Alerts 2022
December 31, 2022 - CISA
TIBCO JasperReports Server Information Disclosure Vulnerability Full Text
Abstract
The Spring web flows of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contain a vulnerability which may allow any authenticated user read-only access to the contents of the web application, including key configuration files. Affected releases include TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.2.4; 6.3.0; 6.3.2; 6.3.3;6.4.0; 6.4.2, TIBCO JasperReports Server Community Edition: versions up to and including 6.4.2, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.2, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 6.4.2, TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 6.4.2.January 5, 2023 - NIST
Control Web Panel or CentOS Web Panel CVE-2022-44877 Detail Full Text
Abstract
login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter.December 21, 2022 - FBI
Cyber Criminals Impersonating Brands Using Search Engine Advertisement Services to Defraud Users Full Text
Abstract
The FBI is warning the public that cyber criminals are using search engine advertisement services to impersonate brands and direct users to malicious sites that host ransomware and steal login credentials and other financial information.December 19, 2022 - CISA
Updated: KNOWN EXPLOITED VULNERABILITIES CATALOG Full Text
Abstract
KNOWN EXPLOITED VULNERABILITIES CATALOGDecember 15, 2022 - FBI, FDA OCI, USDA
Criminal Actors Use Business Email Compromise to Steal Large Shipments of Food Products and Ingredients Full Text
Abstract
The Federal Bureau of Investigation (FBI), the Food and Drug Administration Office of Criminal Investigations (FDA OCI), and the US Department of Agriculture (USDA) are releasing this joint Cybersecurity Advisory (CSA) to advise the Food & Agriculture sector about recently observed incidents of criminal actors using business email compromise (BEC) to steal shipments of food products and ingredients valued at hundreds of thousands of dollars.December 13, 2022 - NSA, CISA, ODNI
NSA, CISA, and ODNI Release Guidance on Potential Threats to 5G Network Slicing Full Text
Abstract
Today, the National Security Agency (NSA), CISA, and the Office of the Director of National Intelligence (ODNI), published Potential Threats to 5G Network Slicing. This guidance—created by the Enduring Security Framework (ESF), a public-private cross-sector working group led by the NSA and CISA—presents both the benefits and risks associated with 5G network slicing. It also provides mitigation strategies that address potential threats to 5G network slicing. The guidance builds upon ESF’s Potential Threat Vectors to 5G Infrastructure, published in 2021.December 13, 2022 - NSA, CISA, ODNI
NSA, CISA, and ODNI Release Guidance on Potential Threats to 5G Network Slicing Full Text
Abstract
Today, the National Security Agency (NSA), CISA, and the Office of the Director of National Intelligence (ODNI), published Potential Threats to 5G Network Slicing. This guidance—created by the Enduring Security Framework (ESF), a public-private cross-sector working group led by the NSA and CISA—presents both the benefits and risks associated with 5G network slicing. It also provides mitigation strategies that address potential threats to 5G network slicing. The guidance builds upon ESF’s Potential Threat Vectors to 5G Infrastructure, published in 2021.ding-bottom:0px”> December 12, 2022 - HC3
LockBit 3.0 Ransomware Full Text
Abstract
LockBit 3.0 is the newest version of the LockBit ransomware that was first discovered in September 2019. The ransomware family has a history of using the Ransomware-as-a-service (RaaS) model and typically targets organizations that could pay higher ransoms. Historically, this ransomware employs a double extortion technique where sensitive data is encrypted and exfiltrated. The actor requests payment to decrypt data and threatens to leak the sensitive data if the payment is not made. With the new release, it appears that the ransomware is using a triple extortion model where the affected victim may also be asked to purchase their sensitive information. Since its appearance, HC3 is aware of LockBit 3.0 attacks against the Healthcare and Public Healthcare (HPH) sector. Due to the historical nature of ransomware victimizing the healthcare community, LockBit 3.0 should be considered a threat to the HPH sector.</div>
December 7, 2022 - HC3
Royal Ransomware Full Text
Abstract
Royal is a human-operated ransomware that was first observed in 2022 and has increased in appearance. It has demanded ransoms up to millions of dollars. Since its appearance, HC3 is aware of attacks against the Healthcare and Public Healthcare (HPH) sector. Due to the historical nature of ransomware victimizing the healthcare community, Royal should be considered a threat to the HPH sector.December 5, 2022 - CISA
CISA Adds One Known Exploited Vulnerability to Catalog Full Text
Abstract
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. This type of vulnerability is a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: To view the newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column, which will sort by descending dates.December 1, 2022 - FBI, CISA
#StopRansomware: Cuba Ransomware Full Text
Abstract
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint CSA to disseminate known Cuba ransomware IOCs and TTPs associated with Cuba ransomware actors identified through FBI investigations, third-party reporting, and open-source reporting. This advisory updates the December 2021 FBI Flash: Indicators of Compromise Associated with Cuba Ransomware.November 30, 2022 - CISA
Updated: KNOWN EXPLOITED VULNERABILITIES CATALOG Full Text
Abstract
KNOWN EXPLOITED VULNERABILITIES CATALOGNovember 29, 2022 - CISA
Mitsubishi Electric FA Engineering Software Full Text
Abstract
Cleartext Storage of Sensitive Information, Use of Hard-coded Password, Insufficiently Protected Credentials, Use of Hard-coded Cryptographic Key, Cleartext Storage of Sensitive Information in MemoryNovember 25, 2022 - FCC
FCC Bans Authorizations for Devices That Pose National Security Threat Full Text
Abstract
FCC Bans Equipment Authorizations For Chinese Telecommunications And Video Surveillance Equipment Deemed To Pose A Threat To National SecurityNovember 17, 2022 - FBI, CISA, HHS
#StopRansomware: Hive Ransomware Full Text
Abstract
The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Health and Human Services (HHS) are releasing this joint CSA to disseminate known Hive IOCs and TTPs identified through FBI investigations as recently as November 2022.November 15, 2022 - NSA
Software Memory Safety Full Text
Abstract
Modern society relies heavily on software-based automation, implicitly trusting developers to write software that operates in the expected way and cannot be compromised for malicious purposes. While developers often perform rigorous testing to prepare the logic in software for surprising conditions, exploitable software vulnerabilities are still frequently based on memory issues. Examples include overflowing a memory buffer and leveraging issues with how software allocates and deallocates memory. Microsoft® revealed at a conference in 2019 that from 2006 to 2018 70 percent of their vulnerabilities were due to memory safety issues. [1] Google® also found a similar percentage of memory safety vulnerabilities over several years in Chrome®. [2] Malicious cyber actors can exploit these vulnerabilities for remote code execution or other adverse effects, which can often compromise a device and be the first step in large-scale network intrusions.November 11, 2022 - CISA
STAKEHOLDER-SPECIFIC VULNERABILITY CATEGORIZATION Full Text
Abstract
Carnegie Mellon University's Software Engineering Institute (SEI), in collaboration with CISA, created the Stakeholder-Specific Vulnerability Categorization (SSVC) system in 2019 to provide the cyber community a vulnerability analysis methodology that accounts for a vulnerability's exploitation status, impacts to safety, and prevalence of the affected product in a singular system. CISA worked with SEI in 2020 to develop its own customized SSVC decision tree to examine vulnerabilities relevant to the United States government (USG), as well as state, local, tribal, and territorial (SLTT) governments, and critical infrastructure entities. Implementing SSVC has allowed CISA to better prioritize its vulnerability response and vulnerability messaging to the public.November 10, 2022 - FBI
Scammers Using Computer-Technical Support Impersonation Scams to Target Victims and Conduct Wire Transfers Full Text
Abstract
