Category: alerts

Original release date: March 18, 2021 Summary This Alert announces the CISA Hunt and Incident Response Program (CHIRP) tool. CHIRP is a forensics collection tool that CISA developed to help network defenders find indicators of compromise (IOCs) associated with activity detailed in the following CISA Alerts: AA20-352A: Advanced Persistent Threat Compromise of Government Agencies, Critical… Read more

A glitch in Zoom’s screen-sharing feature shows parts of presenters’ screens that they did not intend to share – potentially leaking emails or passwords. Read more

The Cisco security vulnerability exists in the RV132W ADSL2+ Wireless-N VPN Routers and RV134W VDSL2 Wireless-AC VPN Routers. Read more

The popular learning-management system for teacher-student communication is rife with SQL-injection vulnerabilities. Read more

Original release date: March 17, 2021 CISA has released a table of tactics, techniques, and procedures (TTPs) used by the advanced persistent threat (APT) actor involved with the recent SolarWinds and Active Directory/M365 compromise. The table uses the MITRE ATT&CK framework to identify APT TTPs and includes detection recommendations. This information will assist network defenders… Read more

Original release date: March 17, 2021 Summary This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) have observed continued targeting through spearphishing campaigns using TrickBot… Read more

Original release date: March 17, 2021 CISA and the Federal Bureau of Investigation (FBI) have released a Joint Cybersecurity Advisory (CSA) on TrickBot malware. A sophisticated group of cyber criminals are using phishing emails claiming to contain proof of traffic violations to lure victims into downloading TrickBot. TrickBot is a highly modular, multi-stage malware that… Read more

Original release date: March 16, 2021 Microsoft has released the Exchange On-premises Mitigation Tool (EOMT.ps1) that can automate portions of both the detection and patching process. Microsoft stated the following along with the release: “[the tool is intended] to help customers who do not have dedicated security or IT teams to apply these security updates.… Read more

A new Mirai variant is targeting known flaws in D-Link, Netgear and SonicWall devices, as well as newly-discovered flaws in unknown IoT devices. Read more

Public proof-of-concept (PoC) exploits for ProxyLogon could be fanning a feeding frenzy of attacks even as patching makes progress. Read more