App Store

Google Play

DK - Details page - Device banner - 894x1036

Nyd den ubegrænsede adgang til tusindvis af spændende e- og lydbøger - helt gratis

Lyt når som helst, hvor som helst 

N2K Networks

Flash cybersecurity advisories from the US Government. These alerts provide timely technical and operational information, indicators of compromise, and mitigations for current major security threats, vulnerabilities, and exploits. These alerts have been edited and adapted for audio by N2K Networks as a public service.

CISA Cybersecurity Alerts

Flash cybersecurity advisories from the US Government. These alerts provide timely technical and operational information, indicators of compromise, and mitigations for current major security threats, vulnerabilities, and exploits. These alerts have been edited and adapted for audio by The CyberWire as a public service.
Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA Cybersecurity Alerts - Trailer

In 2021, cybersecurity authorities in the United States, Australia, and the United Kingdom observed an increase in sophisticated, high-impact ransomware incidents against critical infrastructure organizations globally. The FBI, CISA, and NSA observed incidents involving ransomware against 14 of the 16 US critical infrastructure sectors, including the Defense Industrial Base, Emergency Services, Food and Agriculture, Government Facilities, and Information Technology Sectors. 
AA22-040A Alert, Technical Details, and Mitigations
CISA’s Ransomware Readiness Assessment
CISA’s Cyber Hygiene Services
ACSC’s Strategies to Mitigate Cyber Security Incidents
All organizations should report incidents and anomalous activity to CISA’s 24/7 Operations Center at central@cisa.dhs.gov or (888) 282-0870 and to the FBI via your local FBI field office or the FBI’s 24/7 CyWatch at (855) 292-3937 or CyWatch@fbi.gov.
Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA Alert AA22-040A – 2021 trends show increased globalized threat of ransomware.

CISA, the FBI, and NSA have observed Russian state-sponsored cyber actors regularly target US cleared defense contractors from at least January 2020 through February 2022. The actors have targeted both large and small defense contractors and subcontractors with varying levels of cybersecurity protocols and resources. These defense contractors support contracts for the US Department of Defense (DoD) and Intelligence Community in command, control, communications, and combat systems; intelligence, surveillance, reconnaissance, and targeting; weapons and missile development; vehicle and aircraft design; and software development, data analytics, computers, and logistics. 
AA22-047A Alert, Technical Details, and Mitigations
Russia Cyber Threat Overview and Advisories
All organizations should report incidents and anomalous activity to CISA’s 24/7 Operations Center at central@cisa.dhs.gov or (888) 282-0870 and to the FBI via your local FBI field office or the FBI’s 24/7 CyWatch at (855) 292-3937 or CyWatch@fbi.gov.
Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA Alert AA22-047A – Russian state-sponsored cyber actors target cleared defense contractor networks to obtain sensitive US defense information and technology.

CISA, the UK’s National Cyber Security Centre (NCSC), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) have identified that the actor known as Sandworm or Voodoo Bear is using a new malware, Cyclops Blink. CISA, the NCSC, and the FBI have previously attributed the Sandworm actor to the Russian General Staff Main Intelligence Directorate’s Russian (GRU’s) Main Centre for Special Technologies.
AA22-054A Alert, Technical Details, and Mitigations
Cyclops Blink Malware Analysis Report
All organizations should report incidents and anomalous activity to CISA’s 24/7 Operations Center at central@cisa.dhs.gov or (888) 282-0870 and to the FBI via your local FBI field office or the FBI’s 24/7 CyWatch at (855) 292-3937 or CyWatch@fbi.gov.
Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA Alert AA22-054A – New Sandworm malware “Cyclops Blink” replaces VPNFilter.

