Alerts

Alerts

People’s Republic of China-Linked Cyber Actors Hide in Router Firmware

Executive Summary The United States National Security Agency (NSA), the U.S. Federal Bureau of Investigation (FBI), the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Japan National Police Agency (NPA),…

Comments Off on People’s Republic of China-Linked Cyber Actors Hide in Router Firmware
September 28, 2023
Alerts

#StopRansomware: Snatch Ransomware

SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These…

Comments Off on #StopRansomware: Snatch Ransomware
September 21, 2023
Alerts

Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475

SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and Cyber National Mission Force (CNMF) identified the presence of indicators of compromise (IOCs) at an Aeronautical…

Comments Off on Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475
September 8, 2023
Alerts

Identification and Disruption of QakBot Infrastructure

SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) are releasing this joint Cybersecurity Advisory (CSA) to disseminate QakBot infrastructure indicators of compromise (IOCs) identified…

Comments Off on Identification and Disruption of QakBot Infrastructure
August 31, 2023
Alerts

2022 Top Routinely Exploited Vulnerabilities

SUMMARY The following cybersecurity agencies coauthored this joint Cybersecurity Advisory (CSA): United States: The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI)…

Comments Off on 2022 Top Routinely Exploited Vulnerabilities
August 4, 2023
Alerts

Threat Actors Exploiting Ivanti EPMM Vulnerabilities

SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA) and the Norwegian National Cyber Security Centre (NCSC-NO) are releasing this joint Cybersecurity Advisory (CSA) in response to active exploitation of CVE-2023-35078…

Comments Off on Threat Actors Exploiting Ivanti EPMM Vulnerabilities
August 1, 2023
Alerts

Preventing Web Application Access Control Abuse

SUMMARY The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC), U.S. Cybersecurity and Infrastructure Security Agency (CISA), and U.S. National Security Agency (NSA) are releasing this joint Cybersecurity Advisory to…

Comments Off on Preventing Web Application Access Control Abuse
July 28, 2023
Alerts

Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells

SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA) is releasing this Cybersecurity Advisory to warn network defenders about exploitation of CVE-2023-3519, an unauthenticated remote code execution (RCE) vulnerability affecting NetScaler…

Comments Off on Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells
July 20, 2023
Alerts

Enhanced Monitoring to Detect APT Activity Targeting Outlook Online

SUMMARY In June 2023, a Federal Civilian Executive Branch (FCEB) agency identified suspicious activity in their Microsoft 365 (M365) cloud environment. The agency reported the activity to Microsoft and the…

Comments Off on Enhanced Monitoring to Detect APT Activity Targeting Outlook Online
July 13, 2023
Alerts

Increased Truebot Activity Infects U.S. and Canada Based Networks

SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Canadian Centre for Cyber Security (CCCS)…

Comments Off on Increased Truebot Activity Infects U.S. and Canada Based Networks
July 7, 2023