Frequent verification codes may appear for non-Mainland China IP visits. If visitors are severely affected, please send [IP|ASN](|AS14618) to the bottom mailbox to add to the whitelist


2022-06-24 01:00   AA22-174A: Malicious Cyber Actors Continue to Exploit Log4Shell in VMware Horizon Systems    #Us-Cert #安全事件 Original release date: June 23, 2022SummaryActions to take today:• Install fixed builds, updating all affected VMware Horizon and UAG systems to the latest versions. If updates or workarounds were not promptly applied following VMware’s release of updates for Log4Shell in December 2021, treat all af

2022-06-08 06:00   AA22-158A: People’s Republic of China State-Sponsored Cyber Actors Exploit Network Providers and Devices    #Us-Cert #安全事件 Original release date: June 7, 2022 | Last revised: June 8, 2022SummaryBest Practices• Apply patches as soon as possible• Disable unnecessary ports and protocols• Replace end-of-life infrastructure• Implement a centralized patch management systemThis joint Cybersecurity Advisory describes the ways i

2022-06-01 22:00   AA22-152A: Karakurt Data Extortion Group    #Us-Cert #安全事件 Original release date: June 1, 2022 | Last revised: June 2, 2022SummaryActions to take today to mitigate cyber threats from ransomware:• Prioritize patching known exploited vulnerabilities.• Train users to recognize and report phishing attempts.• Enforce multifactor authentication.The Federal Bureau

2022-05-19 02:00   AA22-138B: Threat Actors Chaining Unpatched VMware Vulnerabilities for Full System Control    #Us-Cert #安全事件 Original release date: May 18, 2022SummaryThe Cybersecurity and Infrastructure Security Agency (CISA) is releasing this Cybersecurity Advisory (CSA) to warn organizations that malicious cyber actors, likely advanced persistent threat (APT) actors, are exploiting CVE-2022-22954 and CVE-2022-22960 sep

2022-05-18 21:00   AA22-138A: Threat Actors Exploiting F5 BIG-IP CVE-2022-1388    #Us-Cert #安全事件 Original release date: May 18, 2022SummaryActions for administrators to take today:• Do not expose management interfaces to the internet.• Enforce multi-factor authentication.• Consider using CISA’s Cyber Hygiene Services.The Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-Stat

2022-05-17 21:00   AA22-137A: Weak Security Controls and Practices Routinely Exploited for Initial Access    #Us-Cert #安全事件 Original release date: May 17, 2022SummaryBest Practices to Protect Your Systems:• Control access.• Harden Credentials.• Establish centralized log management.• Use antivirus solutions.• Employ detection tools.• Operate services exposed on internet-accessible hosts with secure configurations.• Keep s

2022-05-11 19:00   AA22-131A: Protecting Against Cyber Threats to Managed Service Providers and their Customers    #Us-Cert #安全事件 Original release date: May 11, 2022SummaryTactical actions for MSPs and their customers to take today:• Identify and disable accounts that are no longer in use.• Enforce MFA on MSP accounts that access the customer environment and monitor for unexplained failed authentication.• Ensure MSP-customer c

2022-04-27 22:00   AA22-117A: 2021 Top Routinely Exploited Vulnerabilities    #Us-Cert #安全事件 Original release date: April 27, 2022SummaryThis joint Cybersecurity Advisory (CSA) was coauthored by cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom: the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), F

2022-04-21 01:00   AA22-110A: Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure    #Us-Cert #安全事件 Original release date: April 20, 2022SummaryActions critical infrastructure organizations should implement to immediately protect against Russian state-sponsored and criminal cyber threats:• Patch all systems. Prioritize patching known exploited vulnerabilities.• Enforce multifactor authentication.•

2022-04-18 21:38   AA22-108A: TraderTraitor: North Korean State-Sponsored APT Targets Blockchain Companies    #Us-Cert #安全事件 Original release date: April 18, 2022SummaryActions to take today to mitigate cyber threats to cryptocurrency:• Patch all systems.• Prioritize patching known exploited vulnerabilities.• Train users to recognize and report phishing attempts.• Use multifactor authentication.The Federal Bureau of Inves

2022-04-14 01:00   AA22-103A: APT Cyber Tools Targeting ICS/SCADA Devices    #Us-Cert #安全事件 Original release date: April 13, 2022SummaryActions to Take Today to Protect ICS/SCADA Devices:• Enforce multifactor authentication for all remote access to ICS networks and devices whenever possible.• Change all passwords to ICS/SCADA devices and systems on a consistent schedule, especially all def

2022-03-24 22:00   AA22-083A: Tactics, Techniques, and Procedures of Indicted State-Sponsored Russian Cyber Actors Targeting the Energy Sector    #Us-Cert #安全事件 Original release date: March 24, 2022SummaryActions to Take Today to Protect Energy Sector Networks:• Implement and ensure robust network segmentation between IT and ICS networks.• Enforce MFA to authenticate to a system.• Manage the creation of, modification of, use of—and permissions associated wi

2022-03-18 03:00   AA22-076A: Strengthening Cybersecurity of SATCOM Network Providers and Customers    #Us-Cert #安全事件 Original release date: March 17, 2022SummaryActions to Take Today:• Use secure methods for authentication.• Enforce principle of least privilege.• Review trust relationships.• Implement encryption.• Ensure robust patching and system configuration audits.• Monitor logs for suspicious activity.• Ensur

2022-03-15 22:00   AA22-074A: Russian State-Sponsored Cyber Actors Gain Network Access by Exploiting Default Multifactor Authentication Protocols and “PrintNightmare” Vulnerability    #Us-Cert #安全事件 Original release date: March 15, 2022SummaryMultifactor Authentication (MFA): A Cybersecurity Essential• MFA is one of the most important cybersecurity practices to reduce the risk of intrusions—according to industry research, users who enable MFA are up to 99 percent less likely to have an account

2022-02-26 23:00   AA22-057A: Destructive Malware Targeting Organizations in Ukraine    #Us-Cert #安全事件 Original release date: February 26, 2022SummaryActions to Take Today:• Set antivirus and antimalware programs to conduct regular scans.• Enable strong spam filters to prevent phishing emails from reaching end users.• Filter network traffic.• Update software.• Require multifactor authentication.Leadi