The FBI, CISA, US Cyber Command Cyber National Mission Force, and the United Kingdom’s National Cyber Security Centre have observed a group of Iranian government-sponsored APT actors, known as MuddyWater, conducting cyber espionage and other malicious cyber operations targeting a range of government and private-sector organizations across sectors—including telecommunications, defense, local government, and oil and natural gas—in Asia, Africa, Europe, and North America. 
AA22-055A Alert, Technical Details, and Mitigations
Malware Analysis Report
AA22-052A STIX and Malware Analysis STIX
Iran Cyber Threat Overview and Advisories
NCSC-UK MAR – Small Sieve
CNMF's press release – Iranian intel cyber suite of malware uses open source tools
All organizations should report incidents and anomalous activity to CISA’s 24/7 Operations Center at central@cisa.dhs.gov or (888) 282-0870 and to the FBI via your local FBI field office or the FBI’s 24/7 CyWatch at (855) 292-3937 or CyWatch@fbi.gov.
Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA Alert AA22-055A – Iranian government-sponsored actors conduct cyber operations against global government and commercial networks.

This Joint Cybersecurity Advisory between CISA and the FBI provides technical information on WhisperGate and HermeticWiper malware as well as open-source indicators of compromise for organizations to detect and prevent the malware. Additionally, this alert provides recommended guidance and considerations for organizations to address as part of network architecture, security baseline, continuous monitoring, and incident response practices. Alert and technical details. Structured Threat Information Expression (STIX) All organizations should report incidents and anomalous activity to CISA’s 24/7 Operations Center at central@cisa.dhs.gov or (888) 282-0870 and to the FBI via your local FBI field office or the FBI’s 24/7 CyWatch at (855) 292-3937 or CyWatch@fbi.gov.
Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA Alert AA22-057A – Destructive malware targeting organizations in Ukraine.

The FBI and CISA are releasing this joint Cybersecurity Advisory to warn organizations that Russian state-sponsored cyber actors have gained network access through exploitation of default MFA protocols and a known vulnerability. As early as May 2021, Russian state-sponsored cyber actors took advantage of a misconfigured account set to default MFA protocols at a non-governmental organization (NGO), allowing them to enroll a new device for MFA and access the victim network. The actors then exploited a critical Windows Print Spooler vulnerability, “PrintNightmare” (CVE-2021-34527) to run arbitrary code with system privileges. Russian state-sponsored cyber actors successfully exploited the vulnerability while targeting an NGO using Cisco’s Duo MFA, enabling access to cloud and email accounts for document exfiltration. Alert, Technical Details, and Mitigations Structured Threat Information Expression (STIX) Russian Cyber Threat Information Shields Up Technical Guidance All organizations should report incidents and anomalous activity to CISA’s 24/7 Operations Center at central@cisa.dhs.gov or (888) 282-0870 and to the FBI via your local FBI field office or the FBI’s 24/7 CyWatch at (855) 292-3937 or CyWatch@fbi.gov.
Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA Alert AA22-074A – Russian state-sponsored cyber actors gain network access by exploiting default MFA protocols and “PrintNightmare” vulnerability.

The FBI and CISA are aware of possible threats to U.S. and international satellite communication (SATCOM) networks. Successful intrusions into SATCOM networks could create risk in SATCOM network providers’ customer environments. AA22-076A Alert, Technical Details, and Mitigations CISA Shields Up Technical Guidance NSA Cybersecurity Advisory: Protecting VSAT Communications NSA Cybersecurity Tech-Rep: Network Infrastructure Security Guidance Annual Threat Assessment of the U.S. Intelligence Community, February 2022 CISA Tip: Choosing and Protecting Passwords CISA Capacity Enhancement Guide: Implementing Strong Authentication All organizations should report incidents and anomalous activity to CISA’s 24/7 Operations Center at central@cisa.dhs.gov or (888) 282-0870 and to the FBI via your local FBI field office or the FBI’s 24/7 CyWatch at (855) 292-3937 or CyWatch@fbi.gov.
Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA Alert AA22-076A – Strengthening Cybersecurity of SATCOM Network Providers and Customers.

