CISA and the US Coast Guard Cyber Command are releasing this joint Cybersecurity Advisory to warn network defenders that cyber threat actors, including state-sponsored APT actors, have continued to exploit CVE-2021-44228 (Log4Shell) in VMware Horizon and Unified Access Gateway servers to obtain initial access to organizations that did not apply available patches or workarounds. AA22-174A Alert, Technical Details, and Mitigations Malware Analysis Report 10382254-1 stix Malware Analysis Report 103...
Jun 24, 2022•3 min•Season 1Ep. 22
This joint Cybersecurity Advisory describes the ways in which People’s Republic of China state-sponsored cyber actors continue to exploit publicly known vulnerabilities in order to establish a broad network of compromised global infrastructure. These actors use the network to exploit a wide variety of targets worldwide, including public and private sector organizations. AA22-158A Alert, Technical Details, and Mitigations Refer to China Cyber Threat and Advisories , Internet Crime Complaint Cente...
Jun 08, 2022•4 min•Season 1Ep. 21
Malicious cyber actors are exploiting multiple critical vulnerabilities in VMware products. Successful exploitation permits malicious actors to trigger a server-side template injection that may result in remote code execution or escalation of privileges to root level access. CISA has updated this alert with additional indicators of compromise, detection signatures, and threat actor TTPs from trusted third parties to assist administrators with detecting and responding to this activity. AA22-138B ...
Jun 08, 2022•3 min•Season 1Ep. 20
The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Department of the Treasury (Treasury), and the Financial Crimes Enforcement Network (FinCEN) are releasing this joint Cybersecurity Advisory to provide information about the Karakurt data extortion group, also known as the Karakurt Team and Karakurt Lair. Karakurt actors have employed a variety of TTPs, creating significant challenges for defense and mitigation. Karakurt victims have not r...
Jun 01, 2022•3 min•Season 1Ep. 19
CISA is releasing this cybersecurity advisory to warn organizations that malicious cyber actors are exploiting CVE-2022-22954 and CVE-2022-22960. These vulnerabilities affect versions of VMware products. Successful exploitation permits malicious actors to trigger a server-side template injection that may result in remote code execution or escalation of privileges to root level access. Based on this activity, CISA expects malicious cyber actors to quickly develop a capability to exploit newly rel...
May 20, 2022•3 min•Season 1Ep. 18
CISA and the Multi-State Information Sharing & Analysis Center (MS-ISAC), are releasing this joint Cybersecurity Advisory in response to active exploitation of CVE-2022-1388. This vulnerability is a critical iControl REST authentication bypass vulnerability affecting multiple versions of F5 Networks BIG-IP. AA22-138A Alert, Technical Details, and Mitigations F5 Security Advisory K23605346 and indicators of compromise F5 guidance K11438344 for remediating a compromise Emerging Threats suricat...
May 19, 2022•3 min•Season 1Ep. 17
This joint cybersecurity advisory was coauthored by the cybersecurity authorities of the US, Canada, New Zealand, the Netherlands, and the UK. Cyber actors routinely exploit poor security configurations, weak controls, and other poor cyber hygiene practices to gain initial access or as part of other tactics to compromise a victim’s system. This joint Cybersecurity Advisory identifies commonly exploited controls and practices, and includes best practices to mitigate these risks. AA22-137A Alert, ...
May 17, 2022•3 min•Season 1Ep. 16
The cybersecurity authorities of the UK, Australia, Canada, New Zealand, and the US have observed a recent increase in malicious cyber activity against managed service providers (MSPs). Allied cybersecurity authorities expect state-sponsored cyber actors to increase their targeting of MSPs in an attempt to exploit provider-customer trust relationships. This advisory includes security guidance tailored for both MSPs and their customers. AA22-131A Alert, Technical Details, and Mitigations Technica...
May 12, 2022•3 min•Season 1Ep. 15
The US government attributes cyberattacks on satellite communication (SATCOM) networks to Russian state-sponsored malicious cyber actors. The FBI and CISA are aware of possible threats to US and international SATCOM networks. Intrusions into SATCOM networks could create risk in customer environments. AA22-076A Alert, Technical Details, and Mitigations Attribution of Russia’s Malicious Cyber Activity Against Ukraine CISA Shields Up Technical Guidance NSA Cybersecurity Advisory: Protecting VSAT Co...
May 10, 2022•4 min•Season 1Ep. 14
This joint Cybersecurity Advisory was coauthored by cybersecurity authorities of the US, Australia, Canada, New Zealand, and the UK. This advisory provides details on the top 15 Common Vulnerabilities and Exposures (CVEs) routinely exploited by malicious cyber actors in 2021, as well as other CVEs frequently exploited. AA22-117A Alert, Technical Details, and Mitigations Top 15 CVEs Routinely Exploited in 2020 Risk Considerations for Managed Service Provider Customers Mitigations and Hardening Gu...
Apr 27, 2022•3 min•Season 1Ep. 13
The allied cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom are releasing this joint Cybersecurity Advisory (CSA). The intent of this joint CSA is to warn organizations that Russia’s invasion of Ukraine could expose organizations both within and beyond the region to increased malicious cyber activity. This activity may occur as a response to the unprecedented economic costs imposed on Russia as well as materiel support provided by the United ...
