CYNET – Page 103 – CYNET-CSIRT

Vulnerability Summary for the Week of January 4, 2021

Original release date: January 11, 2021 The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not…

Comments Off

January 11, 2021

Current Activity

CISA Releases New Alert on Post-Compromise Threat Activity in Microsoft Cloud Environments and Tools to Help Detect This Activity

Original release date: January 8, 2021CISA has evidence of post-compromise advanced persistent threat (APT) activity in the cloud environment. Specifically, CISA has seen an APT actor using compromised applications in…

Comments Off

January 8, 2021

Alerts

AA21-008A: Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments

Original release date: January 8, 2021SummaryThis Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise for all referenced threat actor tactics and…

Comments Off

January 8, 2021

Current Activity

MS-ISAC Releases Cybersecurity Advisory on Zyxel Firewalls and AP Controllers

Original release date: January 8, 2021The Multi-State Information Sharing and Analysis Center (MS-ISAC) has released an advisory on a vulnerability in Zyxel firewalls and AP controllers. A remote attacker could exploit…

Comments Off

January 8, 2021

Current Activity

Mozilla Releases Security Updates for Firefox, Firefox for Android, and Firefox ESR

Original release date: January 7, 2021Mozilla has released security updates to address a vulnerability in Firefox, Firefox for Android, and Firefox ESR. An attacker could exploit this vulnerability to take…

Comments Off

January 7, 2021

Current Activity

CISA Updates Emergency Directive 21-01 Supplemental Guidance and Activity Alert on SolarWinds Orion Compromise

Original release date: January 6, 2021CISA has released Emergency Directive (ED) 21-01 Supplemental Guidance version 3: Mitigate SolarWinds Orion Code Compromise, providing guidance that supersedes Required Action 4 of ED…

Comments Off

January 7, 2021

Current Activity

NSA Releases Guidance on Eliminating Obsolete TLS Protocol Configurations

Original release date: January 5, 2021The National Security Agency (NSA) has released a Cybersecurity Information (CSI) sheet on eliminating obsolete Transport Layer Security (TLS) configurations. The information sheet identifies strategies…

Comments Off

January 6, 2021

Bulletins

Vulnerability Summary for the Week of December 28, 2020

Original release date: January 4, 2021 The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not…

Comments Off

January 4, 2021

Bulletins

Vulnerability Summary for the Week of December 21, 2020

Original release date: December 28, 2020 The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not…

Comments Off

December 28, 2020

Current Activity

CISA Releases Free Detection Tool for Azure/M365 Environment

Original release date: December 24, 2020CISA has created a free tool for detecting unusual and potentially malicious activity that threatens users and applications in an Azure/Microsoft O365 environment. The tool…

Comments Off

December 25, 2020