Alerts 2023
December 18, 2023 - CISA
#StopRansomware: Play Ransomware Full Text
Abstract
his joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to see all #StopRansomware advisories and to learn more about other ransomware threats and no-cost resources.December 15, 2023 - National Intelligence, NSA …
Securing the Software Supply Chain: Recommended Practices for Managing Open-Source Software and Software Bill of Materials Full Text
Abstract
Cyberattacks target an enterprise’s use of cyberspace to disrupt, disable, destroy, or maliciously control a computing environment or infrastructure, destroy the integrity of the data, or steal controlled information.December 15, 2023 - Microsoft
Storm-0539 Full Text
Abstract
Microsoft has observed a significant surge in activity associated with the threat actor Storm-0539, known to target retail organizations for gift card fraud and theft using highly sophisticated email and SMS phishing during the holiday shopping season.December 12, 2023 - Microsoft
Threat actors misuse OAuth applications to automate financially driven attacks Full Text
Abstract
Threat actors are misusing OAuth applications as an automation tool in financially motivated attacks. OAuth is an open standard for token-based authentication and authorization that enables applications to get access to data and resources based on permissions set by a user. Threat actors compromise user accounts to create, modify, and grant high privileges to OAuth applications that they can misuse to hide malicious activity. The misuse of OAuth also enables threat actors to maintain access to applications even if they lose access to the initially compromised account.December 11, 2023 - National Intelligence Council
Foreign Threats to the 2022 US Elections Full Text
Abstract
Both Russia and China attempted to influence the 2022 U.S. midterms but did not successfully hack into the country’s election infrastructure or otherwise disrupt voting, the U.S. intelligence community said on Monday.December 11, 2023 - FCC
FCC Reminds Carriers to Prevent SIM Fraud Schemes Full Text
Abstract
FCC Enforcement Advisory - Telecommunications Carriers Must Protect Consumers' Privacy and Sensitive Data by Taking Reasonable Steps to Prevent SIM Fraud Schemeas.December 7, 2023 - ENISA
CISA and ENISA enhance their Cooperation Full Text
Abstract
The European Union Agency for Cybersecurity (ENISA) has signed a Working Arrangement with the Cybersecurity and Infrastructure Security Agency (CISA) of the US, in the areas of capacity-building, best practices exchange and boosting situational awareness.December 5, 2023 - CISA
CISA Releases Advisory on Threat Actors Exploiting CVE-2023-26360 Vulnerability in Adobe ColdFusion Full Text
Abstract
Today, CISA released a Cybersecurity Advisory (CSA), Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers, to disseminate known indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs). The vulnerability in ColdFusion (CVE-2023-26360) presents as an improper access control issue and exploitation of this CVE can result in arbitrary code execution.December 1, 2023 - Microsoft
Microsoft has detected Danabot (Storm-1044) infections leading to hands-on-keyboard activity by ransomware operator Storm-0216 Full Text
Abstract
Microsoft has detected Danabot (Storm-1044) infections leading to hands-on-keyboard activity by ransomware operator Storm-0216 (Twisted Spider, UNC2198), culminating in the deployment of Cactus ransomware. In this campaign, Danabot is distributed via malvertising.November 28, 2023 - CISA
Exploitation of Unitronics PLCs used in Water and Wastewater Systems Full Text
Abstract
CISA is responding to active exploitation of Unitronics programmable logic controllers (PLCs) used in the Water and Wastewater Systems (WWS) Sector. Cyber threat actors are targeting PLCs associated with WWS facilities, including an identified Unitronics PLC, at a U.S. water facility. In response, the affected municipality’s water authority immediately took the system offline and switched to manual operations—there is no known risk to the municipality’s drinking water or water supply.November 26, 2023 - CISA
CISA and UK NCSC Unveil Joint Guidelines for Secure AI System Development Full Text
Abstract
Today, in a landmark collaboration, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the UK National Cyber Security Centre (NCSC) are proud to announce the release of the Guidelines for Secure AI System Development. Co-sealed by 23 domestic and international cybersecurity organizations, this publication marks a significant step in addressing the intersection of artificial intelligence (AI), cybersecurity, and critical infrastructure.November 23, 2023 - NIS, NCSC
ROK-UK Joint Cyber Security Advisory(DPRK actors conduct S/W supply chain attacks) Full Text
Abstract
The National Intelligence Service (NIS) of the Republic of Korea (ROK) and the National Cyber Security Centre (NCSC) of the United Kingdom (UK) have identified Democratic People’s Republic of Korea (DPRK) state-linked cyber actors targeting software supply chain products, widely used by government organisations, financial institutions and defence industry companies globally.November 22, 2023 - CISA
Mitigation Guide: Healthcare and Public Health (HPH) Sector Full Text
Abstract
This Cybersecurity and Infrastructure Security Agency (CISA) Mitigation Guide offers recommendations and best practices to combat pervasive cyber threats affecting the Healthcare and Public Health (HPH) Sector. Identified vulnerabilities in organizations across the HPH Sector present opportunities to mitigate risks before intrusions occur. Unmitigated vulnerabilities increase the likelihood of threat actors successfully employing malicious tactics, techniques, and procedures (TTPs) against HPH organizations.November 17, 2023 - CISA
CISA ROADMAP FOR ARTIFICIAL INTELLIGENCE Full Text
Abstract
As noted in the landmark Executive Order 14110, “Safe, Secure, And Trustworthy Development and Use of Artificial Intelligence (AI),” signed by the President on October 30, 2023, “AI must be safe and secure .” As the nation’s cyber defense agency and the national coordinator for critical infrastructure security and resilience, CISA will play a key role in addressing and managing risks at the nexus of AI, cybersecurity, and critical infrastructure.November 16, 2023 - CISA
FBI and CISA Release Advisory on Scattered Spider Group Full Text
Abstract
Today, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released a joint Cybersecurity Advisory (CSA) on Scattered Spider—a cybercriminal group targeting commercial facilities sectors and subsectors. The advisory provides tactics, techniques, and procedures (TTPs) obtained through FBI investigations as recently as November 2023.November 15, 2023 - FCC
FCC ADOPTS RULES TO PROTECT CONSUMERS’ CELL PHONE ACCOUNTS Full Text
Abstract
WASHINGTON, November 15, 2023—The Federal Communications Commission today adopted new rules to protect consumers against scams that aim to commandeer their cell phone accounts. The rules will help protect consumers from scammers who target data and personal information by covertly swapping SIM cards to a new device or porting phone numbers to a new carrier without ever gaining physical control of a consumer’s phone. These updated rules will help protect consumers from SIM swapping scams and port-out fraud while maintaining their well-established freedom to pick their preferred device and provider.November 15, 2023 - CISA, FBI, MS-ISAC
CISA, FBI, and MS-ISAC Release Advisory on Rhysida Ransomware Full Text
Abstract
Today, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint Cybersecurity Advisory (CSA), #StopRansomware: Rhysida Ransomware, to disseminate known Rhysida ransomware indicators of compromise (IOCs), detection methods, and tactics, techniques, and procedures (TTPs) identified through investigations as recently as September 2023.November 13, 2023 - CISA, FBI
StopRansomware: Royal Ransomware Full Text
Abstract
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint CSA to disseminate known Royal ransomware IOCs and TTPs identified through FBI threat response activities as recently as June 2023.November 13, 2023 - CISA, FBI
StopRansomware: Royal Ransomware Full Text
Abstract
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint CSA to disseminate known Royal ransomware IOCs and TTPs identified through FBI threat response activities as recently as June 2023.November 9, 2023 - Microsoft Threat Intelligence
Sapphire Sleet Full Text
Abstract
The threat actor that Microsoft tracks as Sapphire Sleet, known for cryptocurrency theft via social engineering, has in the past few weeks created new websites masquerading as skills assessment portals, marking a shift in the persistent actor’s tactics.November 8, 2023 - CISA
CISA Adds One Known Exploited Vulnerability to Catalog Full Text
Abstract
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view other newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column—which will sort by descending dates.November 6, 2023 - president of republic of korea
Korea, the U.S. and Japan agree to establish a high-level cyber consultative body Full Text
Abstract
The National Security Office decided to establish a high-level cyber consultative body between Korea, the United States, and Japan and proceed with practical work to implement the Camp David Agreement last August.October 30, 2023 - Treasury Board of Canada Secretariat, Canada
Minister Anand announces a ban on the use of WeChat and Kaspersky suite of applications on government mobile devices Full Text
Abstract