As recently as October 2022, the FBI observed several instances nationwide of scammers conducting computer-technical support scams, where criminals pose as service representatives of a company's technical or computer repair service and contact victims through email or by telephone about a highly priced, soon-to-renew subscription. Scammers request victims contact the scammers at a provided telephone number or email to cancel the renewal and receive a varying refund amount. After the victims contact the scammers, they attempt to obtain personal and banking information that is then used to conduct unauthorized wire transfers of funds held within the targeted victim's accounts. Targeted victims generally fall within the elderly population.November 9, 2022 - HC3
Venus Ransomware Targets Publicly Exposed Remote Desktop Services Full Text
Abstract
HC3 is aware of at least one healthcare entity in the United States falling victim to Venus ransomware recently. The threat actors behind Venus ransomware operations are known to target publicly exposed Remote Desktop Services to encrypt Windows devices. This report provides additional information, indicators of compromise, techniques and corresponding mitigations associated with Venus ransomware.November 7, 2022 - Department of Defense
DoD Zero Trust Strategy Full Text
Abstract
Our adversaries are in our networks, exfiltrating our data, and exploiting the Department’s users. The rapid growth of these offensive threats emphasizes the need for the Department of Defense (DoD) to adapt and significantly improve our deterrence strategies and cybersecurity implementations. Defending DoD networks with high-powered and ever-more sophisticated perimeter defenses is no longer sufficient for achieving cyber resiliency and securing our information enterprise that spans geographic borders, interfaces with external partners, and support to millions of authorized users, many of which now require access to DoD networks outside traditional boundaries, such as work from home. To meet these challenges, the DoD requires an enhanced cybersecurity framework built upon Zero Trust principles that must be adopted across the Department, enterprise-wide, as quickly as possible as described within this document.November 4, 2022 - FBI
Hacktivists Use of DDoS Activity Causes Minor Impacts Full Text
Abstract
The Federal Bureau of Investigation (FBI) is releasing this Private Industry Notification to highlight hacktivism activity and encourage organizations to implement the recommendations in the Mitigations section to reduce the likelihood and impact of distributed denial of service (DDoS) attack.November 3, 2022 - HHS, HC3
Iranian Threat Actors & Healthcare Full Text
Abstract
- Analysis of the Iranian Cyber Attack Landscape - Iranian Cyber Threat Actors - Iran Cyberattacks in the News - Attack Analysis - Tactics, Techniques, and Procedures (TTPs) & MitigationsNovember 3, 2022 - CISA
CISA Releases Three Industrial Control Systems Advisories Full Text
Abstract
CISA has released three (3) Industrial Control Systems (ICS) advisories on November 3, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.October 25, 2022 - CISA
CISA Releases Eight Industrial Control Systems Advisories Full Text
Abstract
CISA has released eight (8) Industrial Control Systems (ICS) advisories on October 25, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.October 21, 2022 - CISA
Updated: KNOWN EXPLOITED VULNERABILITIES CATALOG Full Text
Abstract
KNOWN EXPLOITED VULNERABILITIES CATALOGOctober 21, 2022 - CISA
#StopRansomware: Daixin Team Full Text
Abstract
The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and Department of Health and Human Services (HHS) are releasing this joint CSA to provide information on the “Daixin Team,” a cybercrime group that is actively targeting U.S. businesses, predominantly in the Healthcare and Public Health (HPH) Sector, with ransomware and data extortion operations.October 20, 2022 - CISA
SCUBA DIVES DEEPER TO HELP FEDERAL AGENCIES SECURE THEIR CLOUD ENVIRONMENTS PUBLISHES SECURITY CONFIGURATION BASELINES FOR MICROSOFT 365 Full Text
Abstract
In April, CISA announced the Secure Cloud Business Applications (SCuBA) project to help secure federal civilian executive branch (FCEB) information assets stored within cloud environments through consistent, effective, modern, and manageable security configurations. Today, we are excited to announce the latest contribution of the SCuBA project: a series of recommended security configuration baselines for Microsoft 365 (M365). These baselines will kick off a series of pilot efforts to advance cloud security practices across the FCEB and more effectively safeguard sensitive information and government services.October 20, 2022 - FBI
FBI PIN TLP White: Iranian Cyber Group Emennet Pasargad Conducting Hack-and-Leak Operations Using False-Flag Personas Full Text
Abstract
The FBI is providing information concerning ongoing hack-and-leak cyber operations conducted by Iranian cyber group Emennet Pasargad. According to FBI information, since at least 2020, Emennet targeted entities primarily in Israel with cyber-enabled information operations that included an initial intrusion, theft and subsequent leak of data, followed by amplification through social media and online forums, and in some cases the deployment of destructive encryption malware. To avoid attribution, Emennet executed false-flag campaigns under the guise of multiple personas like hacktivist or cyber-criminal groups. Although Emennet’s latest attacks have primarily targeted Israel, the FBI judges these techniques may be used to target US entities as seen during Emennet’s cyber-enabled information operation that targeted the 2020 US Presidential election1. Within the past year, the FBI has identified a destructive cyber attack against a US organization – indicating the group remains a cyber threat to the United States.October 18, 2022 - TSA
TSA issues new cybersecurity requirements for passenger and freight railroad carriers Full Text
Abstract
WASHINGTON – The Transportation Security Administration (TSA) announced a new cybersecurity security directive regulating designated passenger and freight railroad carriers. Today’s announcement demonstrates the Biden-Harris Administration’s commitment to strengthen the cybersecurity of U.S. critical infrastructure. Building on the TSA’s work to strengthen defenses in other transportation modes, this security directive will further enhance cybersecurity preparedness and resilience for the nation’s railroad operations.October 18, 2022 - FBI
CISA Releases Two Industrial Control Systems Advisories Full Text
Abstract
CISA released two Industrial Control Systems (ICS) advisories on October 18, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.October 18, 2022 - FBI
Potential Fraud Schemes Targeting Individuals Seeking Federal Student Loan Forgiveness Full Text
Abstract
The FBI warns of the potential for fraudulent websites, e-mails, texts, or phone scams aiming to defraud individuals seeking federal student loan forgiveness. Scammers will aim to solicit personally identifiable information, financial information, or payment from potential victims.October 18, 2022 - FTC
Now that the student loan debt relief application is open, spot the scams Full Text
Abstract
The Department of Education (ED)’s application for federal student loan debt relief is now open and, of course, scammers are on the move — trying to get your money and personal information. Luckily, there are ways to stop them, so keep reading to find out how to protect yourself as you apply for relief.October 6, 2022 - HHS, HC3
Abuse of Legitimate Security Tools and Health Sector Cybersecurity Full Text
Abstract
The same tools used to operate, maintain and secure healthcare systems and networks can also be turned against their own infrastructure. Cobalt Strike, PowerShell, Mimikatz, Sysinternals, Anydesk, Brute Ratel, ReferencesOctober 6, 2022 - NSA, FBI, CISA
Top CVEs Actively Exploited By People’s Republic of China State-Sponsored Cyber Actors Full Text
Abstract
This joint Cybersecurity Advisory (CSA) provides the top Common Vulnerabilities and Exposures (CVEs) used since 2020 by People’s Republic of China (PRC) state-sponsored cyber actors as assessed by the National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and Federal Bureau of Investigation (FBI). PRC state-sponsored cyber actors continue to exploit known vulnerabilities to actively target U.S. and allied networks as well as software and hardware companies to steal intellectual property and develop access into sensitive networks.October 6, 2022 - FBI, CISA
Foreign Actors Likely to Use Information Manipulation Tactics for 2022 Midterm Elections Full Text
Abstract
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are raising awareness of the potential threat posed by attempts to manipulate information or spread disinformation in the lead up to and after the 2022 midterm elections.October 4, 2022 - CISA
Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization Full Text
Abstract
