February 2023
Title
<a href="/news-events/cybersecurity-advisories/aa23-039a" hreflang="en">ESXiArgs Ransomware Virtual Machine Recovery Guidance</a>
Published
Feb. 16, 2023, 7:50 p.m.
Summary
Title
ESXiArgs Ransomware Virtual Machine Recovery Guidance
Published
Feb. 16, 2023, 7:50 p.m.
Summary
Summary The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are releasing this joint Cybersecurity Advisory (CSA) in response to the ongoing ransomware campaign, known as “ESXiArgs.” Malicious actors may be exploiting known vulnerabilities in VMware ESXi servers that are likely running unpatched and out-of-service ...
Title
AA23-040A: #StopRansomware: Ransomware Attacks on Critical Infrastructure Fund DPRK Malicious Cyber Activities
Published
Feb. 9, 2023, 7 p.m.
Summary
Original release date: February 9, 2023SummaryNote: This Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and various ransomware threat actors. These #StopRansomware advisories detail historically and recently observed tactics, techniques, and procedures (TTPs) and indicators of compromise ...
Title
AA23-039A: ESXiArgs Ransomware Virtual Machine Recovery Guidance
Published
Feb. 8, 2023, 5:14 p.m.
Summary
Original release date: February 8, 2023SummaryThe Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are releasing this joint Cybersecurity Advisory (CSA) in response to the ongoing ransomware campaign, known as “ESXiArgs.” Malicious actors may be exploiting known vulnerabilities in VMware ESXi servers that are likely ...
January 2023
Title
<a href="/news-events/cybersecurity-advisories/aa22-335a" hreflang="en">#StopRansomware: Cuba Ransomware</a>
Published
Jan. 31, 2023, 10:32 p.m.
Summary
Title
#StopRansomware: Hive Ransomware
Published
Jan. 31, 2023, 10:32 p.m.
Summary
Summary Actions to Take Today to Mitigate Cyber Threats from Ransomware: • Prioritize remediating known exploited vulnerabilities. • Enable and enforce multifactor authentication with strong passwords • Close unused ports and remove any application not deemed necessary for day-to-day operations. Note: This joint Cybersecurity Advisory (CSA) is part of an ...
Title
Iranian Government-Sponsored APT Actors Compromise Federal Network, Deploy Crypto Miner, Credential Harvester
Published
Jan. 31, 2023, 10:32 p.m.
Summary
Summary From mid-June through mid-July 2022, CISA conducted an incident response engagement at a Federal Civilian Executive Branch (FCEB) organization where CISA observed suspected advanced persistent threat (APT) activity. In the course of incident response activities, CISA determined that cyber threat actors exploited the Log4Shell vulnerability in an unpatched VMware ...
Title
<a href="/news-events/cybersecurity-advisories/aa22-321a" hreflang="en">#StopRansomware: Hive Ransomware</a>
Published
Jan. 31, 2023, 10:32 p.m.
Summary
Title
#StopRansomware: Cuba Ransomware
Published
Jan. 31, 2023, 10:32 p.m.
Summary
Summary Actions to take today to mitigate cyber threats from ransomware: • Prioritize remediating known exploited vulnerabilities. • Train users to recognize and report phishing attempts. • Enable and enforce phishing-resistant multifactor authentication. Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for ...
Title
Protecting Against Malicious Use of Remote Monitoring and Management Software
Published
Jan. 31, 2023, 10:32 p.m.
Summary
Summary The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Multi-State Information Sharing and Analysis Center (MS-ISAC) (hereafter referred to as the “authoring organizations”) are releasing this joint Cybersecurity Advisory (CSA) to warn network defenders about malicious use of legitimate remote monitoring and management (RMM) software. In ...
Title
<a href="/news-events/cybersecurity-advisories/aa22-277a" hreflang="en">Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization</a>
Published
Jan. 31, 2023, 10:32 p.m.
Summary
Title
<a href="/news-events/cybersecurity-advisories/aa22-279a" hreflang="en">Top CVEs Actively Exploited By People’s Republic of China State-Sponsored Cyber Actors</a>
Published
Jan. 31, 2023, 10:32 p.m.
Summary
Title
<a href="/news-events/cybersecurity-advisories/aa23-025a" hreflang="en">Protecting Against Malicious Use of Remote Monitoring and Management Software</a>
Published
Jan. 31, 2023, 10:32 p.m.
Summary
Title
<a href="/news-events/cybersecurity-advisories/aa22-320a" hreflang="en">Iranian Government-Sponsored APT Actors Compromise Federal Network, Deploy Crypto Miner, Credential Harvester</a>
Published
Jan. 31, 2023, 10:32 p.m.
Summary
Title
<a href="/news-events/cybersecurity-advisories/aa22-294a" hreflang="en">#StopRansomware: Daixin Team</a>
Published
Jan. 31, 2023, 10:32 p.m.
Summary
Title
AA23-025A: Protecting Against Malicious Use of Remote Monitoring and Management Software
Published
Jan. 25, 2023, 6:55 p.m.
Summary
