August 2022
Title
AA22-228A: Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite
Published
Aug. 16, 2022, 5:38 p.m.
Summary
Original release date: August 16, 2022SummaryActions for ZCS administrators to take today to mitigate malicious cyber activity: • Patch all systems and prioritize patching known exploited vulnerabilities. • Deploy detection signatures and hunt for indicators of compromise (IOCs). • If ZCS was compromised, remediate malicious activity. The Cybersecurity and Infrastructure ...
Title
AA22-223A: #StopRansomware: Zeppelin Ransomware
Published
Aug. 11, 2022, 6 p.m.
Summary
Original release date: August 11, 2022SummaryActions to take today to mitigate cyber threats from ransomware: • Prioritize remediating known exploited vulnerabilities. • Train users to recognize and report phishing attempts. • Enable and enforce multifactor authentication. Note: this joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to ...
Title
AA22-216A: 2021 Top Malware Strains
Published
Aug. 4, 2022, 8:10 p.m.
Summary
Original release date: August 4, 2022SummaryImmediate Actions You Can Take Now to Protect Against Malware: • Patch all systems and prioritize patching known exploited vulnerabilities. • Enforce multifactor authentication (MFA). • Secure Remote Desktop Protocol (RDP) and other risky services. • Make offline backups of your data. • Provide end-user ...
July 2022
Title
AA22-187A: North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector
Published
July 6, 2022, 4 p.m.
Summary
Original release date: July 6, 2022SummaryThe Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Department of the Treasury (Treasury) are releasing this joint Cybersecurity Advisory (CSA) to provide information on Maui ransomware, which has been used by North Korean state-sponsored cyber actors since at least ...
June 2022
Title
AA22-181A: #StopRansomware: MedusaLocker
Published
June 30, 2022, 7 p.m.
Summary
Original release date: June 30, 2022SummaryActions to take today to mitigate cyber threats from ransomware: • Prioritize remediating known exploited vulnerabilities. • Train users to recognize and report phishing attempts. • Enable and enforce multifactor authentication. Note: this joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to ...
Title
AA22-174A: Malicious Cyber Actors Continue to Exploit Log4Shell in VMware Horizon Systems
Published
June 23, 2022, 7 p.m.
Summary
Original release date: June 23, 2022SummaryActions to take today: • Install fixed builds, updating all affected VMware Horizon and UAG systems to the latest versions. If updates or workarounds were not promptly applied following VMware’s release of updates for Log4Shell in December 2021, treat all affected VMware systems as compromised. ...
Title
AA22-158A: People’s Republic of China State-Sponsored Cyber Actors Exploit Network Providers and Devices
Published
June 8, 2022, midnight
Summary
Original release date: June 7, 2022SummaryBest Practices • Apply patches as soon as possible • Disable unnecessary ports and protocols • Replace end-of-life infrastructure • Implement a centralized patch management system This joint Cybersecurity Advisory describes the ways in which People’s Republic of China (PRC) state-sponsored cyber actors continue to ...
Title
AA22-152A: Karakurt Data Extortion Group
Published
June 1, 2022, 4 p.m.
Summary
Original release date: June 1, 2022SummaryActions to take today to mitigate cyber threats from ransomware: • Prioritize patching known exploited vulnerabilities. • Train users to recognize and report phishing attempts. • Enforce multifactor authentication. The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Department of ...
May 2022
Title
AA22-138B: Threat Actors Chaining Unpatched VMware Vulnerabilities for Full System Control
Published
May 18, 2022, 8 p.m.
Summary
Original release date: May 18, 2022SummaryThe Cybersecurity and Infrastructure Security Agency (CISA) is releasing this Cybersecurity Advisory (CSA) to warn organizations that malicious cyber actors, likely advanced persistent threat (APT) actors, are exploiting CVE-2022-22954 and CVE-2022-22960 separately and in combination. These vulnerabilities affect certain versions of VMware Workspace ONE Access, ...
Title
AA22-138A: Threat Actors Exploiting F5 BIG-IP CVE-2022-1388
Published
May 18, 2022, 3 p.m.
Summary
Original release date: May 18, 2022SummaryActions for administrators to take today: • Do not expose management interfaces to the internet. • Enforce multi-factor authentication. • Consider using CISA’s Cyber Hygiene Services. The Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) are releasing this ...
Title
AA22-137A: Weak Security Controls and Practices Routinely Exploited for Initial Access
Published
May 17, 2022, 3 p.m.
Summary
Original release date: May 17, 2022SummaryBest Practices to Protect Your Systems: • Control access. • Harden Credentials. • Establish centralized log management. • Use antivirus solutions. • Employ detection tools. • Operate services exposed on internet-accessible hosts with secure configurations. • Keep software updated. Cyber actors routinely exploit poor security ...
Title
AA22-131A: Protecting Against Cyber Threats to Managed Service Providers and their Customers
Published
May 11, 2022, 1 p.m.
Summary
Original release date: May 11, 2022SummaryTactical actions for MSPs and their customers to take today: • Identify and disable accounts that are no longer in use. • Enforce MFA on MSP accounts that access the customer environment and monitor for unexplained failed authentication. • Ensure MSP-customer contracts transparently identify ownership ...
April 2022
Title
AA22-117A: 2021 Top Routinely Exploited Vulnerabilities
Published
April 27, 2022, 4 p.m.
Summary
Original release date: April 27, 2022SummaryThis joint Cybersecurity Advisory (CSA) was coauthored by cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom: the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), Australian Cyber Security Centre (ACSC), Canadian Centre ...
Title
AA22-110A: Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure
Published