Today, the President of the Treasury Board, Anita Anand, announced a ban on the use of the WeChat and Kaspersky suite of applications on government-issued mobile devices. The Government of Canada is committed to keeping government information and networks secure. We regularly monitor potential threats and take immediate action to address risks.October 30, 2023 - White House
Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence Full Text
Abstract
Section 1. Purpose. Artificial intelligence (AI) holds extraordinary potential for both promise and peril. Responsible AI use has the potential to help solve urgent challenges while making our world more prosperous, productive, innovative, and secure. At the same time, irresponsible use could exacerbate societal harms such as fraud, discrimination, bias, and disinformation; displace and disempower workers; stifle competition; and pose risks to national security. Harnessing AI for good and realizing its myriad benefits requires mitigating its substantial risks. This endeavor demands a society-wide effort that includes government, the private sector, academia, and civil society.October 27, 2023 - CISA
CISA Announces Launch of Logging Made Easy Full Text
Abstract
Today, CISA announces the launch of a new version of Logging Made Easy (LME), a straightforward log management solution for Windows-based devices that can be downloaded and self-installed for free. CISA’s version reimagines technology developed by the United Kingdom’s National Cyber Security Centre (NCSC), making it available to a wider audience.October 25, 2023 - Microsoft
Octo Tempest crosses boundaries to facilitate extortion, encryption, and destruction Full Text
Abstract
Microsoft has been tracking activity related to the financially motivated threat actor Octo Tempest, whose evolving campaigns represent a growing concern for organizations across multiple industries. Octo Tempest leverages broad social engineering campaigns to compromise organizations across the globe with the goal of financial extortion. With their extensive range of tactics, techniques, and procedures (TTPs), the threat actor, from our perspective, is one of the most dangerous financial criminal groups.October 25, 2023 - Microsoft
Octo Tempest crosses boundaries to facilitate extortion, encryption, and destruction Full Text
Abstract
Microsoft has been tracking activity related to the financially motivated threat actor Octo Tempest, whose evolving campaigns represent a growing concern for organizations across multiple industries. Octo Tempest leverages broad social engineering campaigns to compromise organizations across the globe with the goal of financial extortion. With their extensive range of tactics, techniques, and procedures (TTPs), the threat actor, from our perspective, is one of the most dangerous financial criminal groups.October 23, 2023 - COMMONWEALTH OF AUSTRALIA
Mr Squire: A large proportion of inverters installed in Australia are coming out of China and Austria, in terms of Fronius. I would have to take the exact percentages on notice. Full Text
Abstract
What have been the considerations and the reviews looking at where these inverters have originated, particularly when it comes to the fact that under China's own national intelligence laws, fundamentally, Beijing can tell these companies to sabotage, do surveillance of or, perhaps, disrupt power supplies? What is being done to ensure that we have sovereignty and that our sovereign risk is protected when it comes to our energy markets?October 20, 2023 - Office of Nuclear Regulation, UK
Chief Nuclear Inspector’s annual report on Great Britain’s nuclear industry Full Text
Abstract
ONR is here to protect society by securing safe nuclear operations. Each year, I give an account of the performance of the nuclear industry in Great Britain that we regulate, in this my Chief Nuclear Inspector’s Annual Report. Now in its sixth edition, we have taken the opportunity to reflect on feedback and reconsider the format of the report. For the benefit of readers, the performance section of the report is now structured by dutyholder, with accompanying regulatory attention levels, which are also summarised in full in an Annex to the report, alongside in-depth case studies and our incidents report.October 18, 2023 - US Department of Justice
Justice Department Announces Court-Authorized Action to Disrupt Illicit Revenue Generation Efforts of Democratic People’s Republic of Korea Information Technology Workers Full Text
Abstract
Seizures of Money and Infrastructure from Democratic People’s Republic of Korea (DPRK) IT Workers Follows Successful Efforts to Empower Independent Private Sector Disruptive ActionsOctober 17, 2023 - CISA
The Next Chapter of Secure by Design Full Text
Abstract
Yesterday, CISA Director Jen Easterly announced the second iteration of CISA’s Secure by Design whitepaper, “Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Secure by Design Software” at the Singapore Cyber Week conference. Since releasing the first version of the whitepaper in April, we received a great deal of constructive and detailed feedback from a wide spectrum of stakeholders, including software manufacturers of all sizes, customers, non-profits, academics, U.S. and international government agencies, and individuals. Ten U.S. and international partners co-sealed the first version of the whitepaper. This version includes an incredible eight additional countries and international organizations. This scale of feedback and partnership underscores that the industry is keen to have this conversation, and that the time to shift the responsibility for security is now. We have been honored by how generous people have been with their time and expertise.October 16, 2023 - CISA
Misconfigurations and Weaknesses Known to be Used in Ransomware Campaigns Full Text
Abstract
This list provides information on weaknesses and misconfigurations that are commonly exploited by threat actors in ransomware campaigns. This list is different from the KEV catalog as it contains information not CVE based.October 12, 2023 - CISA
Ransomware Vulnerability Warning Pilot updates: Now a One-stop Resource for Known Exploited Vulnerabilities and Misconfigurations Linked to Ransomware Full Text
Abstract
Ransomware has disrupted critical services, businesses, and communities worldwide and many of these incidents are perpetrated by ransomware actors using known common vulnerabilities and exposures (CVE) (i.e., vulnerabilities). However, many organizations may be unaware that a vulnerability used by ransomware threat actors is present on their network. To help organizations overcome this potential blind spot, the Cybersecurity and Infrastructure Security Agency (CISA) established the Ransomware Vulnerability Warning Pilot (RVWP) in January 2023, as required by the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) of 2022.October 12, 2023 - FBI, CISA
FBI and CISA Release Update on AvosLocker Advisory Full Text
Abstract
Today, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released a joint Cybersecurity Advisory (CSA), #StopRansomware: AvosLocker Ransomware (Update) to disseminate known indicators of compromise (IOCs), tactics, techniques, and procedures (TTPs), and detection methods associated with the AvosLocker variant identified through FBI investigations as recently as May 2023.October 4, 2023 - CISA
CISA Adds Two Known Exploited Vulnerabilities to Catalog, Removes Five KEVs Full Text
Abstract
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation: CVE-2023-42793 JetBrains TeamCity Authentication Bypass Vulnerability CVE-2023-28229 Microsoft Windows CNG Key Isolation Service Privilege Escalation VulnerabilityOctober 4, 2023 - CISA
CISA Adds Two Known Exploited Vulnerabilities to Catalog, Removes Five KEVs Full Text
Abstract
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation: CVE-2023-42793 JetBrains TeamCity Authentication Bypass Vulnerability CVE-2023-28229 Microsoft Windows CNG Key Isolation Service Privilege Escalation VulnerabilitySeptember 27, 2023 - FBI
Two or More Ransomware Variants Impacting the Same Victims and Data Destruction Trends Full Text
Abstract
The Federal Bureau of Investigation (FBI) is releasing this Private Industry Notification to highlight emerging ransomware trends and encourage organizations to implement the recommendations in the “Mitigations” section to reduce the likelihood and impact of ransomware incidents.September 26, 2023 - CISA
CISA Launches National Public Service Announcement Campaign Encouraging Americans to Take Steps to Keep Themselves and Their Families Safe Online Full Text
Abstract
WASHINGTON - The Cybersecurity and Infrastructure Security Agency (CISA) today announced the launch of “Secure Our World,” a nationwide cybersecurity public awareness campaign to educate all Americans on how to stay safe online. The campaign includes a public service announcement (PSA) that will air on stations around the country, as well as digital content, a toolkit, and other resources. Recognizing that technology is an integral part of our modern lives, Congress tasked CISA with creating this program to provide small businesses, communities, and individuals with the guidance and tools they need to protect themselves online.September 21, 2023 - Health Sector Cyber Security Coordination Center
North Korean and Chinese Cyber Crime Threats to the HPH Full Text
Abstract
Cybercrime Overview and Theory - China - APT41 - North Korea - APT43 - Lazarus Group - Defense and Mitigations - Conclusions - ReferencesSeptember 20, 2023 - Homeland Security
Homeland Threat Assessment 2024 Full Text
Abstract
