August 2023
01.08.2023
US CERT
Threat Actors Exploiting Ivanti EPMM Vulnerabilities
Title
Threat Actors Exploiting Ivanti EPMM Vulnerabilities
Published
Aug. 1, 2023, 4:42 p.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-213a
Summary
SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA) and the Norwegian National Cyber Security Centre (NCSC-NO) are releasing this joint Cybersecurity Advisory (CSA) in response to active exploitation of CVE-2023-35078 and CVE-2023-35081. Advanced persistent threat (APT) actors exploited CVE-2023-35078 as a zero day from at least April 2023 through July ...
July 2023
26.07.2023
US CERT
Preventing Web Application Access Control Abuse
Title
Preventing Web Application Access Control Abuse
Published
July 26, 2023, 11:10 p.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-208a
Summary
SUMMARY The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC), U.S. Cybersecurity and Infrastructure Security Agency (CISA), and U.S. National Security Agency (NSA) are releasing this joint Cybersecurity Advisory to warn vendors, designers, and developers of web applications and organizations using web applications about insecure direct object reference (IDOR) vulnerabilities. ...
20.07.2023
US CERT
Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells
Title
Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells
Published
July 20, 2023, 9:28 p.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-201a
Summary
SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA) is releasing this Cybersecurity Advisory to warn network defenders about exploitation of CVE-2023-3519, an unauthenticated remote code execution (RCE) vulnerability affecting NetScaler (formerly Citrix) Application Delivery Controller (ADC) and NetScaler Gateway. In June 2023, threat actors exploited this vulnerability as a zero-day ...
11.07.2023
US CERT
Enhanced Monitoring to Detect APT Activity Targeting Outlook Online
Title
Enhanced Monitoring to Detect APT Activity Targeting Outlook Online
Published
July 11, 2023, 11:55 p.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-193a
Summary
SUMMARY In June 2023, a Federal Civilian Executive Branch (FCEB) agency identified suspicious activity in their Microsoft 365 (M365) cloud environment. The agency reported the activity to Microsoft and the Cybersecurity and Infrastructure Security Agency (CISA), and Microsoft determined that advanced persistent threat (APT) actors accessed and exfiltrated unclassified Exchange ...
05.07.2023
US CERT
Increased Truebot Activity Infects U.S. and Canada Based Networks
Title
Increased Truebot Activity Infects U.S. and Canada Based Networks
Published
July 5, 2023, 11:30 p.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-187a
Summary
SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Canadian Centre for Cyber Security (CCCS) are releasing this joint Cybersecurity Advisory (CSA) in response to cyber threat actors leveraging newly identified Truebot malware variants against ...
June 2023
12.06.2023
US CERT
Understanding Ransomware Threat Actors: LockBit
Title
Understanding Ransomware Threat Actors: LockBit
Published
June 12, 2023, 6:22 p.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-165a
Summary
SUMMARY In 2022, LockBit was the most deployed ransomware variant across the world and continues to be prolific in 2023. Since January 2020, affiliates using LockBit have attacked organizations of varying sizes across an array of critical infrastructure sectors, including financial services, food and agriculture, education, energy, government and emergency ...
06.06.2023
US CERT
#StopRansomware: CL0P Ransomware Gang Exploits CVE-2023-34362 MOVEit Vulnerability
Title
#StopRansomware: CL0P Ransomware Gang Exploits CVE-2023-34362 MOVEit Vulnerability
Published
June 6, 2023, 10:58 p.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-158a
Summary
SUMMARY Note: this joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations ...
May 2023
23.05.2023
US CERT
People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection
Title
People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection
Published
May 23, 2023, 8:06 p.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-144a
Summary
