Navigation section

network security

  1. News

    AA21-110A: Exploitation of Pulse Connect Secure Vulnerabilities

    Original release date: April 20, 2021 Summary The Cybersecurity and Infrastructure Security Agency (CISA) is aware of compromises affecting U.S. government agencies, critical infrastructure entities, and other private sector organizations by a cyber threat actor—or actors—beginning in June 2020...
    • News
    • Thread
    • cisa credential harvesting cyber threat cybersecurity exploit incident response integrity tool ivanti malware mitigations network security password management patch management pulse connect secure rce vulnerability security advisory software update threat actor vulnerabilities webshells
    • Replies: 0
    • Forum: Security Alerts
  2. News

    AA21-076A: TrickBot Malware

    Original release date: March 17, 2021 Summary This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. The Cybersecurity and Infrastructure Security Agency...
    • News
    • Thread
    • antivirus attacks cisa command and control credential theft cybersecurity data exfiltration email security fbi malware mitigation mitre att&ck network security phishing social engineering spearphishing threat intelligence trickbot trojan windows
    • Replies: 0
    • Forum: Security Alerts
  3. News

    AA21-062A: Mitigate Microsoft Exchange Server Vulnerabilities

    Original release date: March 3, 2021 Summary Cybersecurity and Infrastructure Security (CISA) partners have observed active exploitation of vulnerabilities in Microsoft Exchange Server products. Successful exploitation of these vulnerabilities allows an unauthenticated attacker to execute...
    • News
    • Thread
    • active directory cve-2021-26855 cybersecurity exchange server forensic analysis incident response indicators of compromise malicious activity microsoft mitigations monitoring network security patches remote code execution security tactics threat intelligence user-agents vulnerabilities webshells
    • Replies: 0
    • Forum: Security Alerts
  4. News

    AA20-345A: Cyber Actors Target K-12 Distance Learning Education to Cause Disruptions and Steal Data

    Original release date: December 10, 2020<br/><h3>Summary</h3><p>This Joint Cybersecurity Advisory was coauthored by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC).</p>...
    • News
    • Thread
    • command and control cyber threats cybersecurity data theft ddos distance learning education it security k-12 malware mitigations network security phishing ransomware remote learning social engineering student data trojan video conferencing vulnerabilities
    • Replies: 0
    • Forum: Security Alerts
  5. News

    AA20-336A: Advanced Persistent Threat Actors Targeting U.S. Think Tanks

    Original release date: December 1, 2020<br/><h3>Summary</h3><p class="tip-intro" style="font-size: 15px;"><em>This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&amp;CK®) framework. See the <a href="Techniques - Enterprise | MITRE ATT&CK®">ATT&amp;CK for...
    • News
    • Thread
    • apt cisa cybersecurity data exfiltration fbi incident response malicious activity mitigation multi-factor authentication network security phishing remote access security awareness security policy social engineering tactics techniques think tanks threat actors vulnerabilities
    • Replies: 0
    • Forum: Security Alerts
  6. News

    AA20-302A: Ransomware Activity Targeting the Healthcare and Public Health Sector

    Original release date: October 28, 2020 Summary This advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) version 7 framework. See the ATT&CK for Enterprise version 7 for all referenced threat actor tactics and techniques. This joint cybersecurity advisory...
    • News
    • Thread
    • cisa continuity plans cyber threats cybersecurity data protection data theft encryption fbi healthcare incident response malware mitigation network security phishing public health ransomware ryuk threat detection trickbot user awareness
    • Replies: 0
    • Forum: Security Alerts
  7. News

    AA20-283A: APT Actors Chaining Vulnerabilities Against SLTT, Critical Infrastructure, and Elections Organizations

    Original release date: October 9, 2020 Summary This joint cybersecurity advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques. Note: the analysis in this joint...
    • News
    • Thread
    • active directory apt cisa cve-2020-1472 cybersecurity elections exploitation fortinet incident response legacy systems malware mitigation monitoring netlogon network security privilege escalation remote access vpn vulnerabilities windows
    • Replies: 0
    • Forum: Security Alerts
  8. News

    AA20-280A: Emotet Malware

    Original release date: October 6, 2020 Summary This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques. This product was written by the Cybersecurity and...
    • News
    • Thread
    • antivirus brute force cisa cybersecurity data exfiltration detection email security emotet lateral movement malicious software malware mitigation mitre network security payload phishing phishing email ransomware threat trojan
    • Replies: 1
    • Forum: Security Alerts
  9. News

    AA20-258A: Chinese Ministry of State Security-Affiliated Cyber Threat Actor Activity

    Original release date: September 14, 2020 Summary The Cybersecurity and Infrastructure Security Agency (CISA) has consistently observed Chinese Ministry of State Security (MSS)-affiliated cyber threat actors using publicly available information sources and common, well-known tactics...
    • News
    • Thread
    • apt chinese threats cisa cobalt strike command and control cybersecurity data breaches exploits incident response mimikatz mitre att&ck mss network security open source patch management ransomware spearphishing technical information threat actors vulnerabilities
    • Replies: 0
    • Forum: Security Alerts
  10. News

    AA20-245A: Technical Approaches to Uncovering and Remediating Malicious Activity

    Original release date: September 1, 2020 Summary This joint advisory is the result of a collaborative research effort by the cybersecurity authorities of five nations: Australia,[Link Removed] Canada,[2] New Zealand,[3][4] the United Kingdom,[5] and the United States.[Link Removed] It...
    • News
    • Thread
    • access control cybersecurity data exfiltration data protection firewall security incident management incident response indicators of compromise log management malicious activity mitigation techniques monitoring tools network security network segmentation remote access system administration threat analysis user education user training vulnerability assessment
    • Replies: 0
    • Forum: Security Alerts
  11. A

    Windows 10 Can we firewall a program in windows 10?

