CISA Updates Alert and Releases Supplemental Guidance on Emergency Directive for SolarWinds Orion Compromise

Original release date: December 19, 2020CISA has updated AA20-352A: Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations, originally released December 17. This update states that…

Comments Off on CISA Updates Alert and Releases Supplemental Guidance on Emergency Directive for SolarWinds Orion Compromise

AA20-352A: Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations

Original release date: December 17, 2020SummaryThis Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) version 8 framework. See the ATT&CK for Enterprise version 8 for all referenced…

Comments Off on AA20-352A: Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations

Vulnerability Summary for the Week of December 7, 2020

Original release date: December 14, 2020  High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info acdsee -- photo_studio_2021 PlugInsIDE_ACDStd.apl in ACDSee Photo Studio Studio Professional…

Comments Off on Vulnerability Summary for the Week of December 7, 2020

Active Exploitation of SolarWinds Software

Original release date: December 13, 2020The Cybersecurity and Infrastructure Security Agency (CISA) is aware of active exploitation of SolarWinds Orion Platform software versions 2019.4 through 2020.2.1, released between March 2020…

Comments Off on Active Exploitation of SolarWinds Software

AA20-345A: Cyber Actors Target K-12 Distance Learning Education to Cause Disruptions and Steal Data

Original release date: December 10, 2020<br/><h3>Summary</h3><p>This Joint Cybersecurity Advisory was coauthored by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing…

Comments Off on AA20-345A: Cyber Actors Target K-12 Distance Learning Education to Cause Disruptions and Steal Data

National Cyber Security Centre Cyber Awareness Campaign

Original release date: December 9, 2020The United Kingdom (UK) National Cyber Security Centre (NCSC) has launched a new cyber security campaign encouraging the public to adopt six behaviors to stay…

Comments Off on National Cyber Security Centre Cyber Awareness Campaign