Summary The United States and international cybersecurity authorities are issuing this joint Cybersecurity Advisory (CSA) to highlight a recently discovered cluster of activity of interest associated with a People’s Republic of China (PRC) state-sponsored cyber actor, also known as Volt Typhoon. Private sector partners have identified that this activity affects ...
15.05.2023
US CERT
#StopRansomware: BianLian Ransomware Group
Title
#StopRansomware: BianLian Ransomware Group
Published
May 15, 2023, 6:29 p.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-136a
Summary
Summary Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations ...
10.05.2023
US CERT
Malicious Actors Exploit CVE-2023-27350 in PaperCut MF and NG
Title
Malicious Actors Exploit CVE-2023-27350 in PaperCut MF and NG
Published
May 10, 2023, 11:35 p.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-131a
Summary
SUMMARY The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint Cybersecurity Advisory (CSA) in response to the active exploitation of CVE-2023-27350. This vulnerability occurs in certain versions of PaperCut NG and PaperCut MF and enables an unauthenticated actor to execute malicious code ...
08.05.2023
US CERT
Hunting Russian Intelligence “Snake” Malware
Title
Hunting Russian Intelligence “Snake” Malware
Published
May 8, 2023, 11:02 p.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-129a
Summary
SUMMARY The Snake implant is considered the most sophisticated cyber espionage tool designed and used by Center 16 of Russia’s Federal Security Service (FSB) for long-term intelligence collection on sensitive targets. To conduct operations using this tool, the FSB created a covert peer-to-peer (P2P) network of numerous Snake-infected computers worldwide. ...
April 2023
17.04.2023
US CERT
APT28 Exploits Known Vulnerability to Carry Out Reconnaissance and Deploy Malware on Cisco Routers
Title
APT28 Exploits Known Vulnerability to Carry Out Reconnaissance and Deploy Malware on Cisco Routers
Published
April 17, 2023, 10:32 p.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-108
Summary
APT28 accesses poorly maintained Cisco routers and deploys malware on unpatched devices using CVE-2017-6742. Overview and Context The UK National Cyber Security Centre (NCSC), the US National Security Agency (NSA), US Cybersecurity and Infrastructure Security Agency (CISA) and US Federal Bureau of Investigation (FBI) are releasing this joint advisory to ...
March 2023
15.03.2023
US CERT
#StopRansomware: LockBit 3.0
Title
#StopRansomware: LockBit 3.0
Published
March 15, 2023, 8:20 p.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-075a
Summary
SUMMARY Note: this joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect ...
13.03.2023
US CERT
Threat Actors Exploit Progress Telerik Vulnerability in U.S. Government IIS Server
Title
Threat Actors Exploit Progress Telerik Vulnerability in U.S. Government IIS Server
Published
March 13, 2023, 6:57 p.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-074a
Summary
SUMMARY From November 2022 through early January 2023, the Cybersecurity and Infrastructure Security Agency (CISA) and authoring organizations identified the presence of indicators of compromise (IOCs) at a federal civilian executive branch (FCEB) agency. Analysts determined that multiple cyber threat actors, including an APT actor, were able to exploit a ...
13.03.2023
US CERT
Threat Actors Exploit Progress Telerik Vulnerability in...
Title
<a href="/news-events/cybersecurity-advisories/aa23-074a" hreflang="en">Threat Actors Exploit Progress Telerik Vulnerability in U.S. Government IIS Server</a>
Published
March 13, 2023, 6:57 p.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-074a
Summary
SUMMARY From November 2022 through early January 2023, the Cybersecurity and Infrastructure Security Agency (CISA) and authoring organizations identified the presence of indicators of compromise (IOCs) at a federal civilian executive branch (FCEB) agency. Analysts determined that multiple cyber threat actors, including an APT actor, were able to exploit a ...
13.03.2023
US CERT
Threat Actors Exploit Progress Telerik Vulnerabilities in Multiple U.S. Government IIS Servers
Title
Threat Actors Exploit Progress Telerik Vulnerabilities in Multiple U.S. Government IIS Servers
Published
March 13, 2023, 6:57 p.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-074a
Summary