From November 2021 through January 2022, the Cybersecurity and Infrastructure Security Agency (CISA) responded to advanced persistent threat (APT) activity on a Defense Industrial Base (DIB) Sector organization’s enterprise network. During incident response activities, CISA uncovered that likely multiple APT groups compromised the organization’s network, and some APT actors had long-term access to the environment. APT actors used an open-source toolkit called Impacket to gain their foothold within the environment and further compromise the network, and also used a custom data exfiltration tool, CovalentStealer, to steal the victim’s sensitive data.October 3, 2022 - CISA
CISA DIRECTS FEDERAL AGENCIES TO IMPROVE CYBERSECURITY ASSET VISIBILITY AND VULNERABILITY DETECTION Full Text
Abstract
Over the past several years, CISA has been working urgently to gain greater visibility into risks facing federal civilian networks, a gap made clear by the intrusion campaign targeting SolarWinds devices. The Biden-Harris Administration and Congress have supported significant progress by providing key authorities and resources. This Directive takes the next step by establishing baseline requirements for all Federal Civilian Executive Branch (FCEB) agencies to identify assets and vulnerabilities on their networks and provide data to CISA on defined intervals.October 3, 2022 - FBI
Cryptocurrency Investment Schemes Full Text
Abstract
The FBI Miami Field Office, in coordination with the Internet Crime Complaint Center (IC3), warns of investment schemes involving cryptocurrency, called Pig Butchering. In this scheme, fraudsters, posing as highly successful traders in cryptocurrency, entice victims to make purported investments in cryptocurrency providing fictitious returns to encourage additional investments.September 30, 2022 - CISA
Hurricane-Related Scams Full Text
Abstract
CISA warns users to remain on alert for malicious cyber activity targeting potential disaster victims and charitable donors following a hurricane. Fraudulent emails—often containing malicious links or attachments—are common after major natural disasters. Exercise caution in handling emails with hurricane-related subject lines, attachments, or hyperlinks. In addition, be wary of social media pleas, texts, or door-to-door solicitations relating to severe weather events.September 28, 2022 - IRS
IRS reports significant increase in texting scams; warns taxpayers to remain vigilant Full Text
Abstract
WASHINGTON — The Internal Revenue Service today warned taxpayers of a recent increase in IRS-themed texting scams aimed at stealing personal and financial information.September 23, 2022 - CISA
CISA Has Added One Known Exploited Vulnerability to Catalog Full Text
Abstract
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: To view the newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column, which will sort by descending dates.September 22, 2022 - NSA
NSA, CISA: How Cyber Actors Compromise OT/ICS and How to Defend Against It Full Text
Abstract
FORT MEADE, Md. — The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) published a Cybersecurity Advisory today that highlights the steps malicious actors have commonly followed to compromise operational technology (OT)/industrial control system (ICS) assets and provides recommendations on how to defend against them.September 22, 2022 - CISA
CISA Has Added One Known Exploited Vulnerability to Catalog Full Text
Abstract
CISA has added one new vulnerability to it's Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: To view the newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column, which will sort by descending dates.September 21, 2022 - FBI, CISA
Iranian State Actors Conduct Cyber Operations Against the Government of Albania Full Text
Abstract
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint Cybersecurity Advisory to provide information on recent cyber operations against the Government of Albania in July and September. This advisory provides a timeline of activity observed, from initial access to execution of encryption and wiper attacks. Additional information concerning files used by the actors during their exploitation of and cyber attack against the victim organization is provided in Appendices A and B.September 14, 2022 - FBI
Cyber Criminals Targeting Healthcare Payment Processors, Costing Victims Millions in Losses Full Text
Abstract
The FBI has received multiple reports of cyber criminals increasingly targeting healthcare payment processors to redirect victim payments. In each of these reports, unknown cyber criminals used employees’ publicly-available Personally Identifiable Information (PII) and social engineering techniques to impersonate victims and obtain access to files, healthcare portals, payment information, and websites. In one case, the attacker changed victims’ direct deposit information to a bank account controlled by the attacker, redirecting $3.1 million from victims’ payments.September 14, 2022 - CISA
CISA Adds Two Known Exploited Vulnerabilities to Catalog Full Text
Abstract
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow in the “Date Added to Catalog” column, which will sort by descending dates.September 12, 2022 - CISA, DHS
Request for Information on the Cyber Incident Reporting for Critical Infrastructure Act of 2022 Full Text
Abstract
The Cybersecurity and Infrastructure Security Agency (CISA) is issuing this Request for Information (RFI) to receive input from the public as CISA develops proposed regulations required by the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA)September 9, 2022 - CISA
Updated: KNOWN EXPLOITED VULNERABILITIES CATALOG Full Text
Abstract
KNOWN EXPLOITED VULNERABILITIES CATALOGSeptember 8, 2022 - CISA
Baxter Sigma Spectrum Infusion Pump Full Text
Abstract
The Baxter Spectrum WBM (v16, v16D38, v17, v17D19, v20D29 to v20D32, and v22D19 to v22D28) stores network credentials and patient health information (PHI) in unencrypted form. PHI is only stored in Spectrum IQ pumps using auto programming. An attacker with physical access to a device without all data and settings erased may be able to extract sensitive information.September 6, 2022 - FBI, CISA, MS-ISAC
#StopRansomware: Vice Society Full Text
Abstract
The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing this joint CSA to disseminate IOCs and TTPs associated with Vice Society actors identified through FBI investigations as recently as September 2022. The FBI, CISA, and the MS-ISAC have recently observed Vice Society actors disproportionately targeting the education sector with ransomware attacks.September 1, 2022 - CISA
Contec Health CMS8000 Full Text
Abstract
A threat actor with momentary access to the device can plug in a USB drive and perform a malicious firmware update, resulting in permanent changes to device functionality. No authentication or controls are in place to prevent a threat actor from maliciously modifying firmware and performing a drive-by attack to load the firmware on any CMS8000 device.September 1, 2022 - NSA, CISA, ODNI
NSA, CISA, ODNI Release Software Supply Chain Guidance for Developers Full Text
Abstract
The National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and the Office of the Director of National Intelligence (ODNI) released Securing the Software Supply Chain for Developers today. The product is through the Enduring Security Framework (ESF) — a public-private cross-sector working group led by NSA and CISA that provides cybersecurity guidance addressing high priority threats to the nation’s critical infrastructure.August 30, 2022 - CISA
Updated: KNOWN EXPLOITED VULNERABILITIES CATALOG Full Text
Abstract
KNOWN EXPLOITED VULNERABILITIES CATALOGAugust 29, 2022 - FBI
Cyber Criminals Increasingly Exploit Vulnerabilities in Decentralized Finance Platforms to Obtain Cryptocurrency, Causing Investors to Lose Money Full Text
Abstract
The FBI is warning investors cyber criminals are increasingly exploiting vulnerabilities in decentralized finance (DeFi) platforms to steal cryptocurrency, causing investors to lose money. The FBI has observed cyber criminals exploiting vulnerabilities in the smart contracts governing DeFi platforms to steal investors’ cryptocurrency. The FBI encourages investors who suspect cyber criminals have stolen their DeFi investments to contact the FBI via the Internet Crime Complaint Center or their local FBI field office.August 24, 2022 - CISA
Preparing Critical Infrastructure for Post-Quantum Cryptography Full Text
Abstract
CISA has released CISA Insights: Preparing Critical Infrastructure for Post-Quantum Cryptography, which outlines the actions that critical infrastructure stakeholders should take now to prepare for their future migration to the post-quantum cryptographic standard that the National Institute of Standards and Technology (NIST) will publish in 2024.August 22, 2022 - CISA
CISA Adds One Known Exploited Vulnerabilities to Catalog Full Text
Abstract
CISA has added a new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column, which will sort by descending dates.August 20, 2022 - CISA
Updated: KNOWN EXPLOITED VULNERABILITIES CATALOG Full Text
Abstract
KNOWN EXPLOITED VULNERABILITIES CATALOGAugust 18, 2022 - FBI
