Critical Infrastructure Colleagues and Partners, Please find attached and distribute to your members and partners a memo from Anne Neuberger, Deputy Assistant to the President and Deputy National Security Advisor for Cyber and Emerging Technology, titled “What We Urge You To Do To Protect Against The Threat of Ransomware.” Partners can find more information on … Read more
Critical Infrastructure Colleagues and Partners, The Federal Bureau of Investigation (FBI) has released an FBI FLASH, APT Actors Exploiting Fortinet Vulnerabilities to Gain Access for Malicious Activity, which describes advanced persistent threat (APT) actors exploiting known Fortinet FortiOS vulnerabilities. APT actors may exploit these vulnerabilities to gain initial access to multiple government, commercial, and technology … Read more
Apply Microsoft April 2021 Security Update to Mitigate Newly Disclosed Microsoft Exchange Vulnerabilities Critical Infrastructure Colleagues and Partners, Today, the Acting Director of the Cybersecurity and Infrastructure Security Agency (CISA) issued supplemental direction version 2 (https://cyber.dhs.gov/ed/21-02/#supplemental-direction-v2) to Emergency Directive (ED) 21-02 requiring federal agencies to apply the Microsoft April 2021 update to all affected Exchange … Read more
CISA and the Federal Bureau of Investigation (FBI) have released a Joint Cybersecurity Advisory(https://www.ic3.gov/Media/News/2021/210402.pdf) (CSA) to warn users and administrators of the likelihood that advanced persistent threat (APT) actors are actively exploiting known Fortinet FortiOS vulnerabilities CVE-2018-13379 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13379), CVE-2020-12812 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12812), and CVE-2019-5591 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5591). APT actors may use these vulnerabilities or other common exploitation techniques to gain initial access … Read more
In recognition of National Supply Chain Integrity Month, the Cybersecurity and Infrastructure Security Agency (CISA) is partnering with the Office of the Director of National Intelligence (ODNI), the Department of Defense, and other government and industry partners to promote a call to action for a unified effort by organizations across the country to strengthen global … Read more
The Cybersecurity and Infrastructure Security Agency (CISA) released the CISA Insights: COVID-19 Vaccination Hesitancy within the Critical Infrastructure (https://www.cisa.gov/insights). It provides an overview of COVID-19 vaccination hesitancy and steps that critical infrastructure owners and operators can take to reduce the risk and encourage vaccine acceptance across their critical sectors’ workforce. COVID-19 vaccination hesitancy within the … Read more
Microsoft has released the EOMT.ps1 tool that can automate portions of both the detection and patching process and help your organization check for indicators of compromise (IOCs) by running the Microsoft IOC Detection Tool for Exchange Server Vulnerabilities. In addition, CISA has added seven Malware Analysis Reports (MARs) to Alert AA21-062A: Mitigate Microsoft Exchange Server … Read more
CISA is rolling up three important notices with this message: 1) Release of the Joint FBI-CISA Cybersecurity Advisory on Compromise of Microsoft Exchange Server, 2) a Product Specific Vulnerability Alert on F5’s BIG-IP and BIG-IQ devices, and 3) Updates on Recommended Short-Term Remediation of Supply Chain Compromise. Although some information in the latter two notices … Read more