    Hi, Can I use the windows 10 firewall to firewall specific programs so they cannot get internet access? Thanks in advance.
    • anotherwindowsuser
    • Thread
    • application control connectivity issues firewall internet access network security program blocking security settings user guide windows 10 windows features
    • Replies: 11
    • Forum: Windows Help and Support
  12. News

    AA20-205A: NSA and CISA Recommend Immediate Actions to Reduce Exposure Across Operational Technologies and Control Systems

    Original release date: July 23, 2020 Summary Note: This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise and Link Removed frameworks for all referenced threat actor techniques and mitigations. Over recent...
    • News
    • Thread
    • access control attack techniques cisa control systems critical infrastructure cybersecurity data security incident response mitigation monitoring network security nsa operational technology ransomware resilience plan risk management software patching system mapping threat analysis vulnerabilities
    • Replies: 0
    • Forum: Security Alerts
  13. News

    AA20-182A: EINSTEIN Data Trends – 30-day Lookback

    Original release date: June 30, 2020 Summary Cybersecurity and Infrastructure Security Agency (CISA) analysts have compiled the top detection signatures that have been the most active over the month of May in our national Intrusion Detection System (IDS), known as EINSTEIN. This information is...
    • News
    • Thread
    • antivirus cisa cryptocurrency miner cybersecurity einstein ids kovter malware mitigation strategies netsupport network security phishing rat remote access tool security updates situational awareness snort signatures threat detection xmrig
    • Replies: 0
    • Forum: Security Alerts
  14. News

    AA20-133A: Top 10 Routinely Exploited Vulnerabilities

    Original release date: May 12, 2020 Summary The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the broader U.S. Government are providing this technical guidance to advise IT security professionals at public and private sector...
    • News
    • Thread
    • adobe flash best practices cisa cve cybersecurity exploitation fbi foreign actors indicators it security malware microsoft mitigations network security o365 patching ransomware threats vpn vulnerabilities
    • Replies: 0
    • Forum: Security Alerts
  15. News

    AA20-126A: APT Groups Target Healthcare and Essential Services

    Original release date: May 5, 2020 Summary This is a joint alert from the United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC). CISA and NCSC continue to see indications that...
    • News
    • Thread
    • apt groups authentication covid-19 cyber incidents cybersecurity data theft healthcare incident management intellectual property malicious activity mitigation network security password spraying pharmaceuticals remote work research organizations sensitive data supply chains threat actors vpn vulnerabilities
    • Replies: 0
    • Forum: Security Alerts
  16. News

    AA20-107A: Continued Threat Actor Exploitation Post Pulse Secure VPN Patching

    Original release date: April 16, 2020 | Last revised: June 30, 2020 Summary Note: This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques and mitigations...
    • News
    • Thread
    • active directory cisa credential dumping cve-2019-11510 cybersecurity detection exploitation incident response indicators of compromise iocs lateral movement mitigation network security pulse secure ransomware remote access remote services threat actor vpn vulnerability
    • Replies: 0
    • Forum: Security Alerts
  17. News

    AA20-183A: Defending Against Malicious Cyber Activity Originating from Tor

    Original release date: July 1, 2020 Summary This advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) and Pre-ATT&CK framework. See the ATT&CK for Enterprise and Pre-ATT&CK frameworks for referenced threat actor techniques. This advisory—written by the...
    • News
    • Thread
    • anonymity apt cisa command and control cybersecurity data exfiltration data manipulation denial of service exploitation fbi incident response indicators of compromise malicious activity network monitoring network security reconnaissance risk mitigation security tools threat actors tor
    • Replies: 0
    • Forum: Security Alerts
  18. News

    AA20-107A: Continued Threat Actor Exploitation Post Pulse Secure VPN Patching

    Original release date: April 16, 2020 Summary Note: This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques and mitigations. This Alert provides an update...
    • News
    • Thread
    • active directory credential theft cve-2019-11510 cyber threat cybersecurity data exfiltration detection exploitation incident response indicators of compromise lateral movement malware mitigation network security patching pulse secure remote access threat actor vpn vulnerability
    • Replies: 0
    • Forum: Security Alerts
  19. News

    AA20-010A: Continued Exploitation of Pulse Secure VPN Vulnerability

    Original release date: January 10, 2020 Summary Unpatched Pulse Secure VPN servers continue to be an attractive target for malicious actors. Affected organizations that have not applied the software patch to fix a remote code execution (RCE) vulnerability, known as CVE-2019-11510, can become...
    • News
    • Thread
    • cisa cve-2019-11510 cyber attacks cybersecurity exploitation incident response malware mitigation network security patch management pulse secure rce remote access security advisory software update threat actors unauthorized access unpatched servers vpn vulnerability
    • Replies: 0
    • Forum: Security Alerts
  20. News

    [Ad管理者向け] 2020 年 Ldap 署名と Ldap チャネルバインディングが有効化。確認を!

    マイクロソフトでは、2020 年初頭に、Active Directory ドメイン環境内の LDAP 通信の安全性を向上するために、LDAP 署名、およびLDAP チャネルバインディング (LDAPS 利用時)を既定で有効化します。 The post [AD管理者向け] 2020 年 LDAP 署名と LDAP チャネルバインディングが有効化。確認を! appeared first on Microsoft Security Response Center. Continue reading...
    • News
    • Thread
    • active directory authentication channel binding configuration it administration ldap ldaps microsoft network security security
    • Replies: 0
    • Forum: Security Alerts
Back
Top