AA22-152A: Karakurt Data Extortion Group
Original release date: June 1, 2022 | Last revised: June 2, 2022 Summary Actions to take today to mitigate cyber threats from ransomware: • Prioritize patching known exploited vulnerabilities. • Train users to recognize and report phishing attempts. • Enforce multifactor authentication. The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), […]
AA22-158A: People’s Republic of China State-Sponsored Cyber Actors Exploit Network Providers and Devices
Original release date: June 7, 2022 | Last revised: June 10, 2022 Summary Best Practices • Apply patches as soon as possible • Disable unnecessary ports and protocols • Replace end-of-life infrastructure • Implement a centralized patch management system This joint Cybersecurity Advisory describes the ways in which People’s Republic of China (PRC) state-sponsored cyber […]
AA22-174A: Malicious Cyber Actors Continue to Exploit Log4Shell in VMware Horizon Systems
Original release date: June 23, 2022 | Last revised: June 24, 2022 Summary Actions to take today: • Install fixed builds, updating all affected VMware Horizon and UAG systems to the latest versions. If updates or workarounds were not promptly applied following VMware’s release of updates for Log4Shell in December 2021, treat all affected VMware […]
AA22-110A: Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure
Original release date: April 20, 2022 | Last revised: May 9, 2022 Summary Actions critical infrastructure organizations should implement to immediately protect against Russian state-sponsored and criminal cyber threats: • Patch all systems. Prioritize patching known exploited vulnerabilities. • Enforce multifactor authentication. • Secure and monitor Remote Desktop Protocol and other risky services. • Provide […]
AA22-117A: 2021 Top Routinely Exploited Vulnerabilities
Original release date: April 27, 2022 | Last revised: April 28, 2022 Summary This joint Cybersecurity Advisory (CSA) was coauthored by cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom: the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), Australian Cyber Security Centre […]
AA22-131A: Protecting Against Cyber Threats to Managed Service Providers and their Customers
Original release date: May 11, 2022 Summary Tactical actions for MSPs and their customers to take today: • Identify and disable accounts that are no longer in use. • Enforce MFA on MSP accounts that access the customer environment and monitor for unexplained failed authentication. • Ensure MSP-customer contracts transparently identify ownership of ICT security […]