#StopRansomware: Black Basta

May 10, 2024 at 04:13PM The joint Cybersecurity Advisory (CSA) pertains to Black Basta, a ransomware variant targeting critical infrastructure, particularly the Healthcare and Public Health (HPH) Sector. Affiliates use phishing and exploiting vulnerabilities for initial access, employ a double-extortion model, and conduct data exfiltration prior to encryption. The CSA provides TTPs, IOCs, and mitigations … Read more

US Government Issues New DDoS Mitigation Guidance

March 22, 2024 at 09:54AM CISA, FBI, and MS-ISAC have issued updated joint guidance on defending against DoS and DDoS attacks. The guidance categorizes attacks, provides mitigation recommendations, and outlines differences between DoS and DDoS attacks. Organizations are advised to conduct risk assessments, implement network monitoring, and activate incident response plans to minimize potential damage … Read more

U.S. State Government Network Breached via Former Employee’s Account

February 16, 2024 at 03:03AM The US CISA reported a state government network compromise due to a former employee’s admin account. The threat actor gained access via a virtual private network and obtained credentials from a separate breach. The incident highlighted the lack of multi-factor authentication and the need to secure privileged accounts. The attackers … Read more

How States Help Municipalities Build Their Cyber Defenses

December 20, 2023 at 08:00AM Michael Gregg, CISO for North Dakota, discusses leveraging grants to reduce cyber insurance costs for municipalities. The US Infrastructure Investment and Jobs Act enables states to enhance cybersecurity through the State and Local Cybersecurity Grant Program. Connecticut’s CISO, Jeff Brown, emphasizes the importance of collaboration and support to improve cybersecurity … Read more

CISA and FBI Issue Warning About Rhysida Ransomware Double Extortion Attacks

November 16, 2023 at 08:12AM The U.S. Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and MS-ISAC have issued an advisory about the Rhysida ransomware. The threat actors behind Rhysida use a ransomware-as-a-service model and target organizations in various sectors. They exploit VPNs, the Zerologon vulnerability, and phishing campaigns to gain access to networks. Rhysida … Read more

US Government Releases Anti-Phishing Guidance

October 19, 2023 at 08:42AM The US cybersecurity agency CISA, along with the NSA, FBI, and MS-ISAC, has released a joint guide on phishing techniques. Threat actors use social engineering to trick victims into revealing their credentials or visiting malicious websites. To mitigate credential theft phishing, organizations are advised to implement strong multi-factor authentication and … Read more

CISA, FBI urge admins to patch Atlassian Confluence immediately

October 16, 2023 at 11:08AM CISA, FBI, and MS-ISAC have issued a warning to network administrators to immediately patch their Atlassian Confluence servers due to a critical privilege escalation flaw (CVE-2023-22515) that is actively being exploited. The flaw affects Confluence Data Center and Server 8.0.0 and later versions. Atlassian has released security updates and advised … Read more