2023-02-10 02:00   AA23-040A: #StopRansomware: Ransomware Attacks on Critical Infrastructure Fund DPRK Malicious Cyber Activities    #Us-Cert #安全事件 Original release date: February 9, 2023 | Last revised: February 10, 2023SummaryNote: This Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and various ransomware threat actors. These #StopRa

2023-02-09 00:14   AA23-039A: ESXiArgs Ransomware Virtual Machine Recovery Guidance    #Us-Cert #安全事件 Original release date: February 8, 2023SummaryThe Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are releasing this joint Cybersecurity Advisory (CSA) in response to the ongoing ransomware campaign, known as “ESXiArgs.” Malicious actors may be e

2023-01-26 01:55   AA23-025A: Protecting Against Malicious Use of Remote Monitoring and Management Software    #Us-Cert #安全事件 Original release date: January 25, 2023 | Last revised: January 26, 2023SummaryThe Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Multi-State Information Sharing and Analysis Center (MS-ISAC) (hereafter referred to as the “authoring organizations”) are r

2022-12-02 02:04   AA22-335A: #StopRansomware: Cuba Ransomware    #Us-Cert #安全事件 Original release date: December 1, 2022SummaryActions to take today to mitigate cyber threats from ransomware:• Prioritize remediating known exploited vulnerabilities.• Train users to recognize and report phishing attempts.• Enable and enforce phishing-resistant multifactor authentication.Note: This

2022-11-18 01:00   AA22-321A: #StopRansomware: Hive Ransomware    #Us-Cert #安全事件 Original release date: November 17, 2022 | Last revised: November 18, 2022SummaryActions to Take Today to Mitigate Cyber Threats from Ransomware:• Prioritize remediating known exploited vulnerabilities.• Enable and enforce multifactor authentication with strong passwords• Close unused ports and remo

2022-11-16 23:04   AA22-320A: Iranian Government-Sponsored APT Actors Compromise Federal Network, Deploy Crypto Miner, Credential Harvester    #Us-Cert #安全事件 Original release date: November 16, 2022 | Last revised: November 17, 2022SummaryFrom mid-June through mid-July 2022, CISA conducted an incident response engagement at a Federal Civilian Executive Branch (FCEB) organization where CISA observed suspected advanced persistent threat (APT) activity. In

2022-10-21 22:29   AA22-294A: #StopRansomware: Daixin Team    #Us-Cert #安全事件 Original release date: October 21, 2022SummaryActions to take today to mitigate cyber threats from ransomware:• Install updates for operating systems, software, and firmware as soon as they are released.• Require phishing-resistant MFA for as many services as possible.• Train users to recognize and

2022-10-07 01:08   AA22-279A: Top CVEs Actively Exploited By People’s Republic of China State-Sponsored Cyber Actors    #Us-Cert #安全事件 Original release date: October 6, 2022SummaryThis joint Cybersecurity Advisory (CSA) provides the top Common Vulnerabilities and Exposures (CVEs) used since 2020 by People’s Republic of China (PRC) state-sponsored cyber actors as assessed by the National Security Agency (NSA), Cybersecurity and Infr

2022-10-05 01:58   AA22-277A: Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization    #Us-Cert #安全事件 Original release date: October 4, 2022 | Last revised: October 5, 2022SummaryActions to Help Protect Against APT Cyber Activity:• Enforce multifactor authentication (MFA) on all user accounts.• Implement network segmentation to separate network segments based on role and functionality.• Update softw

2022-09-22 20:55   AA22-265A: Control System Defense: Know the Opponent    #Us-Cert #安全事件 Original release date: September 22, 2022SummaryTraditional approaches to securing OT/ICS do not adequately address current threats. Operational technology/industrial control system (OT/ICS) assets that operate, control, and monitor day-to-day critical infrastructure and industrial processes continu

2022-09-22 01:00   AA22-264A: Iranian State Actors Conduct Cyber Operations Against the Government of Albania    #Us-Cert #安全事件 Original release date: September 21, 2022 | Last revised: September 23, 2022SummaryThe Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint Cybersecurity Advisory to provide information on recent cyber operations against the G

2022-09-14 23:00   AA22-257A: Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations    #Us-Cert #安全事件 Original release date: September 14, 2022SummaryActions to take today to protect against ransom operations:• Keep systems and software updated and prioritize remediating known exploited vulnerabilities.• Enforce MFA.• Make offline backups of your data.This joint Cybersecurity Advisory (CSA) is the r

2022-09-06 21:00   AA22-249A: #StopRansomware: Vice Society    #Us-Cert #安全事件 Original release date: September 6, 2022SummaryActions to take today to mitigate cyber threats from ransomware:• Prioritize and remediate known exploited vulnerabilities.• Train users to recognize and report phishing attempts.• Enable and enforce multifactor authentication.Note: This joint Cybe

2022-08-16 23:38   AA22-228A: Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite    #Us-Cert #安全事件 Original release date: August 16, 2022SummaryActions for ZCS administrators to take today to mitigate malicious cyber activity:• Patch all systems and prioritize patching known exploited vulnerabilities.• Deploy detection signatures and hunt for indicators of compromise (IOCs).• If ZCS was compromis

2022-08-12 00:00   AA22-223A: #StopRansomware: Zeppelin Ransomware    #Us-Cert #安全事件 Original release date: August 11, 2022SummaryActions to take today to mitigate cyber threats from ransomware:• Prioritize remediating known exploited vulnerabilities.• Train users to recognize and report phishing attempts.• Enable and enforce multifactor authentication.Note: this joint Cybersecurity