SUMMARY From November 2022 through early January 2023, the Cybersecurity and Infrastructure Security Agency (CISA) and authoring organizations identified the presence of indicators of compromise (IOCs) at a federal civilian executive branch (FCEB) agency. Analysts determined that multiple cyber threat actors, including an advanced persistent threat (APT) actor, were able ...
February 2023
24.02.2023
US CERT
CISA Red Team Shares Key Findings to Improve Monitoring...
Title
<a href="/news-events/cybersecurity-advisories/aa23-059a" hreflang="en">CISA Red Team Shares Key Findings to Improve Monitoring and Hardening of Networks</a>
Published
Feb. 24, 2023, 8:04 p.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-059a
Summary
24.02.2023
US CERT
CISA Red Team Shares Key Findings to Improve Monitoring and Hardening of Networks
Title
CISA Red Team Shares Key Findings to Improve Monitoring and Hardening of Networks
Published
Feb. 24, 2023, 8:04 p.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-059a
Summary
SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA) is releasing this Cybersecurity Advisory (CSA) detailing activity and key findings from a recent CISA red team assessment—in coordination with the assessed organization—to provide network defenders recommendations for improving their organization's cyber posture. Actions to take today to harden your local environment: ...
24.02.2023
US CERT
#StopRansomware: Royal Ransomware
Title
#StopRansomware: Royal Ransomware
Published
Feb. 24, 2023, 6:30 p.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-061a
Summary
SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations ...
24.02.2023
US CERT
#StopRansomware: Royal Ransomware
Title
<a href="/news-events/cybersecurity-advisories/aa23-061a" hreflang="en">#StopRansomware: Royal Ransomware</a>
Published
Feb. 24, 2023, 6:30 p.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-061a
Summary
16.02.2023
US CERT
#StopRansomware: Ransomware Attacks on Critical Infrast...
Title
<a href="/news-events/cybersecurity-advisories/aa23-040a" hreflang="en">#StopRansomware: Ransomware Attacks on Critical Infrastructure Fund DPRK Malicious Cyber Activities</a>
Published
Feb. 16, 2023, 9:45 p.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-040a
Summary
16.02.2023
US CERT
#StopRansomware: Ransomware Attacks on Critical Infrastructure Fund DPRK Malicious Cyber Activities
Title
#StopRansomware: Ransomware Attacks on Critical Infrastructure Fund DPRK Malicious Cyber Activities
Published
Feb. 16, 2023, 9:45 p.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-040a
Summary
SUMMARY Note: This Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and various ransomware threat actors. These #StopRansomware advisories detail historically and recently observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations ...
16.02.2023
US CERT
ESXiArgs Ransomware Virtual Machine Recovery Guidance
Title
<a href="/news-events/cybersecurity-advisories/aa23-039a" hreflang="en">ESXiArgs Ransomware Virtual Machine Recovery Guidance</a>
Published
Feb. 16, 2023, 7:50 p.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-039a
Summary
16.02.2023
US CERT
ESXiArgs Ransomware Virtual Machine Recovery Guidance
Title
ESXiArgs Ransomware Virtual Machine Recovery Guidance
Published
Feb. 16, 2023, 7:50 p.m.
URL
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-039a
Summary
Summary The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are releasing this joint Cybersecurity Advisory (CSA) in response to the ongoing ransomware campaign, known as “ESXiArgs.” Malicious actors may be exploiting known vulnerabilities in VMware ESXi servers that are likely running unpatched and out-of-service ...
09.02.2023
US CERT
AA23-040A: #StopRansomware: Ransomware Attacks on Critical Infrastructure Fund DPRK Malicious Cyber Activities
Title
AA23-040A: #StopRansomware: Ransomware Attacks on Critical Infrastructure Fund DPRK Malicious Cyber Activities
Published
Feb. 9, 2023, 7 p.m.
URL
https://us-cert.cisa.gov/ncas/alerts/aa23-040a
Summary
Original release date: February 9, 2023SummaryNote: This Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and various ransomware threat actors. These #StopRansomware advisories detail historically and recently observed tactics, techniques, and procedures (TTPs) and indicators of compromise ...

Last Updates

BOSCH PSIRT
20.03.2024
CODESYS
28.06.2023
SIEMENS CERT
19.04.2024
US CERT
17.04.2024
US CERT (ICS)
07.05.2024

By Source

Archive

2024
2023
2022
2021
2020
2019
2018
2017

Feeds