Original release date: January 25, 2023SummaryThe Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Multi-State Information Sharing and Analysis Center (MS-ISAC) (hereafter referred to as the “authoring organizations”) are releasing this joint Cybersecurity Advisory (CSA) to warn network defenders about malicious use of legitimate remote monitoring and ...
December 2022
Title
AA22-335A: #StopRansomware: Cuba Ransomware
Published
Dec. 1, 2022, 7:04 p.m.
Summary
Original release date: December 1, 2022SummaryActions to take today to mitigate cyber threats from ransomware: • Prioritize remediating known exploited vulnerabilities. • Train users to recognize and report phishing attempts. • Enable and enforce phishing-resistant multifactor authentication. Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort ...
November 2022
Title
AA22-321A: #StopRansomware: Hive Ransomware
Published
Nov. 17, 2022, 6 p.m.
Summary
Original release date: November 17, 2022SummaryActions to Take Today to Mitigate Cyber Threats from Ransomware: • Prioritize remediating known exploited vulnerabilities. • Enable and enforce multifactor authentication with strong passwords • Close unused ports and remove any application not deemed necessary for day-to-day operations. Note: This joint Cybersecurity Advisory (CSA) ...
Title
AA22-320A: Iranian Government-Sponsored APT Actors Compromise Federal Network, Deploy Crypto Miner, Credential Harvester
Published
Nov. 16, 2022, 4:04 p.m.
Summary
Original release date: November 16, 2022SummaryFrom mid-June through mid-July 2022, CISA conducted an incident response engagement at a Federal Civilian Executive Branch (FCEB) organization where CISA observed suspected advanced persistent threat (APT) activity. In the course of incident response activities, CISA determined that cyber threat actors exploited the Log4Shell vulnerability ...
October 2022
Title
AA22-294A: #StopRansomware: Daixin Team
Published
Oct. 21, 2022, 4:29 p.m.
Summary
Original release date: October 21, 2022SummaryActions to take today to mitigate cyber threats from ransomware: • Install updates for operating systems, software, and firmware as soon as they are released. • Require phishing-resistant MFA for as many services as possible. • Train users to recognize and report phishing attempts. Note: ...
Title
AA22-279A: Top CVEs Actively Exploited By People’s Republic of China State-Sponsored Cyber Actors
Published
Oct. 6, 2022, 7:08 p.m.
Summary
Original release date: October 6, 2022SummaryThis joint Cybersecurity Advisory (CSA) provides the top Common Vulnerabilities and Exposures (CVEs) used since 2020 by People’s Republic of China (PRC) state-sponsored cyber actors as assessed by the National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and Federal Bureau of Investigation (FBI). ...
Title
AA22-277A: Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization
Published
Oct. 4, 2022, 7:58 p.m.
Summary
Original release date: October 4, 2022SummaryActions to Help Protect Against Russian State-Sponsored Malicious Cyber Activity: • Enforce multifactor authentication (MFA) on all user accounts. • Implement network segmentation to separate network segments based on role and functionality. • Update software, including operating systems, applications, and firmware, on network assets. • ...
September 2022
Title
AA22-265A: Control System Defense: Know the Opponent
Published
Sept. 22, 2022, 2:55 p.m.
Summary
Original release date: September 22, 2022SummaryTraditional approaches to securing OT/ICS do not adequately address current threats. Operational technology/industrial control system (OT/ICS) assets that operate, control, and monitor day-to-day critical infrastructure and industrial processes continue to be an attractive target for malicious cyber actors. These cyber actors, including advanced persistent threat ...
Title
AA22-264A: Iranian State Actors Conduct Cyber Operations Against the Government of Albania
Published
Sept. 21, 2022, 7 p.m.
Summary
Original release date: September 21, 2022SummaryThe Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint Cybersecurity Advisory to provide information on recent cyber operations against the Government of Albania in July and September. This advisory provides a timeline of activity observed, from ...
Title
A22-264A: Iranian State Actors Conduct Cyber Operations Against the Government of Albania
Published
Sept. 21, 2022, 7 p.m.
Summary
Original release date: September 21, 2022SummaryThe Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint Cybersecurity Advisory to provide information on recent cyber operations against the Government of Albania in July and September. This advisory provides a timeline of activity observed, from ...

Last Updates

BOSCH PSIRT
19.07.2024
SIEMENS CERT
09.07.2024
US CERT
09.07.2024
US CERT (ICS)
18.07.2024

By Source

Archive

2024
2023
2022
2021
2020
2019
2018
2017

Feeds