Insights

In today’s blog post, Associate Director of the Joint Cyber Defense Collaborative (JCDC) Clayton Romans highlighted recent successes of pre-ransomware notification and its impact in reducing harm from ransomware intrusions. With pre-ransomware notifications, organizations can receive early warning and potentially evict threat actors before they can encrypt and hold critical data and systems for ransom. Using this proactive cyber defense capability, CISA has notified more than 60 entities of early-stage ransomware intrusions since January 2023, including…

Read More

Today, CISA released the Untitled Goose Tool to help network defenders detect potentially malicious activity in Microsoft Azure, Azure Active Directory (AAD), and Microsoft 365 (M365) environments. The Untitled Goose Tool offers novel authentication and data gathering methods for network defenders to use as they interrogate and analyze their Microsoft cloud services. The tool enables users to: Export and review AAD sign-in and audit logs, M365 unified audit log (UAL), Azure activity logs, Microsoft Defender…

Read More

As part of the Enduring Security Framework (ESF), the Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) has released Identity and Access Management Recommended Best Practices Guide for Administrators. These recommended best practices provide system administrators with actionable recommendations to better secure their systems from threats to Identity and Access Management (IAM). IAM—a framework of business processes, policies, and technologies that facilitate the management of digital identities—ensures that users only gain…

Read More

Today, we published stakeholder-based updates to the Cybersecurity Performance Goals (CPGs). Originally released last October, the CPGs are voluntary practices that businesses and critical infrastructure owners can take to protect themselves against cyber threats. The CPGs have been reorganized, reordered and renumbered to align closely with NIST CSF functions (Identify, Protect, Detect, Respond, and Recover) to help organizations more easily use the CPGs to prioritize investments as part of a broader cybersecurity program built around…

Read More

Drupal has released a security advisory to address an access bypass vulnerability affecting multiple Drupal versions. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review Drupal security advisory SA-CONTRIB- 2023-004 for more information and apply the necessary updates.

Read More

The Federal Bureau of Investigation (FBI), CISA, and the Multi-State Information Sharing and Analysis Center (MS-ISAC) has released a joint cybersecurity advisory (CSA), #StopRansomware: LockBit 3.0. This joint advisory details known indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) that FBI investigations correlated with LockBit 3.0 ransomware as recently as March 2023. LockBit 3.0 functions as an affiliate-based ransomware variant and is a continuation of LockBit 2.0 and LockBit. CISA encourages network defenders…

Read More

CISA released four Industrial Control Systems (ICS) advisories on March 14, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-23-073-01 Omron CJ1m PLC ICSA-23-073-02 Autodesk FBX SDK ICSA-23-073-03 GE iFIX ICSA-23-073-04 AVEVA Plant SCADA and AVEVA Telemetry Server

Read More