Proxies and Configurations Used for Credential Stuffing Attacks on Online Customer Accounts Full Text
Abstract
The FBI is highlighting significant details about proxies and configurations used by cyber criminals to mask and automate credential stuffing attacks on US companies, resulting in financial losses associated with fraudulent purchases, customer notifications, system downtime and remediation, as well as reputational damage. Credential stuffing attacks, commonly referred to as account cracking, apply valid username and password combinations, also known as user credentials or “combo lists”, from previously compromised online resources or data leaks.August 13, 2022 - CISA
CYBERSECURITY TOOLKIT TO PROTECT ELECTIONS Full Text
Abstract
As the lead federal agency responsible for national election security, CISA—through the Joint Cyber Defense Collaborative (JCDC)—has compiled a toolkit of free services and tools intended to help state and local government officials, election officials, and vendors enhance the cybersecurity and cyber resilience of U.S. election infrastructure. This toolkit includes free tools, services, and resources provided by CISA, JCDC members, and others across the cybersecurity community.August 11, 2022 - CISA
#StopRansomware: Zeppelin Ransomware Full Text
Abstract
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint CSA to disseminate known Zeppelin ransomware IOCs and TTPs associated with ransomware variants identified through FBI investigations as recently as 21 June 2022.August 5, 2022 - CISA
Updated: KNOWN EXPLOITED VULNERABILITIES CATALOG Full Text
Abstract
KNOWN EXPLOITED VULNERABILITIES CATALOGAugust 4, 2022 - CISA
CISA Adds One Known Exploited Vulnerability to Catalog Full Text
Abstract
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column, which will sort by descending dates.August 2, 2022 - CISA, ACSC
CISA and ACSC Release Top 2021 Malware Strains Full Text
Abstract
CISA and the Australian Cyber Security Centre (ACSC) have published a joint Cybersecurity Advisory on the top malware strains observed in 2021. Malicious cyber actors often use malware to covertly compromise and then gain access to a computer or mobile device. As malicious cyber actors have been using most of these top malware strains for more than five years, organizations have opportunities to better prepare, identify, and mitigate attacks from these strains.August 1, 2022 - FEMA
Emergency Alert System (EAS) Vulnerability Full Text
Abstract
We recently became aware of certain vulnerabilities in EAS encoder/decoder devices that, if not updated to most recent software versions, could allow an actor to issue EAS alerts over the host infrastructure (TV, radio, cable network).July 29, 2022 - CISA
CISA Adds One Known Exploited Vulnerability to Catalog Full Text
Abstract
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: To view the newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column, which will sort by descending dates.July 28, 2022 - FCC
Robotext Scams on the Rise Full Text
Abstract
Robotext scams are on the rise and may even be passing robocalls as a tool for con artists. Like robocalls, texts can be spoofed to mask the originating number and make it appear that the text is coming from a number you’re more likely to trust. Spoofers may opt for a local number, or impersonate a government agency, such as the IRS, or a company you’re familiar with. Scammers use these methods to get you to respond to a text.July 21, 2022 - TSA
TSA revises and reissues cybersecurity requirements for pipeline owners and operators Full Text
Abstract
WASHINGTON – The Transportation Security Administration (TSA) announced the revision and reissuance of its Security Directive regarding oil and natural gas pipeline cybersecurity. This revised directive will continue the effort to build cybersecurity resiliency for the nation’s critical pipelines.July 20, 2022 - CISA
Updated: KNOWN EXPLOITED VULNERABILITIES CATALOG Full Text
Abstract
KNOWN EXPLOITED VULNERABILITIES CATALOGJuly 18, 2022 - FBI
Cyber Criminals Create Fraudulent Cryptocurrency Investment Applications to Defraud US Investors Full Text
Abstract
The FBI is warning financial institutions and investors about cyber criminals creating fraudulent cryptocurrency investment applications (apps) to defraud cryptocurrency investors. The FBI has observed cyber criminals contacting US investors, fraudulently claiming to offer legitimate cryptocurrency investment services, and convincing investors to download fraudulent mobile apps, which the cyber criminals have used with increasing success over time to defraud the investors of their cryptocurrency. The FBI has identified 244 victims and estimates the approximate loss associated with this activity to be $42.7 million. The FBI encourages financial institutions and their customers who suspect they have been defrauded through fake cryptocurrency investment apps to contact the FBI via the Internet Crime Complaint Center or their local FBI field office.July 14, 2022 - CISA
Juniper Networks Releases Security Updates for Multiple Products Full Text
Abstract
Juniper Networks has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.July 12, 2022 - CISA
CISA Adds One Known Exploited Vulnerability to Catalog Full Text
Abstract
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column, which will sort by descending dates.July 11, 2022 - FTC
Location, health, and other sensitive information: FTC committed to fully enforcing the law against illegal use and sharing of highly sensitive data Full Text
Abstract
Among the most sensitive categories of data collected by connected devices are a person’s precise location and information about their health. Smartphones, connected cars, wearable fitness trackers, “smart home” products, and even the browser you’re reading this on are capable of directly observing or deriving sensitive information about users.July 6, 2022 - FBI, CISA, Treasury
North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector Full Text
Abstract
The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Department of the Treasury (Treasury) are releasing this joint Cybersecurity Advisory (CSA) to provide information on Maui ransomware, which has been used by North Korean state-sponsored cyber actors since at least May 2021 to target Healthcare and Public Health (HPH) Sector organizations.July 6, 2022 - CISA
Updated: KNOWN EXPLOITED VULNERABILITIES CATALOG Full Text
Abstract
KNOWN EXPLOITED VULNERABILITIES CATALOGJuly 1, 2022 - CISA
GUIDANCE ON APPLYING JUNE MICROSOFT PATCH TUESDAY UPDATE FOR CVE-2022-26925 Full Text
Abstract
Per CISA’s Binding Operational Directive 22-01, Federal Civilian Executive Branch agencies must apply Microsoft’s June 2022 Patch Tuesday update by July 22, 2022. This update also includes remediations for CVE-2022-26923 and CVE-2022-26931, which changed the way certificates are mapped to accounts in Active Directory.June 30, 2022 - FBI, CISA, FinCEN
StopRansomware: MedusaLocker Full Text
Abstract
The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Department of the Treasury, and the Financial Crimes Enforcement Network (FinCEN) are releasing this CSA to provide information on MedusaLocker ransomware.June 28, 2022 - FBI
Deepfakes and Stolen PII Utilized to Apply for Remote Work Positions Full Text
Abstract
The FBI Internet Crime Complaint Center (IC3) warns of an increase in complaints reporting the use of deepfakes and stolen Personally Identifiable Information (PII) to apply for a variety of remote work and work-at-home positions. Deepfakes include a video, an image, or recording convincingly altered and manipulated to misrepresent someone as doing or saying something that was not actually done or said.June 27, 2022 - CISA
CISA Adds Eight Known Exploited Vulnerabilities to Catalog Full Text
Abstract
CISA has added eight new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column, which will sort by descending dates.June 23, 2022 - CISA, CGCYBER
Malicious Cyber Actors Continue to Exploit Log4Shell in VMware Horizon Systems Full Text
Abstract
The Cybersecurity and Infrastructure Security Agency (CISA) and United States Coast Guard Cyber Command (CGCYBER) are releasing this joint Cybersecurity Advisory (CSA) to warn network defenders that cyber threat actors, including state-sponsored advanced persistent threat (APT) actors, have continued to exploit CVE-2021-44228 (Log4Shell) in VMware Horizon® and Unified Access Gateway (UAG) servers to obtain initial access to organizations that did not apply available patches or workarounds.June 22, 2022 - FTC
Spot extortion scams on LGBTQ+ dating apps Full Text
Abstract
It’s Pride Month and maybe you’re trying to meet someone on an LGBTQ+ dating app. The FTC is hearing about scams targeting people on LGBTQ+ dating apps, like Grindr and Feeld. And they aren’t your typical I-love-you, please-send-money romance scams. They’re extortion scams.June 22, 2022 - CISA
Keeping PowerShell: Measures to Use and Embrace Full Text
