Navigation section
network defense
-
AA21-243A: Ransomware Awareness for Holidays and Weekends
Original release date: August 31, 2021 Summary Immediate Actions You Can Take Now to Protect Against Ransomware • Make an offline backup of your data. • Do not click on Link Removed. • If you use RDP, secure and monitor it. • Link Removed your OS and software. • Use Link Removed. • Use Link...- News
- Thread
- best practices cisa cyber criminals cyber hygiene cyber trends cybersecurity data backup fbi incident reporting incident response it security malware multi-factor authentication network defense phishing ransomware remote desktop protocol threat awareness threat hunting vulnerability
- Replies: 0
- Forum: Security Alerts
-
AA21-200A: Tactics, Techniques, and Procedures of Indicted APT40 Actors Associated with China’s MSS Hainan State Security Department
Original release date: July 19, 2021 Summary This Joint Cybersecurity Advisory was written by the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) to provide information on a Chinese Advanced Persistent Threat (APT) group known in open-source...- News
- Thread
- apt40 china compromise compromised credentials credential access cyber threat cybersecurity exfiltration hainan indicators information security intellectual property lateral movement malware mitre network defense state security tactics threat actors vulnerabilities
- Replies: 0
- Forum: Security Alerts
-
VIDEO AA21-077A: Detecting Post-Compromise Threat Activity Using the CHIRP IOC Detection Tool
Original release date: March 18, 2021 Summary This Alert announces the CISA Hunt and Incident Response Program (CHIRP) tool. CHIRP is a forensics collection tool that CISA developed to help network defenders find indicators of compromise (IOCs) associated with activity detailed in the following...- News
- Thread
- apt chirp cisa communication companion tool compromise forensic analysis forensics guidance incident response indicators of compromise malware network defense security siem solarwinds threat activity threat detection windows yara
- Replies: 0
- Forum: Security Alerts
-
AA20-259A: Iran-Based Threat Actor Exploits VPN Vulnerabilities
Original release date: September 15, 2020 Summary This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques. This product was written by the Cybersecurity and...- News
- Thread
- cisa cve cybersecurity data exfiltration exploits fbi initial access iran mitigations network defense persistence rdp remote access security tactics techniques threat actor vpn vulnerabilities web shells
- Replies: 0
- Forum: Security Alerts
-
AA20-183A: Defending Against Malicious Cyber Activity Originating from Tor
Original release date: July 1, 2020 | Last revised: July 2, 2020 Summary This advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) and Pre-ATT&CK framework. See the ATT&CK for Enterprise and Pre-ATT&CK frameworks for referenced threat actor techniques. This...- News
- Thread
- anonymity att&ck framework cisa command and control cyber threats cybersecurity data breaches exfiltration fbi identity cloaking incident response malicious activity malicious actors network defense network monitoring privacy risk mitigation threat assessment tor traffic analysis
- Replies: 0
- Forum: Security Alerts
-
AA20-106A: Guidance on the North Korean Cyber Threat
Original release date: April 15, 2020 | Last revised: June 23, 2020 Summary The U.S. Departments of State, the Treasury, and Homeland Security, and the Federal Bureau of Investigation are issuing this advisory as a comprehensive resource on the North Korean cyber threat for the international...- News
- Thread
- awareness critical infrastructure cryptojacking cyber threat cybercrime cybersecurity digital currency dprk espionage extortion financial theft government hidden cobra international cooperation malware mitigations network defense north korea ransomware sanctions
- Replies: 0
- Forum: Security Alerts
-
AA18-284A: Publicly Available Tools Seen in Cyber Incidents Worldwide
Original release date: October 11, 2018 Summary This report is a collaborative research effort by the cyber security authorities of five nations: Australia, Canada, New Zealand, the United Kingdom, and the United States.Link Removed[2][3][4]Link Removed In it we highlight the use of five...- News
- Thread
- china chopper command and control credential stealer cybersecurity exfiltration exploitation tools huc packet transmitter incident response jbifrost lateral movement malware mimikatz network defense network security powershell remote access trojan security practices threat detection vulnerabilities webshell
- Replies: 0
- Forum: Security Alerts
-
