishing spear phishing threat detection windows security
    • Replies: 0
    • Forum: Security Alerts

  10. AA20-259A: Iran-Based Threat Actor Exploits VPN Vulnerabilities

    Original release date: September 15, 2020 Summary This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques. This product was written by the Cybersecurity and...
    • News
    • Thread
    • cisa cve cybersecurity data exfiltration exploit fbi initial access iran mitigation network defense persistence rdp remote access security tactics techniques threat actors vpn vulnerabilities web shells
    • Replies: 0
    • Forum: Security Alerts

  11. AA20-245A: Technical Approaches to Uncovering and Remediating Malicious Activity

    Original release date: September 1, 2020 Summary This joint advisory is the result of a collaborative research effort by the cybersecurity authorities of five nations: Australia,[Link Removed] Canada,[2] New Zealand,[3][4] the United Kingdom,[5] and the United States.[Link Removed] It...
    • News
    • Thread
    • access control cybersecurity data exfiltration data security firewall incident management incident response indicators of compromise log management malicious software mitigation monitoring network security network segmentation remote access system administration threat analysis user education user training vulnerability
    • Replies: 0
    • Forum: Security Alerts

  12. AA20-227A: Phishing Emails Used to Deploy KONNI Malware

    Original release date: August 14, 2020 Summary This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques. The Cybersecurity and Infrastructure Security Agency (CISA)...
    • News
    • Thread
    • antivirus cisa command execution cybersecurity data exfiltration email security keylogging konni malware mitigation mitre att&ck phishing remote access security best practices shell commands social engineering threat detection user awareness vba windows
    • Replies: 0
    • Forum: Security Alerts

  13. AA20-225A: Malicious Cyber Actor Spoofing COVID-19 Loan Relief Webpage via Phishing Emails

    Original release date: August 12, 2020 Summary The Cybersecurity and Infrastructure Security Agency (CISA) is currently tracking an unknown malicious cyber actor who is spoofing the Small Business Administration (SBA) COVID-19 loan relief webpage via phishing emails. These emails include a...
    • News
    • Thread
    • access denied antivirus best practices cisa covid 19 credential theft cybersecurity email security government security indicator links malicious actors malware mitigation phishing remote attack sba threats vulnerability zero trust
    • Replies: 0
    • Forum: Security Alerts

  14. AA20-209A: Potential Legacy Risk from Malware Targeting QNAP NAS Devices

    Original release date: July 27, 2020 Summary This is a joint alert from the United States Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC). CISA and NCSC are investigating a strain of malware known as QSnatch, which...
    • News
    • Thread
    • analysis backdoor campaign cisa credential scraper cybersecurity exfiltration firmware infection malware mitigation nas ncsc network storage persistence qnap qsnatch risk security threats
    • Replies: 0
    • Forum: Security Alerts

  15. AA20-206A: Threat Actor Exploitation of F5 BIG-IP CVE-2020-5902

    Original release date: July 24, 2020 Summary The Cybersecurity and Infrastructure Security Agency (CISA) is issuing this alert in response to recently disclosed exploits that target F5 BIG-IP devices that are vulnerable to CVE-2020-5902. F5 Networks, Inc. (F5) released a patch for CVE-2020-5902...
    • News
    • Thread
    • cisa credential theft cve-2020-5902 cybersecurity data exfiltration detection digital security exploitation f5 big-ip incident response malware mitigation network segmentation patch management remote code execution security security advisory system compromise threat actors vulnerability
    • Replies: 0
    • Forum: Security Alerts

  16. AA20-205A: NSA and CISA Recommend Immediate Actions to Reduce Exposure Across Operational Technologies and Control Systems

    Original release date: July 23, 2020 Summary Note: This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise and Link Removed frameworks for all referenced threat actor techniques and mitigations. Over recent...
    • News
    • Thread
    • access control attack techniques cisa critical infrastructure cybersecurity data security incident response industrial control systems mitigation monitoring network security nsa operational technology patch management ransomware resilience planning risk management system mapping threat analysis vulnerabilities
    • Replies: 0
    • Forum: Security Alerts

  17. AA20-198A: Malicious Cyber Actor Use of Network Tunneling and Spoofing to Obfuscate Geolocation

    Original release date: July 16, 2020 Summary This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) and Pre-ATT&CK frameworks. See the MITRE ATT&CK for Enterprise and Pre-ATT&CK frameworks for referenced threat actor techniques. Attributing...
    • News
    • Thread
    • access control antivirus best practices cybersecurity denial of service email security firewall geolocation incident response malicious software mitigation network spoofing private network removable media security updates situational awareness spoofing threat actors tunneling vulnerability
    • Replies: 0
    • Forum: Security Alerts

  18. AA20-195A: Critical Vulnerability in SAP NetWeaver AS Java

    Original release date: July 13, 2020 Summary On July 13, 2020 EST, SAP released a Link Removed to address a critical vulnerability, Link Removed, affecting the SAP NetWeaver Application Server (AS) Java component LM Configuration Wizard. An unauthenticated attacker can exploit this...
    • News
    • Thread
    • access application attacker cisa configuration cve-2020-6287 cybersecurity data exploitation integrity java mitigation monitoring netweaver patch recommendations sap security system vulnerability
    • Replies: 0
    • Forum: Security Alerts

  19. AA20-182A: EINSTEIN Data Trends – 30-day Lookback

    Original release date: June 30, 2020 Summary Cybersecurity and Infrastructure Security Agency (CISA) analysts have compiled the top detection signatures that have been the most active over the month of May in our national Intrusion Detection System (IDS), known as EINSTEIN. This information is...
    • News
    • Thread
    • antivirus cisa cryptocurrency miner cybersecurity einstein ids kovter malware mitigation netsupport network security phishing rat remote access security updates situational awareness snort signatures threat detection xmrig
    • Replies: 0
    • Forum: Security Alerts

  20. AA20-133A: Top 10 Routinely Exploited Vulnerabilities

    Original release date: May 12, 2020 Summary The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the broader U.S. Government are providing this technical guidance to advise IT security professionals at public and private sector...
    • News
    • Thread
    • adobe flash best practices cisa cve cybersecurity exploitation fbi foreign actors indicator malware microsoft mitigation network security o365 patch management ransomware security threats vpn vulnerabilities
    • Replies: 0
    • Forum: Security Alerts