April 20, 2022, 7 p.m.
Summary
Original release date: April 20, 2022SummaryActions critical infrastructure organizations should implement to immediately protect against Russian state-sponsored and criminal cyber threats: • Patch all systems. Prioritize patching known exploited vulnerabilities. • Enforce multifactor authentication. • Secure and monitor Remote Desktop Protocol and other risky services. • Provide end-user awareness and ...
Title
AA22-108A: TraderTraitor: North Korean State-Sponsored APT Targets Blockchain Companies
Published
April 18, 2022, 3:38 p.m.
Summary
Original release date: April 18, 2022SummaryActions to take today to mitigate cyber threats to cryptocurrency: • Patch all systems. • Prioritize patching known exploited vulnerabilities. • Train users to recognize and report phishing attempts. • Use multifactor authentication. The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency ...
Title
AA22-103A: APT Cyber Tools Targeting ICS/SCADA Devices
Published
April 13, 2022, 7 p.m.
Summary
Original release date: April 13, 2022SummaryActions to Take Today to Protect ICS/SCADA Devices: • Enforce multifactor authentication for all remote access to ICS networks and devices whenever possible. • Change all passwords to ICS/SCADA devices and systems on a consistent schedule, especially all default passwords, to device-unique strong passwords to ...
March 2022
Title
AA22-083A: Tactics, Techniques, and Procedures of Indicted State-Sponsored Russian Cyber Actors Targeting the Energy Sector
Published
March 24, 2022, 3 p.m.
Summary
Original release date: March 24, 2022SummaryActions to Take Today to Protect Energy Sector Networks: • Implement and ensure robust network segmentation between IT and ICS networks. • Enforce MFA to authenticate to a system. • Manage the creation of, modification of, use of—and permissions associated with—privileged accounts. This joint Cybersecurity ...
Title
AA22-076A: Strengthening Cybersecurity of SATCOM Network Providers and Customers
Published
March 17, 2022, 8 p.m.
Summary
Original release date: March 17, 2022SummaryActions to Take Today: • Use secure methods for authentication. • Enforce principle of least privilege. • Review trust relationships. • Implement encryption. • Ensure robust patching and system configuration audits. • Monitor logs for suspicious activity. • Ensure incident response, resilience, and continuity of ...
Title
AA22-074A: Russian State-Sponsored Cyber Actors Gain Network Access by Exploiting Default Multifactor Authentication Protocols and “PrintNightmare” Vulnerability
Published
March 15, 2022, 3 p.m.
Summary
Original release date: March 15, 2022SummaryMultifactor Authentication (MFA): A Cybersecurity Essential • MFA is one of the most important cybersecurity practices to reduce the risk of intrusions—according to industry research, users who enable MFA are up to 99 percent less likely to have an account compromised. • Every organization should ...
February 2022
Title
AA22-057A: Destructive Malware Targeting Organizations in Ukraine
Published
Feb. 26, 2022, 4 p.m.
Summary
Original release date: February 26, 2022SummaryActions to Take Today: • Set antivirus and antimalware programs to conduct regular scans. • Enable strong spam filters to prevent phishing emails from reaching end users. • Filter network traffic. • Update software. • Require multifactor authentication. Leading up to Russia’s unprovoked attack against ...
Title
AA22-057A: Update: Destructive Malware Targeting Organizations in Ukraine
Published
Feb. 26, 2022, 4 p.m.
Summary
Original release date: February 26, 2022 | Last revised: April 28, 2022SummaryActions to Take Today: • Set antivirus and antimalware programs to conduct regular scans. • Enable strong spam filters to prevent phishing emails from reaching end users. • Filter network traffic. • Update software. • Require multifactor authentication. (Updated ...
Title
AA22-055A : Iranian Government-Sponsored Actors Conduct Cyber Operations Against Global Government and Commercial Networks
Published
Feb. 24, 2022, 5 p.m.
Summary
Original release date: February 24, 2022SummaryActions to Take Today to Protect Against Malicious Activity * Search for indicators of compromise. * Use antivirus software. * Patch all systems. * Prioritize patching known exploited vulnerabilities. * Train users to recognize and report phishing attempts. * Use multi-factor authentication. Note: this advisory ...
Title
AA22-054A: New Sandworm Malware Cyclops Blink Replaces VPNFilter
Published
Feb. 23, 2022, 4 p.m.
Summary
Original release date: February 23, 2022SummaryThe Sandworm actor, which the United Kingdom and the United States have previously attributed to the Russian GRU, has replaced the exposed VPNFilter malware with a new more advanced framework. The United Kingdom's (UK) National Cyber Security Centre (NCSC), the Cybersecurity and Infrastructure Security Agency ...
Title
AA22-047A: Russian State-Sponsored Cyber Actors Target Cleared Defense Contractor Networks to Obtain Sensitive U.S. Defense Information and Technology
Published
Feb. 16, 2022, 4 p.m.
Summary
Original release date: February 16, 2022SummaryActions to Help Protect Against Russian State-Sponsored Malicious Cyber Activity: • Enforce multifactor authentication. • Enforce strong, unique passwords. • Enable M365 Unified Audit Logs. • Implement endpoint detection and response tools. From at least January 2020, through February 2022, the Federal Bureau of Investigation ...
Title
AA22-040A: 2021 Trends Show Increased Globalized Threat of Ransomware
Published
Feb. 9, 2022, 3 p.m.
Summary
Original release date: February 9, 2022SummaryImmediate Actions You Can Take Now to Protect Against Ransomware: • Update your operating system and software. • Implement user training and phishing exercises to raise awareness about the risk of suspicious links and attachments. • If you use Remote Desktop Protocol (RDP), secure and ...

Last Updates

BOSCH PSIRT
11.08.2022
CODESYS
27.07.2022
SIEMENS CERT
09.08.2022
US CERT
16.08.2022
US CERT (ICS)
16.08.2022

By Source

Archive

2022
2021
2020
2019
2018
2017

Feeds