The Department of Homeland Security (DHS) Intelligence Enterprise Homeland Threat Assessment reflects the insights from across the Department, the Intelligence Community, and other critical homeland security stakeholders. It focuses on the most direct, pressing threats to our Homeland during the next year and is organized into four sections. We organized this assessment around the Department’s missions that most closely align or apply to these threats—public safety, border and immigration, critical infrastructure, and economic security. As such, many of the threat actors and their efforts cut across mission areas and interact in complex and, at times, reinforcing ways.September 12, 2023 - Health Sector Cybersecurity Coordination Center
Akira Ransomware Full Text
Abstract
Akira is a Ransomware-as-a-Service (RaaS) group that started operations in March 2023. Since its discovery, the group has claimed over 60 victims, which have typically ranged in the small- to medium-size business scale. Akira has garnered attention for a couple of reasons, such as their retro 1980s-themed website (see figure below) and the considerable demands for ransom payments ranging from $200,000 to $4 million. Akira has been observed obtaining initial malware delivery through several methods, such as leveraging compromised credentials and exploiting weaknesses in virtual private networks (VPN), typically where multi-factor authentication (MFA) is not being used. Like many ransomware groups, they employed the double-extortion technique against their victims by exfiltrating data prior to encryption. It is also believed that the group may contain some affiliation with Conti due to observed overlap in their code and cryptocurrency wallets. The group has targeted multiple sectors, including finance, real estate, manufacturing, and healthcare.September 12, 2023 - CISA
Apple Releases Security Updates for iOS and macOS Full Text
Abstract
Apple has released security updates to address a vulnerability in multiple products. A cyber threat actor could exploit this vulnerability to take control of an affected device. CISA encourages users and administrators to review the following advisories and apply the necessary updates.September 11, 2023 - NCSC, NCA
Ransomware, extortion and the cyber crime ecosystem Full Text
Abstract
This white paper assumes an understanding of cyber security principles. It’s particularly aimed at security professionals who need to be aware of changes in cyber criminal activity to better protect their systems and inform security policy.September 7, 2023 - CISA, FBI, CNMF
Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475 Full Text
Abstract
The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and Cyber National Mission Force (CNMF) identified the presence of indicators of compromise (IOCs) at an Aeronautical Sector organization as early as January 2023. Analysts confirmed that nation-state advanced persistent threat (APT) actors exploited CVE-2022-47966 to gain unauthorized access to a public-facing application (Zoho ManageEngine ServiceDesk Plus), establish persistence, and move laterally through the network. This vulnerability allows for remote code execution on the ManageEngine application. Additional APT actors were also observed exploiting CVE-2022-42475 to establish presence on the organization’s firewall device.August 30, 2023 - National Cyber Security Centre, UK
Thinking about the security of AI systems Full Text
Abstract
If you’re reading this blog, there’s a good chance you’ve heard of large language models (LLMs) like ChatGPT, Google Bard and Meta’s LLaMA. These models use algorithms trained on huge amounts of text data which can generate incredibly human-like responses to user prompts.August 29, 2023 - Microsoft
Adversary-in-the-middle (AiTM) phishing techniques continue to proliferate through the phishing-as-a-service Full Text
Abstract
Adversary-in-the-middle (AiTM) phishing techniques continue to proliferate through the phishing-as-a-service (PhaaS) cybercrime model, as seen in the increasing number of-AiTM capable PhaaS platforms throughout 2023.August 25, 2023 - CISA
VDP Platform 2022 Annual Report Showcases Platform’s Success Full Text
Every day, security researchers find and enable mitigation of vulnerabilities in products and web sites around the world – allowing vendors and defenders to fix problems before adversaries can cause harm. In 2019, CISA took action to ensure that the American people benefit from this essential work by releasing Binding Operational Directive (BOD) 20-01, which requires all federal civilian agencies to develop and publish a Vulnerability Disclosure Policy (VDP).
August 23, 2023 - FBI
Suspected PRC Cyber ActorsContinue to Globally Exploit Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868) Full Text
As a part of the FBI investigation into the exploitation of CVE-2023-2868, a zero-day vulnerability in Barracuda Network’s Email Security Gateway (ESG) appliances, the FBI has independently verified that all exploited ESG appliances, even those with patches pushed out by Barracuda, remain at risk for continued computer network compromise from suspected PRC cyber actors exploiting this vulnerability. For more details regarding malware found to date related to this exploit and learn more about Barracuda backdoors, please visit CISA Releases Malware Analysis Reports on Barracuda Backdoors. The cyber actors utilized this vulnerability to insert malicious payloads onto the ESG appliance with a variety of capabilities that enabled persistent access, email scanning, credential harvesting, and data exfiltration. The FBI strongly advises all affected ESG appliances be isolated and replaced immediately, and all networks scanned for connections to the provided list of indicators of compromise immediately.
August 22, 2023 - FBI
FBI Identifies Cryptocurrency Funds Stolen by DPRK Full Text
The FBI is warning cryptocurrency companies of recent blockchain activity connected to the theft of hundreds of millions of dollars in cryptocurrency. Over the last 24 hours, the FBI tracked cryptocurrency stolen by the Democratic People's Republic of Korea (DPRK) TraderTraitor-affiliated actors (also known as Lazarus Group and APT38). The FBI believes the DPRK may attempt to cash out the bitcoin worth more than $40 million dollars.
August 21, 2023 - CISA
CISA Adds One Known Exploited Vulnerability to Catalog Full Text
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-26359 Adobe ColdFusion Deserialization of Untrusted Data Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view other newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column—which will sort by descending dates.
August 21, 2023 - CISA, NSA, NIST
CISA, NSA, and NIST Publish Factsheet on Quantum Readiness Full Text
Today, the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA) and National Institute of Standards and Technology (NIST) released a joint factsheet, Quantum-Readiness: Migration to Post-Quantum Cryptography (PQC), to inform organizations—especially those that support Critical Infrastructure—of the impacts of quantum capabilities, and to encourage the early planning for migration to post-quantum cryptographic standards by developing a Quantum-Readiness Roadmap.
August 17, 2023 - ARPA-H
Biden-Harris Administration’s ARPA-H initiative launches digital health security effort to address cybersecurity threats to U.S. healthcare Full Text
The ARPA-H project aims to ensure patients continue to receive care in the wake of a medical facility cyberattack Today, the Advanced Research Projects Agency for Health (ARPA-H), an agency within the U.S. Department of Health and Human Services (HHS), launched the Digital Health Security (DIGIHEALS) project to protect the U.S. healthcare system’s electronic infrastructure. Through a Broad Agency Announcement (BAA), the project will solicit proposals for proven technologies developed for national security and apply them to civilian health systems, clinical care facilities, and personal health devices.
August 16, 2023 - CISA
JCDC Remote Monitoring and Management Cyber Defense Plan Full Text
Remote Monitoring and Management (RMM) is software that is installed on an endpoint to continuously monitor a machine or system’s health and status, as well as enabling remote unattended administration functions. As ransomware threat actors continue to use RMM tools in their attacks, exploitation of RMM platforms presents a growing risk to small and medium-sized organizations that support national critical functions.
August 16, 2023 - CISA
CISA Adds One Known Exploited Vulnerability to Catalog Full Text
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-24489 Citrix Content Collaboration ShareFile Improper Access Control Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view other newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column—which will sort by descending dates.
August 9, 2023 - CISA
CISA Adds One Known Exploited Vulnerability to Catalog Full Text
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-38180 Microsoft .NET Core and Visual Studio Denial of Service Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view other newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column—which will sort by descending dates.
August 8, 2023 - NIST
The NIST Cybersecurity Framework 2.0 Full Text
This is the public draft of the NIST Cybersecurity Framework (CSF or Framework) 2.0. The Framework has been used widely to reduce cybersecurity risks since its initial publication in 2014. Many organizations have told NIST that CSF 1.1 remains an effective framework for addressing cybersecurity risks. There is also widespread agreement that changes are warranted to address current and future cybersecurity challenges and to make it easier for organizations to use the Framework. NIST is working with the community to ensure that CSF 2.0 is effective for the future while fulfilling the CSF’s original goals and objectives.
