April 2024
17.04.2024
US CERT
#StopRansomware: Akira Ransomware
Title
#StopRansomware: Akira Ransomware
Published
April 17, 2024, 6:23 p.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-109a
Summary
SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations ...
February 2024
26.02.2024
US CERT
#StopRansomware: Phobos Ransomware
Title
#StopRansomware: Phobos Ransomware
Published
Feb. 26, 2024, 3:51 p.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-060a
Summary
SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations ...
23.02.2024
US CERT
SVR Cyber Actors Adapt Tactics for Initial Cloud Access
Title
SVR Cyber Actors Adapt Tactics for Initial Cloud Access
Published
Feb. 23, 2024, 6:37 p.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-057a
Summary
How SVR-Attributed Actors are Adapting to the Move of Government and Corporations to Cloud Infrastructure OVERVIEW This advisory details recent tactics, techniques, and procedures (TTPs) of the group commonly known as APT29, also known as Midnight Blizzard, the Dukes, or Cozy Bear. The UK National Cyber Security Centre (NCSC) and ...
21.02.2024
US CERT
Threat Actors Exploit Multiple Vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways
Title
Threat Actors Exploit Multiple Vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways
Published
Feb. 21, 2024, 9:30 p.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-060b
Summary
SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA) and the following partners (hereafter referred to as the authoring organizations) are releasing this joint Cybersecurity Advisory to warn that cyber threat actors are exploiting previously identified vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure gateways. CISA and authoring organizations appreciate ...
14.02.2024
US CERT
Threat Actor Leverages Compromised Account of Former Employee to Access State Government Organization
Title
Threat Actor Leverages Compromised Account of Former Employee to Access State Government Organization
Published
Feb. 14, 2024, 9:19 p.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-046a
Summary
SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) conducted an incident response assessment of a state government organization’s network environment after documents containing host and user information, including metadata, were posted on a dark web brokerage site. Analysis confirmed that an ...
01.02.2024
US CERT
PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure
Title
PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure
Published
Feb. 1, 2024, 9:37 p.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-038a
Summary
SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI) assess that People’s Republic of China (PRC) state-sponsored cyber actors are seeking to pre-position themselves on IT networks for disruptive or destructive cyberattacks against U.S. critical infrastructure in the event of a ...
January 2024
12.01.2024
US CERT
Known Indicators of Compromise Associated with Androxgh0st Malware
Title
Known Indicators of Compromise Associated with Androxgh0st Malware
Published
Jan. 12, 2024, 6:13 p.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-016a
Summary
SUMMARY The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint Cybersecurity Advisory (CSA) to disseminate known indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) associated with threat actors deploying Androxgh0st malware. Multiple, ongoing investigations and trusted third party reporting ...
December 2023
19.12.2023
US CERT
#StopRansomware: ALPHV Blackcat
Title
#StopRansomware: ALPHV Blackcat
Published
Dec. 19, 2023, 3:31 p.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-353a
Summary
SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations ...
14.12.2023
US CERT
Enhancing Cyber Resilience: Insights from the CISA Healthcare and Public Health Sector Risk and Vulnerability Assessment
Title
Enhancing Cyber Resilience: Insights from the CISA Healthcare and Public Health Sector Risk and Vulnerability Assessment
Published
Dec. 14, 2023, 1:24 a.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-349a
Summary
SUMMARY In January 2023, the Cybersecurity and Infrastructure Security Agency (CISA) conducted a Risk and Vulnerability Assessment (RVA) at the request of a Healthcare and Public Health (HPH) sector organization to identify vulnerabilities and areas for improvement. An RVA is a two-week penetration test of an entire organization, with one ...
12.12.2023
US CERT
Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally
Title
Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally
Published
Dec. 12, 2023, 6:33 p.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-347a
Summary
SUMMARY The U.S. Federal Bureau of Investigation (FBI), U.S. Cybersecurity & Infrastructure Security Agency (CISA), U.S. National Security Agency (NSA), Polish Military Counterintelligence Service (SKW), CERT Polska (CERT.PL), and the UK’s National Cyber Security Centre (NCSC) assess Russian Foreign Intelligence Service (SVR) cyber actors—also known as Advanced Persistent Threat 29 ...
11.12.2023
US CERT
#StopRansomware: Play Ransomware
Title
#StopRansomware: Play Ransomware
Published
Dec. 11, 2023, 11:41 p.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-352a
Summary
SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations ...
06.12.2023
US CERT
Russian FSB Cyber Actor Star Blizzard Continues Worldwide Spear-phishing Campaigns
Title
Russian FSB Cyber Actor Star Blizzard Continues Worldwide Spear-phishing Campaigns
Published
Dec. 6, 2023, 9:18 p.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-341a
Summary
The Russia-based actor is targeting organizations and individuals in the UK and other geographical areas of interest. OVERVIEW The Russia-based actor Star Blizzard (formerly known as SEABORGIUM, also known as Callisto Group/TA446/COLDRIVER/TAG-53/BlueCharlie) continues to successfully use spear-phishing attacks against targeted organizations and individuals in the UK, and other geographical areas ...
04.12.2023
US CERT
Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers
Title
Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers
Published
Dec. 4, 2023, 7:05 p.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-339a
Summary
SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA) is releasing a Cybersecurity Advisory (CSA) in response to confirmed exploitation of CVE-2023-26360 by unidentified threat actors at a Federal Civilian Executive Branch (FCEB) agency. This vulnerability presents as an improper access control issue impacting Adobe ColdFusion versions 2018 Update 15 (and ...
01.12.2023
US CERT
IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities
Title
IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities
Published
Dec. 1, 2023, 11:21 p.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-335a
Summary
SUMMARY The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Environmental Protection Agency (EPA), and the Israel National Cyber Directorate (INCD)—hereafter referred to as "the authoring agencies"—are disseminating this joint Cybersecurity Advisory (CSA) to highlight continued malicious cyber activity against operational technology devices ...
November 2023
21.11.2023
US CERT
#StopRansomware: LockBit 3.0 Ransomware Affiliates Exploit CVE 2023-4966 Citrix Bleed Vulnerability
Title
#StopRansomware: LockBit 3.0 Ransomware Affiliates Exploit CVE 2023-4966 Citrix Bleed Vulnerability
Published
Nov. 21, 2023, 2:50 p.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-325a
Summary
SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations ...
15.11.2023
US CERT
Scattered Spider
Title
Scattered Spider
Published
Nov. 15, 2023, 3:55 p.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-320a
Summary
SUMMARY The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint Cybersecurity Advisory (CSA) in response to recent activity by Scattered Spider threat actors against the commercial facilities sectors and subsectors. This advisory provides tactics, techniques, and procedures (TTPs) obtained through FBI investigations ...
14.11.2023
US CERT
#StopRansomware: Rhysida Ransomware
Title
#StopRansomware: Rhysida Ransomware
Published
Nov. 14, 2023, 5:45 p.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-319a
Summary
SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders detailing various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect ...
October 2023
13.10.2023
US CERT
Threat Actors Exploit Atlassian Confluence CVE-2023-22515 for Initial Access to Networks
Title
Threat Actors Exploit Atlassian Confluence CVE-2023-22515 for Initial Access to Networks
Published
Oct. 13, 2023, 10:48 p.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-289a
Summary
SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing this joint Cybersecurity Advisory (CSA) in response to the active exploitation of CVE-2023-22515. This recently disclosed vulnerability affects certain versions of Atlassian Confluence Data Center and Server, ...
10.10.2023
US CERT
#StopRansomware: AvosLocker Ransomware (Update)
Title
#StopRansomware: AvosLocker Ransomware (Update)
Published
Oct. 10, 2023, 5:46 p.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-284a
Summary
SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations ...
02.10.2023
US CERT
NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations
Title
NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations
Published
Oct. 2, 2023, 9:42 p.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-278a
Summary
A plea for network defenders and software manufacturers to fix common problems. EXECUTIVE SUMMARY The National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint cybersecurity advisory (CSA) to highlight the most common cybersecurity misconfigurations in large organizations, and detail the tactics, techniques, and procedures ...
September 2023
26.09.2023
US CERT
People's Republic of China-Linked Cyber Actors Hide in Router Firmware
Title
People's Republic of China-Linked Cyber Actors Hide in Router Firmware
Published
Sept. 26, 2023, 9:45 p.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-270a
Summary
Executive Summary The United States National Security Agency (NSA), the U.S. Federal Bureau of Investigation (FBI), the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Japan National Police Agency (NPA), and the Japan National Center of Incident Readiness and Strategy for Cybersecurity (NISC) (hereafter referred to as the “authoring agencies”) ...
18.09.2023
US CERT
#StopRansomware: Snatch Ransomware
Title
#StopRansomware: Snatch Ransomware
Published
Sept. 18, 2023, 11:27 p.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-263a
Summary
SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations ...
06.09.2023
US CERT
Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475
Title
Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475
Published
Sept. 6, 2023, 7:03 p.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-250a
Summary
SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and Cyber National Mission Force (CNMF) identified the presence of indicators of compromise (IOCs) at an Aeronautical Sector organization as early as January 2023. Analysts confirmed that nation-state advanced persistent threat (APT) actors exploited CVE-2022-47966 to gain ...
August 2023
29.08.2023
US CERT
Identification and Disruption of QakBot Infrastructure
Title
Identification and Disruption of QakBot Infrastructure
Published
Aug. 29, 2023, 9:28 p.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-242a
Summary
SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) are releasing this joint Cybersecurity Advisory (CSA) to disseminate QakBot infrastructure indicators of compromise (IOCs) identified through FBI investigations as of August 2023. On August 25, FBI and international partners executed a coordinated operation to disrupt ...
02.08.2023
US CERT
2022 Top Routinely Exploited Vulnerabilities
Title
2022 Top Routinely Exploited Vulnerabilities
Published
Aug. 2, 2023, 8:57 p.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-215a
Summary
SUMMARY The following cybersecurity agencies coauthored this joint Cybersecurity Advisory (CSA): United States: The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI) Australia: Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) Canada: Canadian Centre for Cyber Security (CCCS) New Zealand: New Zealand ...

Last Updates

BOSCH PSIRT
20.03.2024
CODESYS
28.06.2023
SIEMENS CERT
19.04.2024
US CERT
17.04.2024
US CERT (ICS)
25.04.2024

By Source

Archive

2024
2023
2022
2021
2020
2019
2018
2017

Feeds