This advisory from CISA and FBI discusses the exploitation of multiple vulnerabilities in Ivanti Cloud Service Appliances (CSA) that occurred in September 2024. The vulnerabilities include administrative bypass, SQL injection, and remote code execution, which were exploited to gain unauthorized access, execute commands, and implant webshells.…
Read More
Author: CISA
This article outlines critical vulnerabilities affecting various software products, including Citrix, Cisco, Fortinet, and Microsoft. Threat actors are exploiting these vulnerabilities, such as CVE-2023-3519 and CVE-2023-34362, to gain unauthorized access and execute malicious activities. Regular updates and security patches are essential to mitigate these risks. #CyberSecurity #VulnerabilityManagement #ThreatIntelligence
Read More
Keypoints :
Multiple critical vulnerabilities identified across various software products.…Summary:
The Cybersecurity and Infrastructure Security Agency (CISA) conducted a red team assessment to evaluate the cybersecurity capabilities of a critical infrastructure organization. The assessment revealed significant vulnerabilities, including insufficient technical controls and inadequate staff training. Recommendations for improvement were provided to enhance the organization’s cybersecurity posture and mitigate risks.…
Short Summary: The FBI, CISA, NSA, CSE, AFP, and ASD’s ACSC have issued a Cybersecurity Advisory regarding Iranian cyber actors employing brute force techniques to compromise critical infrastructure sectors. These actors aim to obtain credentials and network information for sale to cybercriminals, utilizing methods such as password spraying and MFA push bombing since October 2023.…
Read More
Short Summary:
CISA has added a new vulnerability, CVE-2024-8963, related to the Ivanti Cloud Services Appliance, to its Known Exploited Vulnerabilities Catalog, highlighting the ongoing risks posed by such vulnerabilities to federal enterprises and urging timely remediation by all organizations.
Key Points:
CISA has updated its Known Exploited Vulnerabilities Catalog.…
Short Summary: The FBI, CISA, and NSA have assessed that Russian GRU Unit 29155 is responsible for cyber operations targeting global entities for espionage and sabotage since 2020. They have utilized the WhisperGate malware against Ukrainian organizations since January 2022. Organizations are advised to implement security measures to mitigate these threats.…
Read More
Short Summary: This joint Cybersecurity Advisory focuses on the RansomHub ransomware variant, detailing its tactics, techniques, and procedures (TTPs) as part of the #StopRansomware initiative. The advisory provides insights into the ransomware’s operations, including its double-extortion model, the sectors affected, and recommendations for network defenders to mitigate risks.…
Read More
Short Summary:
The FBI, CISA, and DC3 have issued a Cybersecurity Advisory warning about ongoing cyber activities by Iran-based actors targeting U.S. and foreign organizations, particularly in sectors like education, finance, and healthcare. These actors aim to gain network access for collaboration with ransomware affiliates, while also conducting espionage activities for the Iranian government.…
Short Summary:
This publication outlines best practices for event logging to enhance cyber security and resilience against threats. Developed by the Australian Cyber Security Centre (ACSC) in collaboration with international partners, it emphasizes the importance of effective logging solutions to support incident response, reduce alert noise, and ensure compliance with organizational policies.…
Short Summary:
CISA has added six new vulnerabilities to its Known Exploited Vulnerabilities Catalog, highlighting the risks posed by these vulnerabilities to federal enterprises. The vulnerabilities include various Microsoft products, and organizations are urged to prioritize remediation to protect against active threats.
Key Points:
CISA added six new vulnerabilities to its Known Exploited Vulnerabilities Catalog.…The U.S. Federal Bureau of Investigation (FBI) and the following authoring partners are releasing this Cybersecurity Advisory to highlight cyber espionage activity associated with the Democratic People’s Republic of Korea (DPRK)’s Reconnaissance General Bureau (RGB) 3rd Bureau based in Pyongyang and Sinuiju:
The RGB 3rd Bureau includes a DPRK (aka North Korean) state-sponsored cyber group known publicly as Andariel, Onyx Sleet (formerly PLUTONIUM), DarkSeoul, Silent Chollima, and Stonefly/Clasiopa.…
This advisory, authored by the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), the United States Cybersecurity and Infrastructure Security Agency (CISA), the United States National Security Agency (NSA), the United States Federal Bureau of Investigation (FBI), the United Kingdom National Cyber Security Centre (NCSC-UK), the Canadian Centre for Cyber Security (CCCS), the New Zealand National Cyber Security Centre (NCSC-NZ), the German Federal Intelligence Service (BND) and Federal Office for the Protection of the Constitution (BfV), the Republic of Korea’s National Intelligence Service (NIS) and NIS’ National Cyber Security Center, and Japan’s National Center of Incident Readiness and Strategy for Cybersecurity (NISC) and National Police Agency (NPA)—hereafter referred to as the “authoring agencies”—outlines a People’s Republic of China (PRC) state-sponsored cyber group and their current threat to Australian networks.…
EXECUTIVE SUMMARY
Read More
In early 2023, the Cybersecurity and Infrastructure Security Agency (CISA) conducted a SILENTSHIELD red team assessment against a Federal Civilian Executive Branch (FCEB) organization. During SILENTSHIELD assessments, the red team first performs a no-notice, long-term simulation of nation-state cyber operations. The team mimics the techniques, tradecraft, and behaviors of sophisticated threat actors and measures the potential dwell time actors have on a network, providing a realistic assessment of the organization’s security posture.…
SUMMARY
Read More
Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware.…
SUMMARY
Read More
Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware.…
SUMMARY
Read More
Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware.…
SUMMARY
Read More
The Cybersecurity and Infrastructure Security Agency (CISA) and the following partners (hereafter referred to as the authoring organizations) are releasing this joint Cybersecurity Advisory to warn that cyber threat actors are exploiting previously identified vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure gateways. CISA and authoring organizations appreciate the cooperation of Volexity, Ivanti, Mandiant and other industry partners in the development of this advisory and ongoing incident response activities.…
How SVR-Attributed Actors are Adapting to the Move of Government and Corporations to Cloud Infrastructure
OVERVIEW
Read More
This advisory details recent tactics, techniques, and procedures (TTPs) of the group commonly known as APT29, also known as Midnight Blizzard, the Dukes, or Cozy Bear.
The UK National Cyber Security Centre (NCSC) and international partners assess that APT29 is a cyber espionage group, almost certainly part of the SVR, an element of the Russian intelligence services.…
SUMMARY
Read More
The Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) conducted an incident response assessment of a state government organization’s network environment after documents containing host and user information, including metadata, were posted on a dark web brokerage site.…
SUMMARY
Read More
The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI) assess that People’s Republic of China (PRC) state-sponsored cyber actors are seeking to pre-position themselves on IT networks for disruptive or destructive cyberattacks against U.S. critical infrastructure in the event of a major crisis or conflict with the United States.…