Attacks

Today, CISA joined the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and international partners in releasing a joint cybersecurity advisory highlighting recently discovered activities conducted by a People’s Republic of China (PRC) state-sponsored cyber threat actor.  This advisory highlights how PRC cyber actors use techniques called “living off the land” to evade detection by using built-in networking administration tools to compromise networks and conduct malicious activity. This enables the cyber actor to…

Today, CISA, the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) published an updated version of the #StopRansomware Guide, as ransomware actors have accelerated their tactics and techniques since its initial release in 2020. The update incorporates lessons learned from the past two years and includes additional recommended actions, resources, and tools to maximize its relevancy and effectiveness and to further help reduce the prevalence…

Cisco released a security advisory to address multiple vulnerabilities affecting the web-based user interface of certain Cisco Small Business Series Switches. A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition or execute arbitrary code with root privileges on an affected device. CISA encourages users and administrators to review the following advisory and apply the necessary updates: •    Cisco Small Business Series Switches Buffer Overflow Vulnerabilities For updates addressing lower severity vulnerabilities, see…

CISA released five Industrial Control Systems (ICS) advisories on May 16, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.  ICSA-23-138-01 Carlo Gavazzi Powersoft ICSA-23-138-02 Mitsubishi Electric MELSEC WS ICSA-23-138-03 Hitachi Energy MicroSCADA Pro/X SYS600 ICSA-23-138-04 Johnson Controls OpenBlue Enterprise Manager Data Collector ICSA-20-051-02 Rockwell Automation FactoryTalk Diagnostics Update B   CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations.

CISA, the Federal Bureau of Investigation (FBI), and the Australian Cyber Security Centre (ACSC) have released a joint Cybersecurity Advisory (CSA) with known BianLian ransomware and data extortion group technical details. Microsoft and Sophos contributed to the advisory. To reduce the likelihood and impact of BianLian and other ransomware incidents, CISA encourages organizations to implement mitigations recommended in this advisory. Mitigations align with the Cross-Sector Cybersecurity Performance Goals (CPGs) developed by CISA and the National Institute of…