CISA: Bulletproof Defense: Mitigating Risks from Bulletproof Hosting Providers V2

CISA, in collaboration with the U.S. National Security Agency, U.S. Department of Defense Cyber Crime Center, U.S. Federal Bureau of Investigation, and international partners, have released the guide Bulletproof Defense: Mitigating Risks from Bulletproof Hosting Providers to help internet service...

CISA: Bulletproof Defense: Mitigating Risks from Bulletproof Hosting Providers

CISA, in collaboration with the U.S. National Security Agency, U.S. Department of Defense Cyber Crime Center, U.S. Federal Bureau of Investigation, and international partners, have released the guide Bulletproof Defense: Mitigating Risks from Bulletproof Hosting Providers to help internet service...

CISA and Partners Release Advisory on RansomHub Ransomware

Today, CISA—in partnership with the Federal Bureau of Investigation FBI, Multi-State Information Sharing and Analysis Center MS-ISAC, and Department of Health and Human Services HHS—released a joint Cybersecurity Advisory, StopRansomware: RansomHub Ransomware. This advisory provides network...

Royal Ransomware Actors Rebrand as “BlackSuit,” FBI and CISA Release Update to Advisory

Today, CISA—in partnership with the Federal Bureau of Investigation FBI—released an update to joint Cybersecurity Advisory StopRansomware: Royal Ransomware, StopRansomware: BlackSuit Royal Ransomware. The updated advisory provides network defenders with recent and historically observed tactics,...

CISA, NCSC-UK, and Partners Release Advisory on Russian SVR Actors Targeting Cloud Infrastructure

CISA, in partnership with UK National Cyber Security Centre NCSC and other U.S. and international partners released the joint advisory, SVR Cyber Actors Adapt Tactics for Initial Cloud Access. This advisory provides recent tactics, techniques, and procedures TTPs used by Russian Foreign...

CISA and MS-ISAC Release Advisory on Compromised Account Used to Access State Government Organization

Today, CISA and the Multi-State Information Sharing & Analysis Center MS-ISAC released a joint Cybersecurity Advisory CSA, Threat Actor Leverages Compromised Account of Former Employee to Access State Government Organization to provide network defenders with the tactics, techniques, and procedure...

CISA and Partners Release Advisory on Russian SVR-affiliated Cyber Actors Exploiting CVE-2023-42793

Today, CISA—along with the U.S. Federal Bureau of Investigation FBI, National Security Agency NSA, Polish Military Counterintelligence Service SKW, CERT Polska CERT.PL, and the UK’s National Cyber Security Centre NCSC—released a joint Cybersecurity Advisory CSA, Russian Foreign Intelligence Servi...

CISA Releases Advisory on Threat Actors Exploiting CVE-2023-26360 Vulnerability in Adobe ColdFusion

Today, CISA released a Cybersecurity Advisory CSA, Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers, to disseminate known indicators of compromise IOCs and tactics, techniques, and procedures TTPs. The vulnerability in ColdFusion CVE-2023-26360 presen...

CISA Releases Update to Royal Ransomware Advisory

Today, the Federal Bureau of Investigation FBI and the Cybersecurity and Infrastructure Security Agency CISA released an update to joint Cybersecurity Advisory CSA StopRansomware: Royal Ransomware. The updated advisory provides network defenders with additional information on tactics, techniques,...

CISA, NSA, FBI, and MS-ISAC Release Phishing Prevention Guidance

Today, the Cybersecurity Infrastructure and Security Agency CISA, the National Security Agency NSA, the Federal Bureau of Investigation FBI, and the Multi-State Information Sharing and Analysis Center MS-ISAC released a joint guide, Phishing Guidance: Stopping the Attack Cycle at Phase One. The...

Decider - A Web Application That Assists Network Defenders, Analysts, And Researcher In The Process Of Mapping Adversary Behaviors To The MITRE ATT&CK Framework

What is it? The Short A web application that assists network defenders, analysts, and researchers in the process of mapping adversary behaviors to the MITRE ATT&CK® framework. The Long Decider is a tool to help analysts map adversary behavior to the MITRE ATT&CK framework. Decider makes creating...

CISA Updates Best Practices for Mapping to MITRE ATT&CK®

Today, CISA updated Best Practices for MITRE ATT&CK® Mapping. The MITRE ATT&CK® framework is a lens through which network defenders can analyze adversary behavior and, as CISA Executive Assistant Director Eric Goldstein noted in his June 2021 blog post on the framework, it directly supports...

Wordfence Launches Free Vulnerability Database For Commercial Use – And Launches Security Portal

Today we are incredibly excited to announce that Wordfence is launching an entirely free vulnerability database API and web interface, available for commercial use by hosting companies, security organizations, threat analysts, security researchers, and the WordPress user community. This is part o...

Joint CISA FBI MS-ISAC Guide on Responding to DDoS Attacks and DDoS Guidance for Federal Agencies

CISA, the Federal Bureau of Investigation FBI, and the Multi-State Information Sharing and Analysis Center MS-ISAC have released Understanding and Responding to Distributed Denial-of-Service Attacks to provide organizations proactive steps to reduce the likelihood and impact of distributed...

CISA Upgrades to Version 2.0 of Traffic Light Protocol in One Week – Join Us!

On Nov. 1, 2022, CISA will upgrade from Traffic Light Protocol TLP 1.0 to TLP 2.0 in accordance with the recommendation by the Forum of Incident Response Security Teams FIRST that organizations move to 2.0 by the end of 2022. TLP Version 2.0 brings the following key updates: TLP:CLEAR replaces...

Iranian Islamic Revolutionary Guard Corps Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations

CISA, Federal Bureau of Investigation FBI, National Security Agency NSA, U.S. Cyber Command USCC - Cyber National Mission Force CNMF, Department of the Treasury, Australian Cyber Security Centre ACSC, Canadian Centre for Cyber Security CCCS, and United Kingdom’s National Cyber Security Centre NCS...

CISA Releases Analysis of FY21 Risk and Vulnerability Assessments

CISA has released an analysis and infographic detailing the findings from the 112 Risk and Vulnerability Assessments RVAs conducted across multiple sectors in Fiscal Year 2021 FY21. The analysis details a sample attack path comprising 11 successive tactics, or steps, a cyber threat actor could ta...

Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure

The cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom have released a joint Cybersecurity Advisory CSA to warn organizations that Russia’s invasion of Ukraine could expose organizations both within and beyond the region to increased malicious...

Guidance on Sharing Cyber Incident Information

CISA’s Sharing Cyber Event Information Fact Sheet provides our stakeholders with clear guidance and information about what to share, who should share, and how to share information about unusual cyber incidents or activity. CISA uses this information from partners to build a common understanding o...

CISA Compiles Free Cybersecurity Services and Tools for Network Defenders

CISA has compiled and published a list of free cybersecurity services and tools to help organizations reduce cybersecurity risk and strengthen resiliency. This non-exhaustive living repository includes services provided by CISA, widely used open source tools, and free tools and services offered b...