Apr 20, 2022•3 min•Season 1Ep. 12
This joint Cybersecurity Advisory highlights the cyber threat associated with cryptocurrency thefts and tactics used by a North Korean state-sponsored APT group since at least 2020. This group is commonly tracked by the cybersecurity industry as Lazarus Group, APT38, BlueNoroff, and Stardust Chollima. As of April 2022, North Korea’s Lazarus Group has targeted various firms, entities, and exchanges in the blockchain and cryptocurrency industry using spearphishing campaigns and malware to steal cr...
Apr 18, 2022•4 min•Season 1Ep. 11
The DOE, CISA, NSA, and the FBI are releasing this joint Cybersecurity Advisory to warn that certain APT actors have demonstrated the ability to gain full system access to multiple ICS/SCADA devices, including: Schneider Electric programmable logic controllers, OMRON Sysmac NEX programmable logic controllers, and Open Platform Communications Unified Architecture servers. DOE, CISA, NSA, and the FBI urge critical infrastructure organizations, especially Energy Sector organizations, to implement t...
Apr 13, 2022•3 min•Season 1Ep. 10
This Joint Cybersecurity Advisory between CISA and the FBI provides technical information on WhisperGate and HermeticWiper malware as well as open-source indicators of compromise for organizations to detect and prevent the malware. Additionally, this alert provides recommended guidance and considerations for organizations to address as part of network architecture, security baseline, continuous monitoring, and incident response practices. Alert and technical details. Structured Threat Informatio...
Mar 31, 2022•4 min•Season 1Ep. 6
This joint Cybersecurity Advisory provides information on multiple intrusion campaigns conducted by state-sponsored Russian cyber actors from 2011 to 2018 that targeted US and international Energy Sector organizations. CISA, the FBI, and DOE assess that state-sponsored Russian cyber operations continue to pose a threat to Energy Sector networks and are sharing this information in order to highlight TTPs used by adversaries to target Energy Sector organizations. They urge the Energy Sector and ot...
Mar 31, 2022•4 min•Season 1Ep. 9
The FBI and CISA are aware of possible threats to U.S. and international satellite communication (SATCOM) networks. Successful intrusions into SATCOM networks could create risk in SATCOM network providers’ customer environments. AA22-076A Alert, Technical Details, and Mitigations CISA Shields Up Technical Guidance NSA Cybersecurity Advisory: Protecting VSAT Communications NSA Cybersecurity Tech-Rep: Network Infrastructure Security Guidance Annual Threat Assessment of the U.S. Intelligence Commun...
Mar 31, 2022•3 min•Season 1Ep. 8
The FBI and CISA are releasing this joint Cybersecurity Advisory to warn organizations that Russian state-sponsored cyber actors have gained network access through exploitation of default MFA protocols and a known vulnerability. As early as May 2021, Russian state-sponsored cyber actors took advantage of a misconfigured account set to default MFA protocols at a non-governmental organization (NGO), allowing them to enroll a new device for MFA and access the victim network. The actors then exploit...
Mar 31, 2022•4 min•Season 1Ep. 7
The FBI, CISA, US Cyber Command Cyber National Mission Force, and the United Kingdom’s National Cyber Security Centre have observed a group of Iranian government-sponsored APT actors, known as MuddyWater, conducting cyber espionage and other malicious cyber operations targeting a range of government and private-sector organizations across sectors—including telecommunications, defense, local government, and oil and natural gas—in Asia, Africa, Europe, and North America. AA22-055A Alert, Technical...
Feb 24, 2022•3 min•Season 1Ep. 5
CISA, the UK’s National Cyber Security Centre (NCSC), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) have identified that the actor known as Sandworm or Voodoo Bear is using a new malware, Cyclops Blink. CISA, the NCSC, and the FBI have previously attributed the Sandworm actor to the Russian General Staff Main Intelligence Directorate’s Russian (GRU’s) Main Centre for Special Technologies. AA22-054A Alert, Technical Details, and Mitigations Cyclops Blink Malwar...
Feb 23, 2022•3 min•Season 1Ep. 4
CISA, the FBI, and NSA have observed Russian state-sponsored cyber actors regularly target US cleared defense contractors from at least January 2020 through February 2022. The actors have targeted both large and small defense contractors and subcontractors with varying levels of cybersecurity protocols and resources. These defense contractors support contracts for the US Department of Defense (DoD) and Intelligence Community in command, control, communications, and combat systems; intelligence, ...
Feb 16, 2022•4 min•Season 1Ep. 3
In 2021, cybersecurity authorities in the United States, Australia, and the United Kingdom observed an increase in sophisticated, high-impact ransomware incidents against critical infrastructure organizations globally. The FBI, CISA, and NSA observed incidents involving ransomware against 14 of the 16 US critical infrastructure sectors, including the Defense Industrial Base, Emergency Services, Food and Agriculture, Government Facilities, and Information Technology Sectors. AA22-040A Alert, Tech...
Feb 09, 2022•3 min•Season 1Ep. 2
Flash cybersecurity advisories from the US Government. These alerts provide timely technical and operational information, indicators of compromise, and mitigations for current major security threats, vulnerabilities, and exploits. These alerts have been edited and adapted for audio by The CyberWire as a public service. Learn more about your ad choices. Visit megaphone.fm/adchoices
Feb 01, 2022•1 min•Season 1Ep. 9999