Abstract
Cybersecurity authorities from the United States, New Zealand, and the United Kingdom have released a joint Cybersecurity Information Sheet (CIS) on PowerShell. The CIS provides recommendations for proper configuration and monitoring of PowerShell, as opposed to removing or disabling it entirely due to its use by malicious actors after gaining access into victim networks. These recommendations will help defenders detect and prevent abuse by malicious cyber actors, while enabling legitimate use by administrators and defenders.June 9, 2022 - CISA
CISA Adds Three Known Exploited Vulnerabilities to Catalog Full Text
Abstract
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column, which will sort by descending dates.June 8, 2022 - CISA
CISA Adds 36 Known Exploited Vulnerabilities to Catalog Full Text
Abstract
CISA has added 36 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column, which will sort by descending dates.June 7, 2022 - CISA
People’s Republic of China State-Sponsored Cyber Actors Exploit Network Providers and Devices Full Text
Abstract
CISA, the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) have released a joint Cybersecurity Advisory (CSA) to provide information on ways in which People’s Republic of China (PRC) state-sponsored cyber actors continue to exploit publicly known vulnerabilities in order to establish a broad network of compromised infrastructure across public and private sector organizations. The advisory details PRC state-sponsored targeting and compromise of major telecommunications companies and network service providers. It also provides information on the top vulnerabilities associated with network devices routinely exploited by PRC cyber actors since 2020.June 2, 2022 - CISA
Illumina Local Run Manager Full Text
Abstract
Successful exploitation of these vulnerabilities may allow an unauthenticated malicious actor to take control of the affected product remotely and take any action at the operating system level. An attacker could impact settings, configurations, software, or data on the affected product and interact through the affected product with the connected network.June 1, 2022 - FBI, CISA, Treasury, FinCEN
Karakurt Data Extortion Group Full Text
Abstract
The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Department of the Treasury (Treasury), and the Financial Crimes Enforcement Network (FinCEN) are releasing this joint Cybersecurity Advisory (CSA) to provide information on the Karakurt data extortion group, also known as the Karakurt Team and Karakurt Lair. Karakurt actors have employed a variety of tactics, techniques, and procedures (TTPs), creating significant challenges for defense and mitigation.May 31, 2022 - FBI
The FBI Warns of Scammers Soliciting Donations Related to the Crisis in Ukraine Full Text
Abstract
The FBI warns the public of fraudulent schemes seeking donations or other financial assistance related to the crisis in Ukraine.May 26, 2022 - FBI
Compromised US Academic Credentials Identified Across Various Public and Dark Web Forums Full Text
Abstract
The FBI is informing academic partners of identified US college and university credentials advertised for sale on online criminal marketplaces and publically accessible forums. This exposure of sensitive credential and network access information, especially privileged user accounts, could lead to subsequent cyber attacks against individual users or affiliated organizations.May 26, 2022 - CISA
Updated: KNOWN EXPLOITED VULNERABILITIES CATALOG Full Text
Abstract
KNOWN EXPLOITED VULNERABILITIES CATALOGMay 23, 2022 - CISA
CISA Adds 21 Known Exploited Vulnerabilities to Catalog Full Text
Abstract
CISA has added 21 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow on the of the "Date Added to Catalog" column, which will sort by descending dates.May 18, 2022 - CISA
Threat Actors Exploiting F5 BIG-IP CVE-2022-1388 Full Text
Abstract
The Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) are releasing this joint Cybersecurity Advisory (CSA) in response to active exploitation of CVE-2022-1388. This recently disclosed vulnerability in certain versions of F5 Networks, Inc., (F5) BIG-IP enables an unauthenticated actor to gain control of affected systems via the management port or self-IP addresses.May 18, 2022 - CISA
EMERGENCY DIRECTIVE 22-03 MITIGATE VMWARE VULNERABILITIES Full Text
Abstract
Threat actors, including likely advanced persistent threat (APT) actors, are exploiting vulnerabilities (CVE 2022-22954 and CVE 2022-22960) in the following VMware products: VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM), VMware vRealize Automation (vRA), VMware Cloud Foundation, and vRealize Suite Lifecycle Manager. VMware released an update to address these vulnerabilities on April 6, 2022, and threat actors were able to reverse engineer the update and begin exploitation of impacted VMware products that remained unpatched within 48 hours of the update’s release.May 17, 2022 - CISA, the FBI, NSA, CCCS, NCSC-NZ, CERT-NZ, NCSC-NL, and NCSC-UK
[Full Version] Weak Security Controls and Practices Routinely Exploited for Initial Access Full Text
Abstract
Cyber actors routinely exploit poor security configurations (either misconfigured or left unsecured), weak controls, and other poor cyber hygiene practices to gain initial access or as part of other tactics to compromise a victims’ system. This joint Cybersecurity Advisory identifies commonly exploited controls and practices and includes best practices to mitigate the issues.May 16, 2022 - U.S. DEPARTMENT of STATE, U.S. DEPARTMENT OF THE TREASURY, FBI
[Full Version] Guidance on the Democratic People’s Republic of Korea Information Technology Workers Full Text
Abstract
The U.S. Department of State, the U.S. Department of the Treasury, and the Federal Bureau of Investigation (FBI) are issuing this advisory for the international community, the private sector, and the public to warn of attempts by Democratic People’s Republic of Korea (DPRK, a.k.a. North Korea) information technology (IT) workers to obtain employment while posing as non-North Korean nationals.May 16, 2022 - U.S. DEPARTMENT of STATE, U.S. DEPARTMENT OF THE TREASURY, FBI
Guidance on the Democratic People’s Republic of Korea Information Technology Workers Full Text
Abstract
The U.S. Department of State, the U.S. Department of the Treasury, and the Federal Bureau of Investigation issued a joint advisory to alert the international community, the private sector, and the public to attempts by the Democratic People’s Republic of Korea (DPRK) and remote DPRK information technology (IT) workers to obtain employment while posing as non-DPRK nationals.May 16, 2022 - CISA
Weak Security Controls and Practices Routinely Exploited for Initial Access Full Text
Abstract
Cyber actors routinely exploit poor security configurations (either misconfigured or left unsecured), weak controls, and other poor cyber hygiene practices to gain initial access or as part of other tactics to compromise a victim’s system. This joint Cybersecurity Advisory identifies commonly exploited controls and practices and includes best practices to mitigate the issues.May 16, 2022 - FBI
[Full Version] Cyber Actors Scrape Credit Card Data from US Business Online Checkout Page and Maintain Persistence by Injecting Malicious PHP Code Full Text
Abstract
As of January 2022, unidentified cyber actors unlawfully scraped credit card data from a US business by injecting malicious PHP Hypertext Preprocessor (PHP) code into the business’ online checkout page and sending the scraped data to an actor-controlled server that spoofed a legitimate card processing server. The unidentified cyber actors also established backdoor access to the victim’s system by modifying two files within the checkout page. The FBI has identified and is sharing new indicators of compromise (IOCs), which may assist in network defense.May 16, 2022 - FBI
Cyber Actors Scrape Credit Card Data from US Business Online Checkout Page and Maintain Persistence by Injecting Malicious PHP Code Full Text
Abstract
As of January 2022, unidentified cyber actors unlawfully scraped credit card data from a US business by injecting malicious PHP Hypertext Preprocessor (PHP) code into the business’ online checkout page and sending the scraped data to an actor-controlled server that spoofed a legitimate card processing server. The unidentified cyber actors also established backdoor access to the victim’s system by modifying two files within the checkout page. The FBI has identified and is sharing new indicators of compromise (IOCs), which may assist in network defense.May 13, 2022 - CISA
CISA Temporarily Removes CVE-2022-26925 from Known Exploited Vulnerability Catalog Full Text
Abstract
CISA is temporarily removing CVE-2022-26925 from its Known Exploited Vulnerability Catalog due to a risk of authentication failures when the May 10, 2022 Microsoft rollup update is applied to domain controllers.May 11, 2022 - CISA
