Navigation section
threat actor
-
AA21-336A: APT Actors Exploiting CVE-2021-44077 in Zoho ManageEngine ServiceDesk Plus
Original release date: December 2, 2021 Summary This joint Cybersecurity Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9. See the ATT&CK for Enterprise framework for referenced threat actor techniques and for mitigations. This joint...- News
- Thread
- active directory apt attack techniques cisa critical infrastructure cve-2021-44077 cybersecurity exploitation fbi indicators of compromise it consulting mitigation rce remote code servicedesk threat actor update vulnerability webshells zoho
- Replies: 0
- Forum: Security Alerts
-
AA21-259A: APT Actors Exploiting Newly Identified Vulnerability in ManageEngine ADSelfService Plus
Original release date: September 16, 2021 Summary This Joint Cybersecurity Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 8. See the ATT&CK for Enterprise for referenced threat actor tactics and for techniques. This joint advisory is...- News
- Thread
- adselfservice apt actors authentication bypass cisa critical infrastructure cve-2021-40539 cyber command cybersecurity data exfiltration exploit fbi incident response manageengine mitigations remote code execution security advisory technical details threat actor vulnerability webshells
- Replies: 0
- Forum: Security Alerts
-
AA21-148A: Sophisticated Spearphishing Campaign Targets Government Organizations, IGOs, and NGOs
Original release date: May 28, 2021 Summary The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are responding to a spearphishing campaign targeting government organizations, intergovernmental organizations (IGOs), and non-governmental...- News
- Thread
- apt29 cisa cobalt strike compromise cybersecurity detection email security emerging threats fbi government incident response indicators iso file malware mitigations phishing risk management spearphishing threat actor user training
- Replies: 0
- Forum: Security Alerts
-
VIDEO AA21-131A: DarkSide Ransomware: Best Practices for Preventing Business Disruption from Ransomware Attacks
Original release date: May 11, 2021 Summary This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. The Cybersecurity and Infrastructure Security...- News
- Thread
- access control business resilience cisa critical infrastructure cybersecurity darkside data backup encryption fbi incident response it security malware mitigations network segmentation phishing prevention ransomware technical details threat actor user training
- Replies: 0
- Forum: Security Alerts
-
AA21-110A: Exploitation of Pulse Connect Secure Vulnerabilities
Original release date: April 20, 2021 Summary The Cybersecurity and Infrastructure Security Agency (CISA) is aware of compromises affecting U.S. government agencies, critical infrastructure entities, and other private sector organizations by a cyber threat actor—or actors—beginning in June 2020...- News
- Thread
- cisa credential harvesting cyber threat cybersecurity exploit incident response integrity tool ivanti malware mitigations network security password management patch management pulse connect secure rce vulnerability security advisory software update threat actor vulnerabilities webshells
- Replies: 0
- Forum: Security Alerts
-
AA20-296A: Russian State-Sponsored Advanced Persistent Threat Actor Compromises U.S. Government Targets
Original release date: October 22, 2020 Summary This joint cybersecurity advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor tactics and techniques This joint cybersecurity...- News
- Thread
- brute force cisa citrix bug credentials cybersecurity data exfiltration fbi government targets incident response krb-tgt mfa microsoft exchange mitigation network compromise password reset russian apt sql injection threat actor vpn security vulnerability
- Replies: 0
- Forum: Security Alerts
-
AA20-259A: Iran-Based Threat Actor Exploits VPN Vulnerabilities
Original release date: September 15, 2020 Summary This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques. This product was written by the Cybersecurity and...- News
- Thread
- cisa cve cybersecurity data exfiltration exploits fbi initial access iran mitigations network defense persistence rdp remote access security tactics techniques threat actor vpn vulnerabilities web shells
- Replies: 0
- Forum: Security Alerts
-
AA20-206A: Threat Actor Exploitation of F5 BIG-IP CVE-2020-5902
Original release date: July 24, 2020 Summary The Cybersecurity and Infrastructure Security Agency (CISA) is issuing this alert in response to recently disclosed exploits that target F5 BIG-IP devices that are vulnerable to CVE-2020-5902. F5 Networks, Inc. (F5) released a patch for CVE-2020-5902...- News
- Thread
- cisa credential theft cve-2020-5902 cybersecurity data exfiltration detection digital security exploitation f5 big-ip incident response it security malware mitigation network segmentation patch management remote code execution security advisory system compromise threat actor vulnerability
- Replies: 0
- Forum: Security Alerts
-
AA20-198A: Malicious Cyber Actor Use of Network Tunneling and Spoofing to Obfuscate Geolocation
Original release date: July 16, 2020 Summary This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) and Pre-ATT&CK frameworks. See the MITRE ATT&CK for Enterprise and Pre-ATT&CK frameworks for referenced threat actor techniques. Attributing...- News
- Thread
- access control antivirus best practices cybersecurity denial of service email safety firewall geolocation incident response malicious activity mitigations network tunneling packet spoofing removable media security updates situational awareness spoofing threat actor virtual private network vulnerability
- Replies: 0
- Forum: Security Alerts
-
AA20-107A: Continued Threat Actor Exploitation Post Pulse Secure VPN Patching
Original release date: April 16, 2020 | Last revised: June 30, 2020 Summary Note: This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques and mitigations...- News
- Thread
- active directory cisa credential dumping cve-2019-11510 cybersecurity detection exploitation incident response indicators of compromise iocs lateral movement mitigation network security pulse secure ransomware remote access remote services threat actor vpn vulnerability
- Replies: 0
- Forum: Security Alerts
-
AA20-107A: Continued Threat Actor Exploitation Post Pulse Secure VPN Patching
Original release date: April 16, 2020 Summary Note: This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques and mitigations. This Alert provides an update...- News
- Thread
- active directory credential theft cve-2019-11510 cyber threat cybersecurity data exfiltration detection exploitation incident response indicators of compromise lateral movement malware mitigation network security patching pulse secure remote access threat actor vpn vulnerability
- Replies: 0
- Forum: Security Alerts
-
VIDEO AA20-049A: Ransomware Impacting Pipeline Operations
Original release date: February 18, 2020 Summary Note: This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) framework. See the MITRE ATT&CK for Enterprise and Link Removed frameworks for all referenced threat actor techniques and mitigations. CISA...- News
- Thread
- cisa control systems cybersecurity data backup data integrity emergency response hmi incident response infrastructure it network loss of productivity mitigation network segmentation operational technology ot network phishing pipeline security ransomware spearphishing threat actor
- Replies: 0
- Forum: Security Alerts