Planned Parenthood partly offline after ransomware attack

In late August, Intermountain Planned Parenthood of Montana suffered a cyberattack which is still under investigation. The attack has been claimed by a ransomware group. Intermountain Planned Parenthood Inc., doing business as Planned Parenthood Of Montana, is a nonprofit organization that provid...

Examining the US Government’s DDoS Protection Guidance Update

In March 2024, CISA, MS-ISAC, and the FBI released updated DDoS response guidance. The document outlines key strategies and 15 steps for mitigating DDoS attacks, emphasizing the need for continuous monitoring and collaboration between government and private sectors...

LockBit Ransomware Exploiting Critical Citrix Bleed Vulnerability to Break In

Multiple threat actors, including LockBit ransomware affiliates, are actively exploiting a recently disclosed critical security flaw in Citrix NetScaler application delivery control ADC and Gateway appliances to obtain initial access to target environments. The joint advisory comes from the U.S...

CISA, NSA, FBI, and MS-ISAC Release Update to #StopRansomware Guide

Today, the Cybersecurity and Infrastructure Security Agency CISA, the National Security Agency NSA, the Federal Bureau of Investigation FBI, and the Multi-State Information Sharing and Analysis Center MS-ISAC released an updated version of the joint StopRansomware Guide. The update includes new...

Threat Actors Exploit Atlassian Confluence CVE-2023-22515 for Initial Access to Networks

SUMMARY The Cybersecurity and Infrastructure Security Agency CISA, Federal Bureau of Investigation FBI, and Multi-State Information Sharing and Analysis Center MS-ISAC are releasing this joint Cybersecurity Advisory CSA in response to the active exploitation of CVE-2023-22515. This recently...

Microsoft Warns of Nation-State Hackers Exploiting Critical Atlassian Confluence Vulnerability

Microsoft has linked the exploitation of a recently disclosed critical flaw in Atlassian Confluence Data Center and Server to a nation-state actor it tracks as Storm-0062 aka DarkShadow or Oro0lxy. The tech giant's threat intelligence team said it observed in-the-wild abuse of the vulnerability...

#StopRansomware: LockBit 3.0

Actions to take today to mitigate cyber threats from ransomware: 1. Prioritize remediating known exploited vulnerabilities. 2. Train users to recognize and report phishing attempts. 3. Enable and enforce phishing-resistant multifactor authentication...

CISA Updates Advisory on Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite

CISA and the Multi-State Information Sharing & Analysis Center MS-ISAC have updated joint Cybersecurity Advisory AA22-228A: Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite, originally released August 16, 2022. The advisory has been updated to include an additional Malwar...

Threat Actors Exploiting F5 BIG-IP CVE-2022-1388

Summary Actions for administrators to take today: • Do not expose management interfaces to the internet. • Enforce multi-factor authentication. • Consider using CISA’s Cyber Hygiene Services. The Cybersecurity and Infrastructure Security Agency CISA and the Multi-State Information Sharing &...

#StopRansomware: Vice Society

Note: This joint Cybersecurity Advisory CSA is part of an ongoing StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These StopRansomware advisories include recently and historically observed tactics, techniques,...

Warning issued about Vice Society ransomware targeting the education sector

The Federal Bureau of Investigation FBI, the Cybersecurity and Infrastructure Security Agency CISA, and the Multi-State Information Sharing and Analysis Center MS-ISAC have released a joint Cybersecurity Advisory CSA after observing Vice Society threat actors disproportionately targeting the...

#StopRansomware: Vice Society

CISA, the Federal Bureau of Investigation FBI, and the Multi-State Information Sharing and Analysis Center MS-ISAC have released a joint Cybersecurity Advisory CSA, StopRansomware: Vice Society, to disseminate tactics, techniques, and procedures TTPs and indicators of compromise IOCs associated...

Threat Actors Exploiting Multiple Vulnerabilities Against Zimbra Collaboration Suite

CISA and the Multi-State Information Sharing & Analysis Center MS-ISAC have released a joint Cybersecurity Advisory CSA in response to active exploitation of multiple vulnerabilities against Zimbra Collaboration Suite ZCS, an enterprise cloud-hosted collaboration software and email platform. CISA...

Threat Actors Exploiting F5 BIG IP CVE-2022-1388

CISA and the Multi-State Information Sharing and Analysis Center MS-ISAC have released the joint Cybersecurity Advisory Threat Actors Exploiting F5 BIG-IP CVE-2022-1388 in response to active exploitation of CVE-2022-1388, which affects F5 Networks BIG-IP devices. The vulnerability allows an...

Assess Your Risk From Ransomware Attacks, Powered by Qualys Research

Ransomware attacks are among the most significant cyber threats facing businesses today. Recent warnings about Conti ransomware, issued by a joint cybersecurity advisory from the U.S. Cybersecurity and Infrastructure Security Agency CISA, FBI and National Security Agency, are a strong signal that...

MS-ISAC Releases Cybersecurity Advisory on Zyxel Firewalls and AP Controllers

The Multi-State Information Sharing and Analysis Center MS-ISAC has released an advisory on a vulnerability in Zyxel firewalls and AP controllers. A remote attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review the MS-IS...

Google Releases Security Updates for Chrome

Google has released Chrome version 86.0.4240.198 for Windows, Mac, and Linux. This version addresses CVE-2020-16013 and CVE-2020-16017. An attacker could exploit one of these vulnerabilities to take control of an affected system. These vulnerabilities have been detected in exploits in the wild. T...

CISA and MS-ISAC Release Ransomware Guide

The Cybersecurity and Infrastructure Security Agency CISA and the Multi-State Information Sharing & Analysis Center MS-ISAC have released a joint Ransomware Guide that details practices that organizations should continuously engage in to help manage the risk posed by ransomware and other cyber...

CIS Releases 2019 Year in Review

The Center for Internet Security CIS has released its 2019 Year in Review. CIS is home to the Multi-State Information Sharing & Analysis Center MS-ISAC, a Cybersecurity and Infrastructure Security Agency CISA partner focused on cyber threat prevention, protection, response, and recovery for U.S...

MS-ISAC Releases Advisory on DrayTek Devices

The Multi-State Information Sharing & Analysis Center MS-ISAC has released an advisory regarding two vulnerable command injection points in DrayTek devices CVE-2020-8515. An attacker could exploit these vulnerabilities to take control of an affected system. These vulnerabilities were detected in...