CYBERUK22 Jen Easterly, Director, Cybersecurity and Infrastructure Security Agency – Full Keynote Full Text
Abstract
"Will we lead on the development of smart tech and the growth of smart cities in a way that is not just secure by design but engineered for privacy by design?," asked Easterly, speaking via video at the National Cyber Security Centre's (NCSC) Cyber UK conference in Newport, Wales.May 11, 2022 - NCSC-UK, ACSC, CCCS, NCSC-NZ, CISA, NSA, FBI
Protecting Against Cyber Threats to Managed Service Providers and their Customers Full Text
Abstract
The cybersecurity authorities of the United Kingdom (NCSC-UK), Australia (ACSC), Canada (CCCS), New Zealand (NCSC-NZ), and the United States (CISA), (NSA), (FBI) are aware of recent reports that observe an increase in malicious cyber activity targeting managed service providers (MSPs) and expect this trend to continue.[1]May 10, 2022 - CISA
CISA Adds One Known Exploited Vulnerability to Catalog Full Text
Abstract
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerability in the catalog, click on the arrow on the of the "Date Added to Catalog" column, which will sort by descending dates.May 10, 2022 - CISA
SHIELDS UP Full Text
Abstract
Russia’s invasion of Ukraine could impact organizations both within and beyond the region, to include malicious cyber activity against the U.S. homeland, including as a response to the unprecedented economic costs imposed on Russia by the U.S. and our allies and partners. Evolving intelligence indicates that the Russian Government is exploring options for potential cyberattacks. Every organization—large and small—must be prepared to respond to disruptive cyber incidents. As the nation’s cyber defense agency, CISA stands ready to help organizations prepare for, respond to, and mitigate the impact of cyberattacks. When cyber incidents are reported quickly, we can use this information to render assistance and as warning to prevent other organizations and entities from falling victim to a similar attack.May 5, 2022 - NIST
NIST Updates Cybersecurity Guidance for Supply Chain Risk Management Full Text
Abstract
A vulnerable spot in global commerce is the supply chain: It enables technology developers and vendors to create and deliver innovative products but can leave businesses, their finished wares, and ultimately their consumers open to cyberattacks. A new update to the National Institute of Standards and Technology’s (NIST’s) foundational cybersecurity supply chain risk management (C-SCRM) guidance aims to help organizations protect themselves as they acquire and use technology products and services.May 4, 2022 - White House
National Security Memorandum on Promoting United States Leadership in Quantum Computing While Mitigating Risks to Vulnerable Cryptographic Systems Full Text
Abstract
This memorandum outlines my Administration’s policies and initiatives related to quantum computing. It identifies key steps needed to maintain the Nation’s competitive advantage in quantum information science (QIS), while mitigating the risks of quantum computers to the Nation’s cyber, economic, and national security.May 4, 2022 - FBI
Business Email Compromise: The $43 Billion Scam Full Text
Abstract
Business Email Compromise/Email Account Compromise (BEC/EAC) is a sophisticated scam that targets both businesses and individuals who perform legitimate transfer-of-funds requests.April 27, 2022 - CISA, NSA, FBI, ACSC, CCCS, NZ NCSC, NCSC-UK
2021 Top Routinely Exploited Vulnerabilities Full Text
Abstract
This joint Cybersecurity Advisory (CSA) was coauthored by cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom: the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), New Zealand National Cyber Security Centre (NZ NCSC), and United Kingdom’s National Cyber Security Centre (NCSC-UK). This advisory provides details on the top 15 Common Vulnerabilities and Exposures (CVEs) routinely exploited by malicious cyber actors in 2021, as well as other CVEs frequently exploited.April 27, 2022 - CISA
Updated: KNOWN EXPLOITED VULNERABILITIES CATALOG Full Text
Abstract
KNOWN EXPLOITED VULNERABILITIES CATALOGApril 20, 2022 - FBI
Ransomware Attacks on Agricultural Cooperatives Potentially Timed to Critical Seasons Full Text
Abstract
The Federal Bureau of Investigation (FBI) is informing Food and Agriculture (FA) sector partners that ransomware actors may be more likely to attack agricultural cooperatives during critical planting and harvest seasons, disrupting operations, causing financial loss, and negatively impacting the food supply chain.April 19, 2022 - FBI
BlackCat/ALPHV Ransomware Indicators of Compromise Full Text
Abstract
This FLASH is part of a series of FBI reports to disseminate known indicators of compromise (IOCs) and tactics, techniques and procedures (TTPs) associated with ransomware variants identified through FBI investigations. As of March 2022, BlackCat/ALPHV ransomware as a service (RaaS) had compromised at least 60 entities worldwide and is the first ransomware group to do so successfully using RUST, considered to be a more secure programming language that offers improved performance and reliable concurrent processing.April 19, 2022 - CISA
Updated: KNOWN EXPLOITED VULNERABILITIES CATALOG Full Text
Abstract
KNOWN EXPLOITED VULNERABILITIES CATALOGApril 18, 2022 - CISA, FBI, Treasury
TraderTraitor: North Korean State-Sponsored APT Targets Blockchain Companies Full Text
Abstract
The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the U.S. Treasury Department (Treasury) are issuing this joint Cybersecurity Advisory (CSA) to highlight the cyber threat associated with cryptocurrency thefts and tactics used by a North Korean state-sponsored advanced persistent threat (APT) group since at least 2020. This group is commonly tracked by the cybersecurity industry as Lazarus Group, APT38, BlueNoroff, and Stardust Chollima. For more information on North Korean state-sponsored malicious cyber activity, visit https://www.us-cert.cisa.gov/northkorea.April 14, 2022 - FBI
Cybercriminals Trick Victims into Transferring Funds to “Reverse” Instant Payments Full Text
Abstract
Cybercriminals are targeting victims by sending text messages with what appear to be bank fraud alerts asking if the customer initiated an instant money transfer using digital payment applications (apps). Once the victim responds to the alert, the cybercriminal then calls from a number which appears to match the financial institution's legitimate 1-800 support number. Under the pretext of reversing the fake money transfer, victims are swindled into sending payment to bank accounts under the control of the cyber actors.April 13, 2022 - DOE, CISA, NSA
APT Cyber Tools Targeting ICS/SCADA Devices Full Text
Abstract
The Department of Energy (DOE), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) are releasing this joint Cybersecurity Advisory (CSA) to warn that certain advanced persistent threat (APT) actors have exhibited the capability to gain full system access to multiple industrial control system (ICS)/supervisory control and data acquisition (SCADA) devices, including:April 11, 2022 - CISA
CISA Adds Eight Known Exploited Vulnerabilities to Catalog Full Text
Abstract
CISA has added eight new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow on the of the "Date Added to Catalog" column, which will sort by descending dates.March 29, 2022 - FBI
Cyber Actors Target US Election Officials with Invoice-Themed Phishing Campaign to Harvest Credentials Full Text
Abstract
The FBI is warning US election and other state and local government officials about invoicethemed phishing emails that could be used to harvest officials’ login credentials. If successful, this activity may provide cyber actors with sustained, undetected access to a victim’s systems. As of October 2021, US election officials in at least nine states received invoice-themed phishing emails containing links to websites intended to steal login credentials. These emails shared similar attachment files, used compromised email addresses, and were sent close in time, suggesting a concerted effort to target US election officials.March 29, 2022 - CISA
Mitigating Attacks Against Uninterruptable Power Supply Devices Full Text
Abstract
CISA and the Department of Energy (DOE) are aware of threat actors gaining access to a variety of internet-connected uninterruptable power supply (UPS) devices, often through unchanged default usernames and passwords. Organizations can mitigate attacks against their UPS devices, which provide emergency power in a variety of applications when normal power sources are lost, by removing management interfaces from the internet.March 28, 2022 - CISA
Updated: KNOWN EXPLOITED VULNERABILITIES CATALOG Full Text
Abstract
Updated: KNOWN EXPLOITED VULNERABILITIES CATALOGMarch 24, 2022 - CISA, FBI, DOE
Tactics, Techniques, and Procedures of Indicted State-Sponsored Russian Cyber Actors Targeting the Energy Sector Full Text
Abstract