August 7, 2023 - The White House
Biden-Harris Administration Launches New Efforts to Strengthen America’s K-12 Schools’ Cybersecurity Full Text
Abstract
Biden-Harris Administration is announcing new actions and private commitments to bolster the nation’s cyber defense at schools and protect hard-working American families. Administration leaders, school administrators, educators, and education technology providers will convene at the White House to discuss how to strengthen the nation’s schools’ cybersecurity amidst growing ransomware attacks.August 7, 2023 - Office of Educational Technology
Building Technology Infrastructure for Learning Full Text
Abstract
Education infrastructure is undeniably critical infrastructure, and in the digital age, the need to prioritize cybersecurity has become more apparent than ever. Just as we work to provide physical infrastructure for our schools that is safe, healthy, and supportive for all students, the time has come to align resources towards creating a digital infrastructure that is equally safe, accessible, resilient, sustainable, and future-proof. The Department, in partnership with CISA, has released the K-12 Digital Infrastructure Brief: Defensible and Resilient to highlight cybersecurity recommendations and promising practices from states and districts across the country.August 4, 2023 - HHS
Rhysida Ransomware Full Text
Abstract
Rhysida is a new ransomware-as-a-service (RaaS) group that has emerged since May 2023. The group drops an eponymous ransomware via phishing attacks and Cobalt Strike to breach targets’ networks and deploy their payloads. The group threatens to publicly distribute the exfiltrated data if the ransom is not paid. Rhysida is still in early stages of development, as indicated by the lack of advanced features and the program name Rhysida-0.1. The ransomware also leaves PDF notes on the affected folders, instructing the victims to contact the group via their portal and pay in Bitcoin. Its victims are distributed throughout several countries across Western Europe, North and South America, and Australia. They primarily attack education, government, manufacturing, and technology and managed service provider sectors; however, there has been recent attacks against the Healthcare and Public Health (HPH) sector.August 4, 2023 - FBI
Criminals Pose as Non-Fungible Token (NFT) Developers to Target Internet Users with an Interest in NFT Acquisition Full Text
Abstract
The FBI warns of criminal actors posing as legitimate NFT developers in financial fraud schemes targeting active users within the NFT community. Criminals either gain direct access to NFT developer social media accounts or create almost identical accounts to promote new NFT releases. Fraudulent posts often aim to create a sense of urgency, using phrases like "limited supply," and refer to the promotion as a "surprise" or previously unannounced mint. Links provided in these announcements are phishing links directing victims to a spoofed website that appears to be a legitimate extension of a particular NFT project. The spoofed websites invite victims to connect their cryptocurrency wallets and purchase the NFT. The victims unknowingly connect their cryptocurrency wallets to a drainer smart contract, resulting in the transfer of cryptocurrency and NFTs to wallets operated by criminals. Contents stolen from victims' wallets are often processed through a series of cryptocurrency mixers and exchanges to obfuscate the path and final destination of the stolen NFTs.August 4, 2023 - CISA
CISA Cybersecurity Strategic Plan FY2024-2026 Full Text
Abstract
Our nation is at a moment of opportunity. The 2023 U.S. National Cybersecurity Strategy outlines a new vision for cybersecurity, a vision grounded in collaboration, in innovation, and in accountability. Now is the moment where our country has a choice: to invest in a future where collaboration is a default rather than an exception; where innovation in defense and resilience dramatically outpaces that of those seeking to do us harm; and where the burden of cybersecurity is allocated toward those who are most able to bear it. We must be clear-eyed about the future we seek, one in which damaging cyber intrusions are a shocking anomaly, in which organizations are secure and resilient, in which technology products are safe and secure by design and default. This is a shared journey and a shared challenge, and CISA, as America’s cyber defense agency, is privileged to serve a foundational role in the global cybersecurity community as we achieve measurable progress to our shared end state.August 3, 2023 - CISA, NSA, FBI
CISA, NSA, FBI, and International Partners Release Joint CSA on Top Routinely Exploited Vulnerabilities of 2022 Full Text
Abstract
The U.S. Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), and international partners are releasing a joint Cybersecurity Advisory (CSA), 2022 Top Routinely Exploited Vulnerabilities. This advisory provides details on the top Common Vulnerabilities and Exposures (CVEs) routinely exploited by malicious cyber actors in 2022, and the associated Common Weakness Enumeration(s) (CWE), to help organizations better understand the impact exploitation could have on their systems. International partners include: Australian Signals Directorate’s Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), New Zealand National Cyber Security Centre (NCSC-NZ), New Zealand Computer Emergency Response Team (CERT-NZ), and the United Kingdom’s National Cyber Security Centre (NCSC-UK), and the United Kingdom’s National Cyber Security Centre (NCSC-UK).August 3, 2023 - OWASP
OWASP Top 10 for Large Language Model Applications Full Text
Abstract
he OWASP Top 10 for Large Language Model Applications project aims to educate developers, designers, architects, managers, and organizations about the potential security risks when deploying and managing Large Language Models (LLMs). The project provides a list of the top 10 most critical vulnerabilities often seen in LLM applications, highlighting their potential impact, ease of exploitation, and prevalence in real-world applications. Examples of vulnerabilities include prompt injections, data leakage, inadequate sandboxing, and unauthorized code execution, among others. The goal is to raise awareness of these vulnerabilities, suggest remediation strategies, and ultimately improve the security posture of LLM applications.August 3, 2023 - Microsoft
Cyberthreats increasingly target the world’s biggest event stages Full Text
Abstract
Threat actors go where the targets are, capitalizing on opportunities to launch targeted or widespread, opportunistic attacks. This extends into high profile sporting events, especially those in increasingly connected environments, introducing cyber risk for organizers, regional host facilities, and attendees. The United Kingdom’s National Cyber Security Centre (NCSC) found that cyberattacks against sports organizations are increasingly common, with 70 percent of those surveyed experiencing at least one attack per year, significantly higher than the average across businesses in the United Kingdom.August 2, 2023 - CISA, FCC
The Most Important Part of the Internet You’ve Probably Never Heard Of Full Text
Abstract
Few people realize how much they depend on the Border Gateway Protocol (BGP) every day—a set of technical rules responsible for routing data efficiently. But as we’ve come to rely on the Internet for nearly every facet of our lives, disruptions to BGP can have serious implications for the critical services Americans rely on every day.August 1, 2023 - CISA, NCSC-NO
Threat Actors Exploiting Ivanti EPMM Vulnerabilities Full Text
Abstract
The Cybersecurity and Infrastructure Security Agency (CISA) and the Norwegian National Cyber Security Centre (NCSC-NO) are releasing this joint Cybersecurity Advisory (CSA) in response to active exploitation of CVE-2023-35078 and CVE-2023-35081. Advanced persistent threat (APT) actors exploited CVE-2023-35078 as a zero day from at least April 2023 through July 2023 to gather information from several Norwegian organizations, as well as to gain access to and compromise a Norwegian government agency’s network.July 31, 2023 - Whitehouse
NATIONAL CYBER WORKFORCE AND EDUCATION STRATEGY Full Text
Abstract
Technology and humanity are intertwined. Technology itself does not have a value system; rather it carries the values of its owners and operators. Cyberspace is composed not only of technology and protocols, but also people. People are an integral part of cyberspace, both in creating and using it. In less than a generation, technology has transformed our daily lives – among other things, we pay bills, connect with families and friends, build businesses, and build communities. We rely on cyberspace for our national security, economic development, and innovation. More than any other domain – air, space, sea, or land – people conceived of and created cyberspace and will continue to improve it. The Biden-Harris Administration’s 2023 National Cybersecurity Strategy establishes an affirmative, valuesdriven vision for a secure and resilient cyberspace that enables us to achieve our collective aspirations. To achieve a vision aligned with our values, we must ensure that people are appropriately equipped. This National Cyber Workforce and Education Strategy provides a critical element of the President’s approach to securing cyberspace.July 28, 2023 - CISA
