CISA and International Partners Release Advisory on Russia-based Threat Actor Group, Star Blizzard

Today, the Cybersecurity and Infrastructure Security Agency CISA—in coordination with the United Kingdom’s National Cyber Security Centre UK-NCSC, Australian Signals Directorate’s Australian Cyber Security Centre ASD’s ACSC, Canadian Centre for Cyber Security CCCS, New Zealand National Cyber...

Why Organisations Need Both EDR and NDR for Complete Network Protection

Endpoint devices like desktops, laptops, and mobile phones enable users to connect to enterprise networks and use their resources for their day-to-day work. However, they also expand the attack surface and make the organisation vulnerable to malicious cyberattacks and data breaches. Why Modern...

APT Actors Exploiting CVE-2021-44077 in Zoho ManageEngine ServiceDesk Plus

Summary This joint Cybersecurity Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge ATT &CK® framework, Version 9. See the ATT&CK for Enterprise framework for referenced threat actor techniques and for mitigations. This joint advisory is the result of analytic efforts...

DDoS Attacks: A Flourishing Business for Cybercrooks – Podcast

Distributed denial-of-service DDoS started out as an inconvenience: They were a roadblock that kept customers from getting at systems. That’s bad enough. Keeping availability away from customers via DDoS can have a painful impact on businesses as they find their doors blocked to customers, keepin...

Exploitation of Pulse Connect Secure Vulnerabilities

Summary The Cybersecurity and Infrastructure Security Agency CISA is aware of compromises affecting a number of U.S. government agencies, critical infrastructure entities, and other private sector organizations by a cyber threat actor—or actors—beginning in June 2020 or earlier related to...

Malware Targeting Pulse Secure Devices

As part of CISA’s ongoing response to Pulse Secure compromises, CISA has analyzed 13 malware samples related to exploited Pulse Secure devices. CISA encourages users and administrators to review the following 13 malware analysis reports MARs for threat actor techniques, tactics, and procedures TT...

Updates to Alert on Pulse Connect Secure

CISA has updated Alert AA21-110A: Exploitation of Pulse Connect Secure Vulnerabilities to include new threat actor techniques, tactics, and procedures TTPs, indicators of compromise IOCs, and updated mitigations. CISA encourages users and administrators to review AA21-110A and the following...

Malicious Cyber Actor Use of Network Tunneling and Spoofing to Obfuscate Geolocation

Summary This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge ATT &CK™ and Pre-ATT&CK frameworks. See the MITRE ATT&CK for Enterprise and Pre-ATT&CK frameworks for referenced threat actor techniques. Attributing malicious cyber activity that uses network tunneli...