This joint Cybersecurity Advisory (CSA)—coauthored by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Energy (DOE)—provides information on multiple intrusion campaigns conducted by state-sponsored Russian cyber actors from 2011 to 2018 and targeted U.S. and international Energy Sector organizations. CISA, the FBI, and DOE responded to these campaigns with appropriate action in and around the time that they occurred. CISA, the FBI, and DOE are sharing this information in order to highlight historical tactics, techniques, and procedures (TTPs) used by adversaries to target U.S. and international Energy Sector organizations.March 21, 2022 - The White House
FACT SHEET: Act Now to Protect Against Potential Cyberattacks Full Text
Abstract
The Biden-Harris Administration has warned repeatedly about the potential for Russia to engage in malicious cyber activity against the United States in response to the unprecedented economic sanctions we have imposed. There is now evolving intelligence that Russia may be exploring options for potential cyberattacks.March 21, 2022 - The White House
Statement by President Biden on our Nation’s Cybersecurity Full Text
Abstract
This is a critical moment to accelerate our work to improve domestic cybersecurity and bolster our national resilience. I have previously warned about the potential that Russia could conduct malicious cyber activity against the United States, including as a response to the unprecedented economic costs we’ve imposed on Russia alongside our allies and partners.March 17, 2022 - FBI, US Treasury, The Department of The Treasury
Indicators of Compromise Associated with AvosLocker Ransomware Full Text
Abstract
AvosLocker is a Ransomware as a Service (RaaS) affiliate-based group that has targeted victims across multiple critical infrastructure sectors in the United States including, but not limited to, the Financial Services, Critical Manufacturing, and Government Facilities sectors. AvosLocker claims to directly handle ransom negotiations, as well as the publishing and hosting of exfiltrated victim data after their affiliates infect targets. As a result, AvosLocker indicators of compromise (IOCs) vary between indicators specific to AvosLocker malware and indicators specific to the individual affiliate responsible for the intrusion.March 17, 2022 - CISA, FBI
Strengthening Cybersecurity of SATCOM Network Providers and Customers Full Text
Abstract
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are aware of possible threats to U.S. and international satellite communication (SATCOM) networks. Successful intrusions into SATCOM networks could create risk in SATCOM network providers’ customer environments.March 15, 2022 - CISA
Russian State-Sponsored Cyber Actors Gain Network Access by Exploiting Default Multifactor Authentication Protocols and “PrintNightmare” Vulnerability Full Text
Abstract
The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint Cybersecurity Advisory (CSA) to warn organizations that Russian state-sponsored cyber actors have gained network access through exploitation of default MFA protocols and a known vulnerabilityMarch 9, 2022 - CISA
Conti Ransomware Full Text
Abstract
Conti cyber threat actors remain active and reported Conti ransomware attacks against U.S. and international organizations have risen to more than 1,000. Notable attack vectors include Trickbot and Cobalt Strike (see below for details).March 9, 2022 - CISA
RagnarLocker Ransomware Indicators of Compromise Full Text
Abstract
Conti cyber threat actors remain active and reported Conti ransomware attacks against U.S. and international organizations have risen to more than 1,000. Notable attack vectors include Trickbot and Cobalt Strike (see below for details).March 7, 2022 - FBI
RagnarLocker Ransomware Indicators of Compromise Full Text
Abstract
The FBI first became aware of RagnarLocker in April 2020 and subsequently produced a FLASH to disseminate known indicators of compromise (IOCs) at that time. This FLASH provides updated and additional IOCs to supplement that report. As of January 2022, the FBI has identified at least 52 entities across 10 critical infrastructure sectors affected by RagnarLocker ransomware, including entities in the critical manufacturing, energy, financial services, government, and information technology sectors. RagnarLocker ransomware actors work as part of a ransomware family1, frequently changing obfuscation techniques to avoid detection and prevention.March 7, 2022 - FBI
FBI Warns of the Impersonation of Law Enforcement and Government Officials Full Text
Abstract
The FBI is warning the public of ongoing widespread fraud schemes in which scammers impersonate law enforcement or government officials in attempts to extort money or steal personally identifiable information.March 4, 2022 - CISA
Update: KNOWN EXPLOITED VULNERABILITIES CATALOG Full Text
Abstract
KNOWN EXPLOITED VULNERABILITIES CATALOGMarch 3, 2022 - CISA
CISA Adds 95 Known Exploited Vulnerabilities to Catalog Full Text
Abstract
CISA Adds 95 Known Exploited Vulnerabilities to CatalogFebruary 26, 2022 - CISA
Destructive Malware Targeting Organizations in Ukraine Full Text
Abstract
Leading up to Russia’s unprovoked attack against Ukraine, threat actors deployed destructive malware against organizations in Ukraine to destroy computer systems and render them inoperable.February 24, 2022 - CISA
Schneider Electric Easergy P5 and P3 Full Text
Abstract
Successful exploitation of these vulnerabilities may disclose device credentials, cause a denial-of-service condition, device reboot, or allow an attacker to gain full control of the relay. This could result in loss of protection to your electrical network.February 22, 2022 - CISA
CISA Adds Two Known Exploited Vulnerabilities to Catalog Full Text
Abstract
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise.February 21, 2022 - CISA
FREE CYBERSECURITY SERVICES AND TOOLS Full Text
Abstract
As part of our continuing mission to reduce cybersecurity risk across U.S. critical infrastructure partners and state, local, tribal, and territorial governments, CISA has compiled a list of free cybersecurity tools and services to help organizations further advance their security capabilities. This living repository includes cybersecurity services provided by CISA, widely used open source tools, and free tools and services offered by private and public sector organizations across the cybersecurity community. CISA will implement a process for organizations to submit additional free tools and services for inclusion on this list in the future.February 18, 2022 - CISA
CISA Insights: Foreign Influence Operations Targeting Critical Infrastructure Full Text
Abstract
CISA has released CISA Insights: Preparing for and Mitigating Foreign Influence Operations Targeting Critical Infrastructure, which provides proactive steps organizations can take to assess and mitigate risks from information manipulation. Malicious actors may use tactics—such as misinformation, disinformation, and malinformation—to shape public opinion, undermine trust, and amplify division, which can lead to impacts to critical functions and services across multiple sectors.February 16, 2022 - FBI, NSA, CISA
Russian State-Sponsored Cyber Actors Target Cleared Defense Contractor Networks to Obtain Sensitive U.S. Defense Information and Technology Full Text
Abstract
From at least January 2020, through February 2022, the Federal Bureau of Investigation (FBI), National Security Agency (NSA), and Cybersecurity and Infrastructure Security Agency (CISA) have observed regular targeting of U.S. cleared defense contractors (CDCs) by Russian state-sponsored cyber actors. The actors have targeted both large and small CDCs and subcontractors with varying levels of cybersecurity protocols and resources.February 16, 2022 - FBI
Business Email Compromise: Virtual Meeting Platforms Full Text
Abstract
Business Email Compromise/Email Account Compromise (BEC/EAC) is a sophisticated scam that targets both businesses and individuals who perform legitimate transfer-of-funds requests.February 15, 2022 - CISA
CISA Adds Nine Known Exploited Vulnerabilities to Catalog Full Text
Abstract
CISA has added nine new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise.February 13, 2022 - CISA
SHIELDS UP - Every organization in the United States is at risk from cyber threats that can disrupt essential services and potentially result in impacts to public safety Full Text
Abstract
Notably, the Russian government has used cyber as a key component of their force projection over the last decade, including previously in Ukraine in the 2015 timeframe. The Russian government understands that disabling or destroying critical infrastructure—including power and communications—can augment pressure on a country’s government, military and population and accelerate their acceding to Russian objectives.February 11, 2022 - FBI
Indicators of Compromise Associated with BlackByte Ransomware Full Text
Abstract