CISA Releases Malware Analysis Reports on Barracuda Backdoors Full Text
Abstract
CISA has published three malware analysis reports on malware variants associated with exploitation of CVE-2023-2868. CVE-2023-2868 is a remote command injection vulnerability affecting Barracuda Email Security Gateway (ESG) Appliance, versions 5.1.3.001-9.2.0.006. It was exploited as a zero day as early as October 2022 to gain access to ESG appliances. According to industry reporting, the actors exploited the vulnerability to gain initial access to victim systems and then implanted backdoors to establish and maintain persistence.July 27, 2023 - ACSC, NSA, CISA
CISA and Partners Release Joint Cybersecurity Advisory on Preventing Web Application Access Control Abuse Full Text
Abstract
The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC), the Cybersecurity and Infrastructure Security Agency (CISA), and the National Security Agency (NSA) are releasing a joint Cybersecurity Advisory (CSA), Preventing Web Application Access Control Abuse, to warn vendors, designers, developers, and end-user organizations of web applications about insecure direct object reference (IDOR) vulnerabilities. These vulnerabilities are frequently exploited by malicious actors in data breach incidents and have resulted in the compromise of personal, financial, and health information of millions of users and consumers.July 26, 2023 - CISA
Risk and Vulnerability Assessments Full Text
Abstract
CISA analyzes and maps, to the MITRE ATT&CK® framework, the findings from the Risk and Vulnerability Assessments (RVA) we conduct each fiscal year (FY). These analyses include:July 24, 2023 - CISA
Ivanti Releases Security Updates for Endpoint Manager Mobile (EPMM) CVE-2023-35078 Full Text
Abstract
A vulnerability discovered in Ivanti Endpoint Manager Mobile (EPMM, previously branded MobileIron Core) allows unauthenticated access to specific API paths. An attacker with access to these API paths can access personally identifiable information (PII) such as names, phone numbers, and other mobile device details for users on a vulnerable system. An attacker can also make other configuration changes, including creating an EPMM administrative account that can make further changes to a vulnerable system.July 18, 2023 - BUREAU OF INDUSTRY AND SECURITY
Commerce Adds Four Entities to Entity List for Trafficking in Cyber Exploits Full Text
Abstract
WASHINGTON, D.C. – Today, the Commerce Department’s Bureau of Industry and Security (BIS) added four entities, Intellexa S.A. in Greece, Cytrox Holdings Crt in Hungary, Intellexa Limited in Ireland, and Cytrox AD in North Macedonia to the Entity List for trafficking in cyber exploits used to gain access to information systems, threatening the privacy and security of individuals and organizations worldwide.July 18, 2023 - White House
Biden-Harris Administration Announces Cybersecurity Labeling Program for Smart Devices to Protect American Consumers Full Text
Abstract
Leading electronics and appliance manufacturers and retailers make voluntary commitments to increase cybersecurity on smart devices, help consumers choose products that are less vulnerable to cyberattacks.July 17, 2023 - NSA, CISA
CISA Releases Cybersecurity Advisory on Threat Actors Exploiting Citrix CVE-2023-3519 Full Text
Abstract
The Cybersecurity and Infrastructure Security Agency (CISA) released a Cybersecurity Advisory (CSA), Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells, to warn organizations about threat actors exploiting CVE-2023-3519, an unauthenticated remote code execution (RCE) vulnerability affecting NetScaler (formerly Citrix) Application Delivery Controller (ADC) and NetScaler Gateway. In June 2023, threat actors exploited this vulnerability as a zero-day to drop a webshell on a critical infrastructure organization’s NetScaler ADC appliance. The webshell enabled the actors to perform discovery on the victim’s active directory (AD) and collect and exfiltrate AD data. The actors attempted to move laterally to a domain controller but network-segmentation controls for the appliance blocked movement.July 17, 2023 - NSA, CISA
NSA, CISA Release Guidance on Security Considerations for 5G Network Slicing Full Text
Abstract
Today, the National Security Agency (NSA) and CISA published 5G Network Slicing: Security Considerations for Design, Deployment, and Maintenance. This guidance—created by the Enduring Security Framework (ESF), a public-private cross-sector working group led by the NSA and CISA—presents recommendations to address some identified threats to 5G standalone network slicing, and provides industry recognized practices for the design, deployment, operation, and maintenance of a hardened 5G standalone network slice(s). This guidance builds upon the 2022 ESF guidance Potential Threats to 5G Network Slicing.July 12, 2023 - CISA
CISA Releases One Industrial Control Systems Advisory Full Text
Abstract
CISA released one Critical Industrial Control Systems (ICS) advisory on July 12, 2023. This advisory provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-193-01 Rockwell Automation Select Communication Modules CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations.July 11, 2023 - CISA
CISA Adds Five Known Vulnerabilities to Catalog Full Text
Abstract
CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-32046 Microsoft Windows MSHTML Platform Privilege Escalation Vulnerability CVE-2023-32049 Microsoft Windows Defender SmartScreen Security Feature Bypass Vulnerability CVE-2023-35311 Microsoft Outlook Security Feature Bypass Vulnerability CVE-2023-36874 Microsoft Windows Error Reporting Service Privilege Escalation Vulnerability CVE-2022-31199 Netwrix Auditor Insecure Object Deserialization VulnerabilityJuly 6, 2023 - CISA
PiiGAB M-Bus Full Text
Abstract
CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: PiiGAB, Processinformation i Göteborg Aktiebolag Equipment: M-Bus SoftwarePack 900S Vulnerabilities: Code Injection, Improper Restriction of Excessive Authentication Attempts, Unprotected Transport of Credentials, Use of Hard-coded Credentials, Plaintext Storage of a Password, Cross-site Scripting, Weak Password Requirements, Use of Password Hash with Insufficient Computational Effort, Cross-Site Request ForgeryJuly 6, 2023 - CISA, FBI, MS-ISAC, CCCS
Increased Truebot Activity Infects U.S. and Canada Based Networks Full Text
Abstract
The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Canadian Centre for Cyber Security (CCCS) are releasing this joint Cybersecurity Advisory (CSA) in response to cyber threat actors leveraging newly identified Truebot malware variants against organizations in the United States and Canada. As recently as May 31, 2023, the authoring organizations have observed an increase in cyber threat actors using new malware variants of Truebot (also known as Silence.Downloader). Truebot is a botnet that has been used by malicious cyber groups like CL0P Ransomware Gang to collect and exfiltrate information from its target victims.July 3, 2023 - Swedish Authority for Privacy Protection
Four companies must stop using Google Analytics Full Text
Abstract
The Swedish Authority for Privacy Protection (IMY) has audited how four companies use Google Analytics for web statistics. IMY issues administrative fines against two of the companies. One of the companies has recently stopped using the statistics tool on its own initiative, while IMY orders the other three to also stop using it.June 29, 2023 - CISA
CISA Adds Eight Known Exploited Vulnerabilities to Catalog Full Text
Abstract
CISA has added eight new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2019-17621 D-Link DIR-859 Router Command Execution Vulnerability CVE-2019-20500 D-Link DWL-2600AP Access Point Command Injection Vulnerability CVE-2021-25487 Samsung Mobile Devices Out-of-Bounds Read Vulnerability CVE-2021-25489 Samsung Mobile Devices Improper Input Validation Vulnerability CVE-2021-25394 Samsung Mobile Devices Race Condition Vulnerability CVE-2021-25395 Samsung Mobile Devices Race Condition Vulnerability CVE-2021-25371 Samsung Mobile Devices Unspecified Vulnerability CVE-2021-25372 Samsung Mobile Devices Improper Boundary Check VulnerabilityJune 29, 2023 - CISA
2023 CWE Top 25 Most Dangerous Software Weaknesses Full Text
Abstract
The Homeland Security Systems Engineering and Development Institute, sponsored by the Department of Homeland Security and operated by MITRE, has released the 2023 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses. The CWE Top 25 is calculated by analyzing public vulnerability data in the National Vulnerability Data (NVD) for root cause mappings to CWE weaknesses for the previous two calendar years. These weaknesses lead to serious vulnerabilities in software. An attacker can often exploit these vulnerabilities to take control of an affected system, steal data, or prevent applications from working.June 23, 2023 - CISA
CISA Adds Five Known Exploited Vulnerabilities to Catalog Full Text
Abstract
CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-32434 Apple Multiple Products Integer Overflow Vulnerability CVE-2023-32435 Apple iOS and iPadOS WebKit Memory Corruption Vulnerability CVE-2023-32439 Apple iOS, iPadOS, and macOS WebKit Type Confusion Vulnerability CVE-2023-20867 VMware Tools Authentication Bypass Vulnerability CVE-2023-27992 Mozilla Firefox, Firefox ESR, and Thunderbird Use-After-Free VulnerabilityJune 22, 2023 - Microsoft
Microsoft has detected increased credential attack activity by the threat actor Midnight Blizzard Full Text
Abstract
Microsoft has detected increased credential attack activity by the threat actor Midnight Blizzard using residential proxy services to obfuscate the source of their attacks. These attacks target governments, IT service providers, NGOs, defense industry, and critical manufacturing.June 22, 2023 - CISA
NSA Releases Guide to Mitigate BlackLotus Threat Full Text
Abstract
FORT MEADE, Md. — Malicious cyber actors could take advantage of a known vulnerability in the Microsoft Windows secure startup process to bypass Secure Boot protection and execute BlackLotus malware.June 16, 2023 - HHS
TimisoaraHackerTeam Analysis Full Text
Abstract
A ransomware variant and threat group called TimisoaraHackerTeam has resurfaced in a recent ransomware attack on a medical facility. Little is known about the obscure group of hackers, but when its ransomware is deployed, their rarely used and very effective technique of encrypting data in a target environment has paralyzed the health and public health (HPH) sector. An examination of the ransomware strain and the group's tactics provides insight into how and why they target the healthcare sector, possible ties to other threat groups, and recommendations for how HPH organizations can better protect themselves.June 15, 2023 - Department of the Army Criminal Investigation Division
CID Lookout: Unsolicited Smartwatches Received by Mail Full Text
Abstract
Service members across the military have reported receiving smartwatches unsolicited in the mail. These smartwatches, when used, have auto-connected to Wi-Fi and began connecting to cell phones unprompted, gaining access to a myriad of user data.June 14, 2023 - CISA, FBI, MS-ISAC
Understanding Ransomware Threat Actors: LockBit Full Text
Abstract
In 2022, LockBit was the most deployed ransomware variant across the world and continues to be prolific in 2023. Since January 2020, affiliates using LockBit have attacked organizations of varying sizes across an array of critical infrastructure sectors, including financial services, food and agriculture, education, energy, government and emergency services, healthcare, manufacturing, and transportation. LockBit ransomware operation functions as a Ransomware-as-a-Service (RaaS) model where affiliates are recruited to conduct ransomware attacks using LockBit ransomware tools and infrastructure. Due to the large number of unconnected affiliates in the operation, LockBit ransomware attacks vary significantly in observed tactics, techniques, and procedures (TTPs). This variance in observed ransomware TTPs presents a notable challenge for organizations working to maintain network security and protect against a ransomware threatJune 7, 2023 - CISA, FBI
CISA and FBI Release #StopRansomware: CL0P Ransomware Gang Exploits MOVEit Vulnerability Full Text
Abstract
CISA and FBI released a joint Cybersecurity Advisory (CSA) CL0P Ransomware Gang Exploits MOVEit Vulnerability in response to a recent vulnerability exploitation attributed to CL0P Ransomware Gang. This joint guide provides indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) identified through FBI investigations as recently as May this year. Additionally, it provides immediate actions to help reduce the impact of CL0P ransomware.June 6, 2023 - CISA, NSA, FBI, MS-ISAC, Cyber Israel
GUIDE TO SECURING REMOTE ACCESS SOFTWARE Full Text
Abstract
Remote access software and tools comprise a broad array of capabilities used to maintain and improve IT, operational technology (OT), and industrial control systems (ICS) services; they allow a proactive and flexible approach for organizations to remotely oversee networks, computers, and other devices. Remote access software, including remote administration solutions and remote monitoring and management (RMM), enables managed service providers (MSPs), software-as-a-service (SaaS) providers, IT help desks, and other network administrators to remotely perform several functions, including gathering data on network and device health, automating maintenance, PC setup and configuration, remote recovery and backup, and patch management.June 1, 2023 - FBI, NSA, NIS, NPA, MOFA
North Korea Using Social Engineering to Enable Hacking of Think Tanks, Academia, and Media Full Text
Abstract
The Federal Bureau of Investigation (FBI), the U.S. Department of State, and the National Security Agency (NSA), together with the Republic of Korea’s National Intelligence Service (NIS), National Police Agency (NPA), and Ministry of Foreign Affairs (MOFA), are jointly issuing this advisory to highlight the use of social engineering by Democratic People’s Republic of Korea (DPRK a.k.a. North Korea) state-sponsored cyber actors to enable computer network exploitation (CNE) globally against individuals employed by research centers and think tanks, academic institutions, and news media organizations. These North Korean cyber actors are known to conduct spearphishing campaigns posing as real journalists, academics, or other individuals with credible links to North Korean policy circles. The DPRK employs social engineering to collect intelligence on geopolitical events, foreign policy strategies, and diplomatic efforts affecting its interests by gaining illicit access to the private documents, research, and communications of their targets.June 1, 2023 - NSA
U.S., ROK Agencies Alert: DPRK Cyber Actors Impersonating Targets to Collect Intelligence Full Text
Abstract
FORT MEADE, Md. - The National Security Agency (NSA) is partnering with several organizations to highlight the Democratic People’s Republic of Korea’s (DPRK) use of social engineering and malware to target think tanks, academia, and news media sectors.May 30 - June 2, 2023 - NATO
15th International Conference on Cyber Conflict: Meeting Reality Full Text
Abstract
Throughout the years, the annual International Conference on Cyber Conflict, CyCon, organized by the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE), has established itself as a major multidisciplinary conference on the technical, legal, policy, strategy and military perspectives of cyber defence and security. In just over a decade, CyCon has also become a community-building event for cyber security professionals, drawing over 600 participants each spring to the Estonian capital Tallinn. CyCon proceedings are sponsored by the IEEE, ensuring the academic online publication and the standards of the research. CCDCOE produces hard copies of the proceedings and the articles will also be published on the Centre’s website.May 23, 2023 - NSA, CISA, FBI, ACSC, CCCS, NCSC-NZ, NCSC-UK
People’s Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection Full Text
Abstract
The United States and international cybersecurity authorities are issuing this joint Cybersecurity Advisory (CSA) to highlight a recently discovered cluster of activity of interest associated with a People’s Republic of China (PRC) state-sponsored cyber actor, also known as Volt Typhoon. Private sector partners have identified that this activity affects networks across U.S. critical infrastructure sectors, and the authoring agencies believe the actor could apply the same techniques against these and other sectors worldwide.May 23, 2023 - CISA
CISA and Partners Update the #StopRansomware Guide, Developed through the Joint Ransomware Task Force (JRTF) Full Text
Abstract
Today, CISA, the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) published an updated version of the #StopRansomware Guide, as ransomware actors have accelerated their tactics and techniques since its initial release in 2020. The update incorporates lessons learned from the past two years and includes additional recommended actions, resources, and tools to maximize its relevancy and effectiveness and to further help reduce the prevalence and impacts of ransomware.May 22, 2023 - American Hospital Association
AHA Letter to OCR on HIPAA Privacy Rule, Online Tracking Guidance Full Text
Abstract
On behalf of our nearly 5,000 member hospitals, health systems and other health care organizations, our clinical partners — including more than 270,000 affiliated physicians, 2 million nurses and other caregivers — and the 43,000 health care leaders who belong to our professional membership groups, the American Hospital Association (AHA) strongly supports the Office of Civil Rights’ (OCR) proposed rule. The AHA agrees with OCR that a “positive, trusting relationship between individuals and their health care providers is essential to an individual’s health and well-being.”1 The proposed rule will enhance provider-patient relationships by providing heightened privacy protections for information about care that is lawful under the circumstances in which it is provided, but may nonetheless get swept up in criminal, civil or administrative investigations.May 22, 2023 - United States Government Accountability Office
Selected Agencies Need to Fully Implement Key Practices Full Text