This joint Cybersecurity Advisory provides information on multiple intrusion campaigns conducted by state-sponsored Russian cyber actors from 2011 to 2018 that targeted US and international Energy Sector organizations. CISA, the FBI, and DOE assess that state-sponsored Russian cyber operations continue to pose a threat to Energy Sector networks and are sharing this information in order to highlight TTPs used by adversaries to target Energy Sector organizations. They urge the Energy Sector and other critical infrastructure organizations to apply the recommendations listed in the Mitigations Section and Appendix Alpha of the alert documentation to reduce the risk of compromise. AA22-083A Alert, Technical Details, and Mitigations Russian Government Employees Charged for Hacking Critical Infrastructure CISA Shields Up Technical Guidance Mitigating Russian State-Sponsored Cyber Threats to US Critical Infrastructure Rewards for Justice Program All organizations should report incidents and anomalous activity to CISA’s 24/7 Operations Center at central@cisa.dhs.gov or (888) 282-0870 and to the FBI via your local FBI field office or the FBI’s 24/7 CyWatch at (855) 292-3937 or CyWatch@fbi.gov. If you have information on state-sponsored Russian cyber operations targeting US critical infrastructure, contact the Department of State’s Rewards for Justice program. You may be eligible for a reward of up to $10 million for information leading to the identification or location of any person who, while acting under the direction or control of a foreign government, participates in malicious cyber activity against US critical infrastructure. Contact +1-202-702-7843 on WhatsApp, Signal, or Telegram, or send information via the Rewards for Justice secure Tor-based tips line located on the Dark Web. For more details refer to the Rewards for Justice website.
Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA Alert AA22-083A – TTPs of Indicted State-Sponsored Russian Cyber Actors Targeting the Energy Sector.

The DOE, CISA, NSA, and the FBI are releasing this joint Cybersecurity Advisory to warn that certain APT actors have demonstrated the ability to gain full system access to multiple ICS/SCADA devices, including: Schneider Electric programmable logic controllers, OMRON Sysmac NEX programmable logic controllers, and Open Platform Communications Unified Architecture servers. DOE, CISA, NSA, and the FBI urge critical infrastructure organizations, especially Energy Sector organizations, to implement the detection and mitigation recommendations provided in this CSA to detect potential malicious APT activity and harden their ICS/SCADA devices.

The DOE, CISA, NSA, and the FBI would like to thank Dragos, Mandiant, Microsoft, Palo Alto Networks, and Schneider Electric for their contributions to this joint CSA.

AA22-103A Alert, Technical Details, and Mitigations
Layering Network Security Through Segmentation
Stop Malicious Cyber Activity Against Connected Operational Technology
NSA and CISA Recommend Immediate Actions to Reduce Exposure Across Operational Technologies and Control Systems
Dragos Report: CHERNOVITE’s PIPEDREAM Malware Targeting Industrial Control Systems

All organizations should report incidents and anomalous activity to CISA’s 24/7 Operations Center at central@cisa.dhs.gov or (888) 282-0870 and to the FBI via your local FBI field office or the FBI’s 24/7 CyWatch at (855) 292-3937 or CyWatch@fbi.gov.
Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA Alert AA22-103A – APT Cyber Tools Targeting ICS/SCADA Devices.

This joint Cybersecurity Advisory highlights the cyber threat associated with cryptocurrency thefts and tactics used by a North Korean state-sponsored APT group since at least 2020. This group is commonly tracked by the cybersecurity industry as Lazarus Group, APT38, BlueNoroff, and Stardust Chollima. As of April 2022, North Korea’s Lazarus Group has targeted various firms, entities, and exchanges in the blockchain and cryptocurrency industry using spearphishing campaigns and malware to steal crypto. These actors will likely continue exploiting vulnerabilities of cryptocurrency technology firms, gaming companies, and exchanges to generate and launder funds to support the North Korean regime. 

AA22-108A Alert, Technical Details, and Mitigations
CISA North Korea Threat Information
AppleJeus: Analysis of North Korea’s Cryptocurrency Malware
HIDDEN COBRA – FASTCash Campaign
FASTCash 2.0: North Korea’s BeagleBoyz Robbing Banks

All organizations should report incidents and anomalous activity to CISA’s 24/7 Operations Center at central@cisa.dhs.gov or (888) 282-0870 and to the FBI via your local FBI field office or the FBI’s 24/7 CyWatch at (855) 292-3937 or CyWatch@fbi.gov.
Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA Alert AA22-108A – TraderTraitor: North Korean state-sponsored APT targets blockchain companies.

Lyt når som helst, hvor som helst

Other podcasts you might like ...