This joint Cybersecurity Advisory was developed by the Federal Bureau of Investigation (FBI) and the U.S. Secret Service (USSS) to provide information on BlackByte ransomware. As of November 2021, BlackByte ransomware had compromised multiple US and foreign businesses, including entities in at least three US critical infrastructure sectors (government facilities, financial, and food & agriculture). BlackByte is a Ransomware as a Service (RaaS) group that encrypts files on compromised Windows host systems, including physical and virtual servers.February 11, 2022 - CISA
CISA Adds One Known Exploited Vulnerability to Catalog Full Text
Abstract
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerability listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise.February 9, 2022 - FBI, CISA, NSA
2021 Trends Show Increased Globalized Threat of Ransomware Full Text
Abstract
In 2021, cybersecurity authorities in the United States,[1][2][3] Australia,[4] and the United Kingdom[5] observed an increase in sophisticated, high-impact ransomware incidents against critical infrastructure organizations globally.February 8, 2022 - FBI
Criminals Increasing SIM Swap Schemes to Steal Millions of Dollars from US Public Full Text
Abstract
The Federal Bureau of Investigation is issuing this announcement to inform mobile carriers and the public of the increasing use of Subscriber Identity Module (SIM) swapping by criminals to steal money from fiat and virtual currency accounts.February 8, 2022 - CISA
Critical Vulnerabilities Affecting SAP Applications Employing Internet Communication Manager (ICM) Full Text
Abstract
On February 8, 2022, SAP released security updates to address vulnerabilities affecting multiple products, including critical vulnerabilities affecting SAP applications using SAP Internet Communication Manager (ICM).February 4, 2022 - FBI
Indicators of Compromise Associated with LockBit 2.0 Ransomware Full Text
Abstract
LockBit 2.0 operates as an affiliate-based Ransomware-as-a-Service (RaaS) and employs a wide variety of tactics, techniques, and procedures (TTPs), creating significant challenges for defense and mitigation. LockBit 2.0 ransomware compromises victim networks through a variety of techniques, including, but not limited to, purchased access, unpatched vulnerabilities, insider access, and zero day exploits.February 4, 2022 - CISA
CISA Adds One Known Exploited Vulnerability to Catalog Full Text
Abstract
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise.February 3, 2022 - CISA
Airspan Networks Mimosa Full Text
Abstract
Successful exploitation of these vulnerabilities could allow an attacker to gain user data (including organization details) and other sensitive data, compromise Mimosa’s AWS (Amazon Web Services) cloud EC2 instance and S3 Buckets, and execute unauthorized remote code on all cloud-connected Mimosa devices.February 1, 2022 - FBI
Scammers Exploit Security Weaknesses on Job Recruitment Websites to Impersonate Legitimate Businesses, Threatening Company Reputation and Defrauding Job Seekers Full Text
Abstract
The FBI warns that malicious actors or ‘scammers' continue to exploit security weaknesses on job recruitment websites to post fraudulent job postings in order to trick applicants into providing personal information or money. These scammers lend credibility to their scheme by using legitimate information to imitate businesses, threatening reputational harm for the business and financial loss for the job seeker.January 31, 2022 - FBI
Potential for Malicious Cyber Activities to Disrupt the 2022 Beijing Winter Olympics and Paralympics Full Text
Abstract
The FBI is warning entities associated with the February 2022 Beijing Winter Olympics and March 2022 Paralympics that cyber actors could use a broad range of cyber activities to disrupt these events.January 31, 2022 - CISA
Updated: KNOWN EXPLOITED VULNERABILITIES CATALOG Full Text
Abstract
KNOWN EXPLOITED VULNERABILITIES CATALOGJanuary 27, 2022 - CISA
FBI Releases PIN on Iranian Cyber Group Emennet Pasargad Full Text
Abstract
The Federal Bureau of Investigation (FBI) has released a Private Industry Notification (PIN) that provides a historical overview of Iran-based cyber company Emennet Pasargad’s tactics, techniques, and procedures to enable readers to identify and defend against the group’s malicious cyber activities.January 26, 2022 - FBI
Context and Recommendations to Protect Against Malicious Activity by Iranian Cyber Group Emennet Pasargad Full Text
Abstract
Starting in August 2020, Emennet Pasargad actors conducted a multi-faceted campaign to interfere in the 2020 US presidential election. As part of this campaign, the actors obtained confidential U.S. voter information from at least one state election websiteJanuary 21, 2022 - CISA
Update: KNOWN EXPLOITED VULNERABILITIES CATALOG Full Text
Abstract
The ExceptionDelegator component in Apache Struts 2 before 2.2.3.1 contains an improper input validation vulnerability which allows for remote code execution.January 20, 2022 - WATER ISAC
Ransomware Roundup – BlackCat, White Rabbit, Avaddon, and Diavol Full Text
Abstract
Ransomware threat actors continue to terrorize organizations across the world and when one group is shutdown another seemingly appears. It’s no surprise that last year saw a lot of ransomware activity.January 19, 2022 - FBI
Indicators of Compromise Associated with Diavol Ransomware Full Text
Abstract
The FBI first learned of Diavol ransomware in October 2021. Diavol is associated with developers from the Trickbot Group, who are responsible for the Trickbot Banking Trojan. Diavol encrypts files solely using an RSA encryption key, and its code is capable of prioritizing file types to encrypt based on a pre-configured list of extensions defined by the attacker.January 18, 2022 - FBI
Cybercriminals Tampering with QR Codes to Steal Victim Funds Full Text
Abstract
The FBI is issuing this announcement to raise awareness of malicious Quick Response (QR) codes. Cybercriminals are tampering with QR codes to redirect victims to malicious sites that steal login and financial information.January 18, 2022 - CISA
CISA Urges Organizations to Implement Immediate Cybersecurity Measures to Protect Against Potential Threats Full Text
Abstract
In response to recent malicious cyber incidents in Ukraine—including the defacement of government websites and the presence of potentially destructive malware on Ukrainian systems—CISA has published CISA Insights: Implement Cybersecurity Measures Now to Protect Against Potential Critical Threats.January 11, 2022 - CISA, FBI, NSA
CISA, FBI, and NSA Release Cybersecurity Advisory on Russian Cyber Threats to U.S. Critical Infrastructure Full Text
Abstract
CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have released a joint Cybersecurity Advisory (CSA) that provides an overview of Russian state-sponsored cyber operations, including commonly observed tactics, techniques, and procedures. The CSA also provides detection actions, incident response guidance, and mitigations. CISA, the FBI, and NSA are releasing the joint CSA to help the cybersecurity community reduce the risk presented by Russian state-sponsored cyber threats.January 11, 2022 - CISA, FBI, NSA
Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure Full Text
Abstract
This joint Cybersecurity Advisory (CSA)—authored by the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and National Security Agency (NSA)—is part of our continuing cybersecurity mission to warn organizations of cyber threats and help the cybersecurity community reduce the risk presented by these threats.January 10, 2022 - CISA
CISA Adds 15 Known Exploited Vulnerabilities to Catalog Full Text
Abstract
CISA has added 15 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise.January 7, 2022 - NCSC, DOS
Protect Yourself: Commercial Surveillance Tools Full Text
Abstract
Companies and individuals have been selling commercial surveillance tools to governments and other entities that have used them for malicious purposes. Journalists, dissidents, and other persons around the world have been targeted and tracked using these tools, which allow malign actors to infect mobile and internet-connected devices with malware over both WiFi and cellular data connections.January 5, 2022 - New York Attorney General
Attorney General James Alerts 17 Companies to “Credential Stuffing” Cyberattacks Impacting More Than 1.1 Million Consumers Full Text
Abstract
NEW YORK – New York Attorney General Letitia James today announced the results of a sweeping investigation into “credential stuffing” that discovered more than 1.1 million online accounts compromised in cyberattacks at 17 well-known companies.January 5, 2022 - NHS
Log4Shell Vulnerabilities in VMware Horizon Targeted to Install Web Shells Full Text
Abstract
Attackers are actively targeting Log4Shell vulnerabilities in VMware Horizon servers in an effort to establish web shells.January 4, 2022 - FTC
FTC warns companies to remediate Log4j security vulnerability Full Text