Your Network Needs to Be the First and Last Line in Your Cyber-Security Defense
Date: Tuesday, December 18, 2018Time: 02:00 PM Eastern Standard TimeDuration: 1 hour Most people think firewalls when it comes to network security and defending against cyber-threats. But with today’s increasingly sophisticated cyber-security threats Continue reading...- News
- Thread
- cyber security cyber threats defense firewalls it security network defense network security security best practices technology trends webinar
- Replies: 1
- Forum: Live RSS Feeds
-
TA18-275A: HIDDEN COBRA – FASTCash Campaign
Original release date: October 02, 2018 Systems Affected Retail Payment Systems Overview This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS), the Department of the Treasury (Treasury), and the Federal Bureau of Investigation...- News
- Thread
- atm banking infrastructure cyber threat cybersecurity dhs fastcash fbi financial fraud hidden cobra incident response iso 8583 malicious activity malware network defense payment systems risk mitigation spyware technical alert treasury vulnerability
- Replies: 0
- Forum: Security Alerts
-
TA18-149A: HIDDEN COBRA – Joanap Backdoor Trojan and Brambul Server Message Block Worm
Original release date: May 29, 2018 Systems Affected Network systems Overview This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). Working with U.S. government partners, DHS and FBI...- News
- Thread
- brambul brute-force attack compromise indicators cybersecurity dhs fbi hidden cobra intrusion detection ip addresses it security joanap malware malware analysis mitigation strategies network defense network security remote access tool trojan worm
- Replies: 0
- Forum: Security Alerts
-
TA17-318B: HIDDEN COBRA – North Korean Trojan: Volgmer
Original release date: November 14, 2017 Systems Affected Network systems Overview This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). Working with U.S. government partners, DHS...- News
- Thread
- backdoor trojan botnet cybersecurity dhs fbi hidden cobra incident response indicators of compromise ip addresses malicious activity malware malware analysis mitigation network defense network security north korea spear phishing trojan user-agent volgmer
- Replies: 0
- Forum: Security Alerts
-
TA17-318A: HIDDEN COBRA – North Korean Remote Administration Tool: FALLCHILL
Original release date: November 14, 2017 Systems Affected Network systems Overview This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). Working with U.S. government partners, DHS...- News
- Thread
- command and control cybersecurity dhs fallchill fbi hidden cobra incident response indicators of compromise ip addresses malware malware analysis malware detection mitigation techniques network defense network security north korea remote administration tool system information threat report tls communications
- Replies: 0
- Forum: Security Alerts
-
The Next Leap Forward in Cyber Defense: Taking Action to Help Defeat Adversaries
It is often said that attackers have an advantage, because the defenders have to protect every part of their systems all the time, while the attacker only has to find one way in. This argument oversimplifies the security landscape and the real strength that defenders can achieve if they work...- News
- Thread
- adversarial tactics attack mitigation coordinated response cyber defense cyber security defensive action enterprise security industry collaboration information sharing malware eradication malware protection microsoft network defense risk management security practices security standards security vendors threat indicators threat intelligence trust building
- Replies: 0
- Forum: Security Alerts
-
Windows 7 Pentagon discloses massive cyber theft
Link Removed- JMH
- Thread
- collaboration computer networks cyber attack cyber theft cybersecurity data breach defense industry foreign government insider threat intrusion losses military network defense pentagon private industry security sensitive data strategy william lynn
- Replies: 0
- Forum: Windows Security
-
Cyber-Attacks on Gmail, Defense Industries Linked to China: Investigators
The hackers that launched attacks against Link Removed have passed their evidence along to the FBI, which is performing a follow-up investigation. Jinan is also the headquarters of the Chinese intelligence service, and both that organization and the PLA have repeatedly said that China is beefing...- reghakr
- Thread
- china cyberattacks cybersecurity defense denials evidence fbi gmail google hacking intelligence internet war military national debt network defense pla security trade relations trend micro us government
- Replies: 1
- Forum: The Water Cooler