Abstract
Cloud computing provides agencies with potential opportunities to obtain IT services more efficiently; however, if not effectively implemented, it also poses cybersecurity risks. To facilitate the adoption and use of cloud services, the Office of Management and Budget and other federal agencies have issued policies and guidance on key practices that agencies are to implement to ensure the security of agency systems that leverage cloud services (i.e., cloud systems).May 22, 2023 - CISA
CISA Adds Three Known Exploited Vulnerabilities to Catalog Full Text
Abstract
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-32409 Apple Multiple Products WebKit Sandbox Escape Vulnerability CVE-2023-28204 Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability CVE-2023-32373 Apple Multiple Products WebKit Use-After-Free VulnerabilityMay 20, 2023 - CISA
CISA Adds Three Known Exploited Vulnerabilities to Catalog Full Text
Abstract
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2004-1464 Cisco IOS Denial-of-Service Vulnerability CVE-2016-6415 Cisco IOS, IOS XR, and IOS XE IKEv1 Information Disclosure Vulnerability CVE-2023-21492 Samsung Mobile Devices Insertion of Sensitive Information Into Log File VulnerabilityMay 19, 2023 - Microsoft Threat Intelligence
Financially motivated cybercriminal group Sangria Tempest (ELBRUS, FIN7) has come out of a long period of inactivity. Full Text
Abstract
Financially motivated cybercriminal group Sangria Tempest (ELBRUS, FIN7) has come out of a long period of inactivity. The group was observed deploying the Clop ransomware in opportunistic attacks in April 2023, its first ransomware campaign since late 2021.May 16, 2023 - CISA
CISA Releases Three Industrial Control Systems Advisories Full Text
Abstract
CISA released three Industrial Control Systems (ICS) advisories on May 16, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.May 6, 2023 - Microsoft Threat Intelligence
More actors are exploiting unpatched CVE-2023-27350 in print management software Full Text
Abstract
More actors are exploiting unpatched CVE-2023-27350 in print management software Papercut since we last reported on Lace Tempest. Microsoft has now observed Iranian state-sponsored threat actors Mint Sandstorm (PHOSPHORUS) & Mango Sandstorm (MERCURY) exploiting CVE-2023-27350.May 2, 2023 - CISA
CISA Releases One Industrial Control Systems Advisory Full Text
Abstract
CISA released one Industrial Control Systems (ICS) advisory on May 2, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.May 1, 2023 - CISA
CISA Adds Three Known Exploited Vulnerabilities to Catalog Full Text
Abstract
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-1389 TP-Link Archer AX-21 Command Injection Vulnerability CVE-2021-45046 Apache Log4j2 Deserialization of Untrusted Data Vulnerability CVE-2023-21839 Oracle WebLogic Server Unspecified VulnerabilityApril 27, 2023 - CISA
Illumina Universal Copy Service Full Text
Abstract
Successful exploitation of these vulnerabilities could allow an attacker to take any action at the operating system level. A threat actor could impact settings, configurations, software, or data on the affected product; a threat actor could interact through the affected product via a connected network.April 27, 2023 - CISA
CISA Releases One Industrial Control Systems Medical Advisory Full Text
Abstract
CISA released one Industrial Control Systems Medical (ICS) medical advisory on April 27, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.April 19, 2023 - CISA
Updated: KNOWN EXPLOITED VULNERABILITIES CATALOG Full Text
Abstract
KNOWN EXPLOITED VULNERABILITIES CATALOGApril 6, 2023 - Google Threat Analysis Group
CISA Releases Seven Industrial Control Systems Advisories Full Text
Abstract
CISA released seven Industrial Control Systems (ICS) advisories on April 6, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.April 5, 2023 - Google Threat Analysis Group
How we’re protecting users from government-backed attacks from North Korea Full Text
Abstract
New Threat Analysis Group reporting underscores the evolution of ARCHIPELAGO - as well as Google’s work to stop government-backed attackersApril 3, 2023 - CISA
Updated: KNOWN EXPLOITED VULNERABILITIES CATALOG Full Text
Abstract
KNOWN EXPLOITED VULNERABILITIES CATALOGApril 2, 2023 - Bank of England
Bank of England demands cyber crackdown after Russia-linked attacks Full Text
Abstract
The Bank of England has ordered lenders to bolster their defences against a major cyber attack amid fears Russian-linked hackers will attempt to plunge the financial system into crisis.Mar 27, 2023 - Whitehouse
Executive Order on Prohibition on Use by the United States Government of Commercial Spyware that Poses Risks to National Security Full Text
Abstract
Section 1. Policy. Technology is central to the future of our national security, economy, and democracy. The United States has fundamental national security and foreign policy interests in (1) ensuring that technology is developed, deployed, and governed in accordance with universal human rights; the rule of law; and appropriate legal authorization, safeguards, and oversight, such that it supports, and does not undermine, democracy, civil rights and civil liberties, and public safety; and (2) mitigating, to the greatest extent possible, the risk emerging technologies may pose to United States Government institutions, personnel, information, and information systems.Mar 27, 2023 - Europol
The criminal use of ChatGPT – a cautionary tale about large language models Full Text
Abstract
In response to the growing public attention given to ChatGPT, the Europol Innovation Lab organised a number of workshops with subject matter experts from across Europol to explore how criminals can abuse large language models (LLMs) such as ChatGPT, as well as how it may assist investigators in their daily work.Mar 23, 2023 - CISA
Untitled Goose Tool Aids Hunt and Incident Response in Azure, Azure Active Directory, and Microsoft 365 Environments Full Text
Abstract
Today, CISA released the Untitled Goose Tool to help network defenders detect potentially malicious activity in Microsoft Azure, Azure Active Directory (AAD), and Microsoft 365 (M365) environments. The Untitled Goose Tool offers novel authentication and data gathering methods for network defenders to use as they interrogate and analyze their Microsoft cloud services. The tool enables users to:Mar 23, 2023 - CISA
Getting Ahead of the Ransomware Epidemic: CISA’s Pre-Ransomware Notifications Help Organizations Stop Attacks Before Damage Occurs Full Text
Abstract
Over the past several years, ransomware attacks have caused extraordinary harm to American organizations: schools forced to close, hospitals required to divert patients, companies across all sectors facing operational disruption and expending untold sums on mitigation and recovery. At CISA, we are working with partners to take every possible step to reduce the prevalence and impact of ransomware attacks. We recently announced an important initiative to help organizations more quickly fix vulnerabilities that are targeted by ransomware actors. Today, we’re excited to announce a related effort that is already showing impact in actually reducing the harm from ransomware intrusions: our Pre-Ransomware Notification Initiative. Like our work to reduce the prevalence of vulnerabilities, this effort is coordinated as part of our interagency Joint Ransomware Task Force.Mar 21, 2023 - CISA
CISA Releases Eight Industrial Control Systems Advisories Full Text
Abstract
CISA released eight Industrial Control Systems (ICS) advisories on March 21, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.Mar 16, 2023 - CISA
#StopRansomware: LockBit 3.0 Full Text
Abstract
The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing & Analysis Center (MS-ISAC) are releasing this joint CSA to disseminate known LockBit 3.0 ransomware IOCs and TTPs identified through FBI investigations as recently as March 2023.Mar 15, 2023 - CISA, FBI, MS-ISAC
Threat Actors Exploit Progress Telerik Vulnerability in U.S. Government IIS Server Full Text
Abstract
From November 2022 through early January 2023, the Cybersecurity and Infrastructure Security Agency (CISA) and authoring organizations identified the presence of indicators of compromise (IOCs) at a federal civilian executive branch (FCEB) agency. Analysts determined that multiple cyber threat actors, including an APT actor, were able to exploit a .NET deserialization vulnerability (CVE-2019-18935) in Progress Telerik user interface (UI) for ASP.NET AJAX, located in the agency’s Microsoft Internet Information Services (IIS) web server. Successful exploitation of this vulnerability allows for remote code execution. According to Progress Software, Telerik UI for ASP.NET AJAX builds before R1 2020 (2020.1.114) are vulnerable to this exploit.[1]Mar 15, 2023 - CISA
CISA Adds One Known Exploited Vulnerability to Catalog Full Text
Abstract
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-26360 Adobe ColdFusion Improper Access Control Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view other newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column—which will sort by descending dates.Mar 9, 2023 - CISA
Updated: KNOWN EXPLOITED VULNERABILITIES CATALOG Full Text
