network defense

  1. VIDEO AA21-077A: Detecting Post-Compromise Threat Activity Using the CHIRP IOC Detection Tool

    Original release date: March 18, 2021 Summary This Alert announces the CISA Hunt and Incident Response Program (CHIRP) tool. CHIRP is a forensics collection tool that CISA developed to help network defenders find indicators of compromise (IOCs) associated with activity detailed in the following...
    • News
    • Thread
    • apt chirp cisa communication companion tool compromise forensics guidance incident response indicators of compromise malware network defense security siem solarwinds threat activity threat detection windows yara
    • Replies: 0
    • Forum: Security Alerts

  2. AA20-259A: Iran-Based Threat Actor Exploits VPN Vulnerabilities

    Original release date: September 15, 2020 Summary This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques. This product was written by the Cybersecurity and...
    • News
    • Thread
    • cisa cve cybersecurity data exfiltration exploit fbi initial access iran mitigation network defense persistence rdp remote access security tactics techniques threat actors vpn vulnerabilities web shells
    • Replies: 0
    • Forum: Security Alerts

  3. AA20-183A: Defending Against Malicious Cyber Activity Originating from Tor

    Original release date: July 1, 2020 | Last revised: July 2, 2020 Summary This advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) and Pre-ATT&CK framework. See the ATT&CK for Enterprise and Pre-ATT&CK frameworks for referenced threat actor techniques. This...
    • News
    • Thread
    • anonymity att&ck framework cisa command and control cyber threats cybersecurity data breach exfiltration fbi identity cloaking incident response malicious actors malicious software network defense network monitoring privacy risk mitigation threat mitigation tor traffic analysis
    • Replies: 0
    • Forum: Security Alerts

  4. AA20-106A: Guidance on the North Korean Cyber Threat

    Original release date: April 15, 2020 | Last revised: June 23, 2020 Summary The U.S. Departments of State, the Treasury, and Homeland Security, and the Federal Bureau of Investigation are issuing this advisory as a comprehensive resource on the North Korean cyber threat for the international...
    • News
    • Thread
    • awareness critical infrastructure cryptojacking cyber threats cybercrime cybersecurity digital currency dprk espionage extortion financial crime government hidden cobra international cooperation malware mitigation network defense north korea ransomware sanctions
    • Replies: 0
    • Forum: Security Alerts

  5. AA18-284A: Publicly Available Tools Seen in Cyber Incidents Worldwide

    Original release date: October 11, 2018 Summary This report is a collaborative research effort by the cyber security authorities of five nations: Australia, Canada, New Zealand, the United Kingdom, and the United States.Link Removed[2][3][4]Link Removed In it we highlight the use of five...
    • News
    • Thread
    • chinachopper command and control credential theft cybersecurity exfiltration exploitation tools huc packet transmitter incident response jbifrost lateral movement malware mimikatz network defense network security powershell remote access trojan security best practices threat detection vulnerabilities webshell
    • Replies: 0
    • Forum: Security Alerts

  6. Your Network Needs to Be the First and Last Line in Your Cyber-Security Defense

    Date: Tuesday, December 18, 2018Time: 02:00 PM Eastern Standard TimeDuration: 1 hour Most people think firewalls when it comes to network security and defending against cyber-threats. But with today’s increasingly sophisticated cyber-security threats Continue reading...
    • News
    • Thread
    • cyber threats cybersecurity defense firewall network defense network security security security best practices tech industry trends webinar
    • Replies: 1
    • Forum: Live RSS Feeds

  7. AA18-284A: Publicly Available Tools Seen in Cyber Incidents Worldwide

    Original release date: October 11, 2018 Summary This report is a collaborative research effort by the cyber security authorities of five nations: Australia, Canada, New Zealand, the United Kingdom, and the United States.Link Removed[2][3][4]Link Removed In it we highlight the use of five...
    • News
    • Thread
    • apt chinachopper credential theft cybersecurity exfiltration huc incident response jbifrost lateral movement malware mimikatz network defense network monitoring phishing powershellempire publictools remote access security updates threat actors vulnerabilities
    • Replies: 0
    • Forum: Security Alerts

  8. TA18-275A: HIDDEN COBRA – FASTCash Campaign

    Original release date: October 02, 2018 Systems Affected Retail Payment Systems Overview This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS), the Department of the Treasury (Treasury), and the Federal Bureau of Investigation...
    • News
    • Thread
    • atm banking cyber threats cybersecurity dhs fastcash fbi fraud hidden cobra incident response iso 8583 malicious software malware network defense payment methods risk mitigation spyware technical alert treasury vulnerability
    • Replies: 0
    • Forum: Security Alerts

  9. TA18-149A: HIDDEN COBRA – Joanap Backdoor Trojan and Brambul Server Message Block Worm

    Original release date: May 29, 2018 Systems Affected Network systems Overview This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). Working with U.S. government partners, DHS and FBI...
    • News
    • Thread
    • brambul brute force cybersecurity dhs fbi hidden cobra indicators of compromise intrusion detection ip address joanap malware mitigation network defense network security remote access security server message block trojan worm
    • Replies: 0
    • Forum: Security Alerts

  10. TA17-318B: HIDDEN COBRA – North Korean Trojan: Volgmer

    Original release date: November 14, 2017 Systems Affected Network systems Overview This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). Working with U.S. government partners, DHS...
    • News
    • Thread
    • backdoor trojan botnet cybersecurity dhs fbi hidden cobra incident response indicators of compromise ip address malicious software malware mitigation network defense network security north korea spear phishing trojan user agent volgmer
    • Replies: 0
    • Forum: Security Alerts

  11. TA17-318A: HIDDEN COBRA – North Korean Remote Administration Tool: FALLCHILL

    Original release date: November 14, 2017 Systems Affected Network systems Overview This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). Working with U.S. government partners, DHS...
    • News
    • Thread
    • command and control cyber threat reporting cybersecurity dhs fallchill fbi hidden cobra incident response indicators of compromise ip address malware mitigation network defense network security north korea remote administration tool system information tls
    • Replies: 0
    • Forum: Security Alerts

  12. The Next Leap Forward in Cyber Defense: Taking Action to Help Defeat Adversaries

    It is often said that attackers have an advantage, because the defenders have to protect every part of their systems all the time, while the attacker only has to find one way in. This argument oversimplifies the security landscape and the real strength that defenders can achieve if they work...
    • News
    • Thread
    • adversarial attacks coordinated response cyber defense cybersecurity defensive action enterprise security industry collaboration information sharing malware malware eradication microsoft network defense risk management security best practices security standards security vendors threat analysis threat intelligence threat mitigation trust
    • Replies: 0
    • Forum: Security Alerts

  13. Windows 7 Pentagon discloses massive cyber theft

    Link Removed
    • JMH
    • Thread
    • collaboration cyber theft cyberattack cybersecurity data breach defense industry foreign government insider threats intrusion loss military network network defense pentagon private sector security sensitive data strategy william lynn
    • Replies: 0
    • Forum: Windows Security

  14. Cyber-Attacks on Gmail, Defense Industries Linked to China: Investigators

    The hackers that launched attacks against Link Removed have passed their evidence along to the FBI, which is performing a follow-up investigation. Jinan is also the headquarters of the Chinese intelligence service, and both that organization and the PLA have repeatedly said that China is beefing...
    • reghakr
    • Thread
    • china cyber threats cybersecurity defense denial evidence fbi gmail google government hacking intelligence internet war military national debt network defense pla security trade relations trend micro
    • Replies: 1
    • Forum: The Water Cooler