Abstract
KNOWN EXPLOITED VULNERABILITIES CATALOGMarch 2, 2023 - CISA, FBI
FBI and CISA Release #StopRansomware: Royal Ransomware Full Text
Abstract
Today, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released joint Cybersecurity Advisory (CSA) #StopRansomware: Royal Ransomware to provide network defenders tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) associated with Royal ransomware variants. FBI investigations identified these TTPs and IOCs as recently as January 2023.March 2, 2023 - WHITE HOUSE
FACT SHEET: Biden-Harris Administration Announces National Cybersecurity Strategy Full Text
Abstract
Today, the Biden-Harris Administration released the National Cybersecurity Strategy to secure the full benefits of a safe and secure digital ecosystem for all Americans. In this decisive decade, the United States will reimagine cyberspace as a tool to achieve our goals in a way that reflects our values: economic security and prosperity; respect for human rights and fundamental freedoms; trust in our democracy and democratic institutions; and an equitable and diverse society. To realize this vision, we must make fundamental shifts in how the United States allocates roles, responsibilities, and resources in cyberspace.March 1, 2023 - Department of Defense
DOD CYBER WORKFORCE STRATEGY 2023-2027 Full Text
Abstract
The Department of Defense's (DoD) cyber workforce plays a prominent role in safeguarding our Nation against current and future threats. To ensure the DoD deploys an agile, capable, and ready cyber workforce, the Office of the Department of Defense Chief Information Officer (DoD CIO) created the 2023-2027 DoD Cyber Workforce Strategy. This strategy establishes a unified direction for DoD cyber workforce management and, as the cyber domain continues to expand, the inclusion of emerging technology workforces. This strategy also provides a roadmap for how the cyber workforce will grow and adapt to guarantee our Nation's security.March 1, 2023 - CISA
CISA Releases Decider Tool to Help with MITRE ATT&CK Mapping Full Text
Abstract
Today, CISA released Decider, a free tool to help the cybersecurity community map threat actor behavior to the MITRE ATT&CK framework. Created in partnership with the Homeland Security Systems Engineering and Development Institute™ (HSSEDI) and MITRE, Decider helps make mapping quick and accurate through guided questions, a powerful search and filter function, and a cart functionality that lets users export results to commonly used formats.February 27, 2023 - CISA
CISA Adds One Known Exploited Vulnerability to Catalog Full Text
Abstract
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2022-36537 ZK Framework AuUploader Unspecified VulnerabilityFebruary 23, 2023 - CISA
CISA Urges Increased Vigilance One Year After Russia’s Invasion of Ukraine Full Text
Abstract
CISA assesses that the United States and European nations may experience disruptive and defacement attacks against websites in an attempt to sow chaos and societal discord on February 24, 2023, the anniversary of Russia's 2022 invasion of Ukraine. CISA urges organizations and individuals to increase their cyber vigilance in response to this potential threat.February 21, 2023 - CISA
CISA Adds Three Known Exploited Vulnerabilities to Catalog Full Text
Abstract
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2022-47986 IBM Aspera Faspex Code Execution Vulnerability CVE-2022-41223 Mitel MiVoice Connect Code Injection Vulnerability CVE-2022-40765 Mitel MiVoice Connect Command Injection VulnerabilityFebruary 15, 2023 - ENISA, CERT-EU
Sustained Activity by Threat Actors- Joint Publication Full Text
Abstract
The EU Cybersecurity Agency (ENISA) and the CERT for the EU institutions, bodies and agencies (CERT-EU) would like to draw the attention of their respective audiences on particular Advanced Persistent Threats (APTs), known as APT27, APT30, APT31, Ke3chang, GALLIUM and Mustang Panda. These threat actors have been recently conducting malicious cyber activities against business and governments in the Union.February 13, 2023 - CISA
Updated: KNOWN EXPLOITED VULNERABILITIES CATALOG Full Text
Abstract
KNOWN EXPLOITED VULNERABILITIES CATALOGFebruary 10, 2023 - CISA
CISA Adds Three Known Exploited Vulnerabilities to Catalog Full Text
Abstract
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view the newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column, which will sort by descending dates.February 9, 2023 - CISA
ESXiArgs-Recover Full Text
Abstract
ESXiArgs-Recover is a tool to allow organizations to attempt recovery of virtual machines affected by the ESXiArgs ransomware attacks.February 8, 2023 - FBI
FBI Media Alert: Valentine’s Day in New Mexico Means Love - and Scams Full Text
Abstract
Valentine’s Day means love is in the air, and criminals are online. The FBI is warning New Mexicans to beware of romance scams which tend to proliferate this time of the year as many people log on to find that special someone.February 3, 2023 - CERT-FR
Campaign to exploit a vulnerability affecting VMware ESXi Full Text
Abstract
On February 3, 2023, CERT-FR became aware of attack campaigns targeting VMware ESXi hypervisors with the aim of deploying ransomware on them. In the current state of investigations , these attack campaigns seem to exploit the CVE-2021-21974 vulnerability, for which a patch has been available since February 23, 2021. This vulnerability affects the Service Location Protocol ( SLP ) service and allows a attacker to remotely exploit arbitrary code.February 2, 2023 - CISA
CISA Adds Two Known Exploited Vulnerabilities to Catalog Full Text
Abstract
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view the newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column, which will sort by descending dates.January 30, 2023 - AHA
HC3 TLP Clear Analyst Note: Pro-Russian Hacktivist Group Threat to HPH Sector January 30, 2023 Full Text
Abstract
The hacktivist group ‘KillNet’—has targeted the U.S. healthcare industry in the past and is actively targeting the health and public health sector. The group is known to launch DDoS attacks and operates multiple public channels aimed at recruitment and garnering attention from these attacks.January 26, 2023 - NCSC, UK
UK cyber experts warn of targeted phishing attacks from actors based in Russia and Iran Full Text
Abstract
The UK has today (Thursday) warned of the threat from targeted spear-phishing campaigns against organisations and individuals carried out by cyber actors based in Russia and Iran.January 25, 2023 - CISA
Protecting Against Malicious Use of Remote Monitoring and Management Software Full Text
Abstract
The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Multi-State Information Sharing and Analysis Center (MS-ISAC) (hereafter referred to as the “authoring organizations”) are releasing this joint Cybersecurity Advisory (CSA) to warn network defenders about malicious use of legitimate remote monitoring and management (RMM) software. In October 2022, CISA identified a widespread cyber campaign involving the malicious use of legitimate RMM software. Specifically, cyber criminal actors sent phishing emails that led to the download of legitimate RMM software—ScreenConnect (now ConnectWise Control) and AnyDesk—which the actors used in a refund scam to steal money from victim bank accounts.January 24, 2023 - CISA
CISA RELEASES REPORT FOR K-12 SCHOOLS TO HELP ADDRESS EVOLVING CYBERSECURITY THREATS Full Text
Abstract
WASHINGTON – Today, the Cybersecurity and Infrastructure Security Agency (CISA) released its report and toolkit for K-12 institutions to help them better protect against cybersecurity threats. The report, “Partnering to Safeguard K-12 Organizations from Cybersecurity Threats,” provides recommendations and resources to help K-12 schools and school districts address systemic cybersecurity risk. It also provides insight into the current threat landscape specific to the K-12 community and offers simple steps school leaders can take to strengthen their cybersecurity efforts.January 24, 2023 - FTC
FTC Marks Identity Theft Awareness Week for 2023 on January 30-February 3 Full Text
Abstract
The Federal Trade Commission will mark its annual Identity Theft Awareness Week with a series of free events January 30-February 3 focused on how identity theft affects people of every community and ways to reduce your risk.January 17, 2023 - CISA
CISA Releases Four Industrial Control Systems Advisories Full Text
Abstract
CISA released four Industrial Control Systems (ICS) advisories on January 17, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.January 17, 2023 - White Houes
Remarks by President Biden and Prime Minister Rutte of the Netherlands Before Bilateral Meeting Full Text
Abstract
PRESIDENT BIDEN: Well, Mr. Prime Minister, it’s great to see you again. We’ve been in many, many meetings together, but it’s good to have you here in the Oval Office. And you’re welcome despite — despite the World Cup match.January 12, 2023 - CISA
CISA Releases Twelve Industrial Control Systems Advisories Full Text
Abstract
CISA released twelve Industrial Control Systems (ICS) advisories on January 12, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.January 12, 2023 - CISA
Updated: KNOWN EXPLOITED VULNERABILITIES CATALOG Full Text