Threats

Note: Most of my rss feeds on this page are currently broken. Sorry about that. Please consider the “Threats” section under construction for now.

Department of State

The Dept of State has several threat rss feeds, but they aren’t always up.

DHS

Threat information from the Department of Homeland Security (DHS), including the National Terrorism Advisory System and Cybersecurity alerts.

National Terrorism Advisory System (NTAS) Alerts

    Feed has no items.

Cybersecurity

  • AA22-265A: Control System Defense: Know the Opponent
    by CISA on September 22, 2022 at 12:55 pm

    Original release date: September 22, 2022SummaryTraditional approaches to securing OT/ICS do not adequately address current threats. Operational technology/industrial control system (OT/ICS) assets that operate, control, and monitor day-to-day critical infrastructure and industrial processes continue to be an attractive target for malicious cyber actors. These cyber actors, including advanced persistent threat (APT) groups, target OT/ICS assets to achieve political gains, economic advantages, or destructive effects. Because OT/ICS systems manage physical operational processes, cyber actors’ operations could result in physical consequences, including loss of life, property damage, and disruption of National Critical Functions. OT/ICS devices and designs are publicly available, often incorporate vulnerable information technology (IT) components, and include external connections and remote access that increase their attack surfaces. In addition, a multitude of tools are readily […]

  • AA22-264A: Iranian State Actors Conduct Cyber Operations Against the Government of Albania
    by CISA on September 21, 2022 at 5:00 pm

    Original release date: September 21, 2022 | Last revised: September 23, 2022SummaryThe Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint Cybersecurity Advisory to provide information on recent cyber operations against the Government of Albania in July and September. This advisory provides a timeline of activity observed, from initial access to execution of encryption and wiper attacks. Additional information concerning files used by the actors during their exploitation of and cyber attack against the victim organization is provided in Appendices A and B. In July 2022, Iranian state cyber actors—identifying as “HomeLand Justice”—launched a destructive cyber attack against the Government of Albania which rendered websites and services unavailable. A FBI investigation indicates Iranian state cyber actors acquired initial access to the victim’s network approximately 14 months before launching the […]

  • AA22-257A: Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations
    by CISA on September 14, 2022 at 3:00 pm

    Original release date: September 14, 2022SummaryActions to take today to protect against ransom operations: • Keep systems and software updated and prioritize remediating known exploited vulnerabilities. • Enforce MFA. • Make offline backups of your data. This joint Cybersecurity Advisory (CSA) is the result of an analytic effort among the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), U.S. Cyber Command (USCC) - Cyber National Mission Force (CNMF), the Department of the Treasury (Treasury), the Australian Cyber Security Centre (ACSC), the Canadian Centre for Cyber Security (CCCS), and the United Kingdom’s National Cyber Security Centre (NCSC) to highlight continued malicious cyber activity by advanced persistent threat (APT) actors that the authoring agencies assess are affiliated with the Iranian Government’s Islamic Revolutionary Guard Corps (IRGC). Note: The IRGC is an Iranian […]

  • AA22-249A: #StopRansomware: Vice Society
    by CISA on September 6, 2022 at 1:00 pm

    Original release date: September 6, 2022 | Last revised: September 8, 2022SummaryActions to take today to mitigate cyber threats from ransomware: • Prioritize and remediate known exploited vulnerabilities. • Train users to recognize and report phishing attempts. • Enable and enforce multifactor authentication. Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to see all #StopRansomware advisories and to learn more about other ransomware threats and no-cost resources. The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State […]

  • AA22-228A: Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite
    by CISA on August 16, 2022 at 3:38 pm

    Original release date: August 16, 2022 | Last revised: August 29, 2022SummaryActions for ZCS administrators to take today to mitigate malicious cyber activity: • Patch all systems and prioritize patching known exploited vulnerabilities. • Deploy detection signatures and hunt for indicators of compromise (IOCs). • If ZCS was compromised, remediate malicious activity. The Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) are publishing this joint Cybersecurity Advisory (CSA) in response to active exploitation of multiple Common Vulnerabilities and Exposures (CVEs) against Zimbra Collaboration Suite (ZCS), an enterprise cloud-hosted collaboration software and email platform. CVEs currently being exploited against ZCS include: CVE-2022-24682 CVE-2022-27924 CVE-2022-27925 chained with CVE-2022-37042 CVE-2022-30333 Cyber threat actors may be targeting unpatched ZCS instances in both government and […]

  • AA22-223A: #StopRansomware: Zeppelin Ransomware
    by CISA on August 11, 2022 at 4:00 pm

    Original release date: August 11, 2022SummaryActions to take today to mitigate cyber threats from ransomware: • Prioritize remediating known exploited vulnerabilities. • Train users to recognize and report phishing attempts. • Enable and enforce multifactor authentication. Note: this joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to see all #StopRansomware advisories and to learn more about other ransomware threats and no-cost resources. The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint CSA to disseminate known Zeppelin […]

  • AA22-216A: 2021 Top Malware Strains
    by CISA on August 4, 2022 at 6:10 pm

    Original release date: August 4, 2022 | Last revised: August 25, 2022SummaryImmediate Actions You Can Take Now to Protect Against Malware: • Patch all systems and prioritize patching known exploited vulnerabilities. • Enforce multifactor authentication (MFA). • Secure Remote Desktop Protocol (RDP) and other risky services. • Make offline backups of your data. • Provide end-user awareness and training about social engineering and phishing. This joint Cybersecurity Advisory (CSA) was coauthored by the Cybersecurity and Infrastructure Security Agency (CISA) and the Australian Cyber Security Centre (ACSC).This advisory provides details on the top malware strains observed in 2021. Malware, short for “malicious software,” can compromise a system by performing an unauthorized function or process. Malicious cyber actors often use malware to covertly compromise and then gain access to a computer or mobile device. Some examples of malware include viruses, worms, Trojans, […]

  • AA22-187A: North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector
    by CISA on July 6, 2022 at 2:00 pm

    Original release date: July 6, 2022 | Last revised: July 7, 2022SummaryThe Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Department of the Treasury (Treasury) are releasing this joint Cybersecurity Advisory (CSA) to provide information on Maui ransomware, which has been used by North Korean state-sponsored cyber actors since at least May 2021 to target Healthcare and Public Health (HPH) Sector organizations. This joint CSA provides information—including tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs)—on Maui ransomware obtained from FBI incident response activities and industry analysis of a Maui sample. The FBI, CISA, and Treasury urge HPH Sector organizations as well as other critical infrastructure organizations to apply the recommendations in the Mitigations section of this CSA to reduce the likelihood of compromise from ransomware operations. Victims of Maui ransomware should report the […]

  • AA22-181A: #StopRansomware: MedusaLocker
    by CISA on June 30, 2022 at 5:00 pm

    Original release date: June 30, 2022 | Last revised: August 11, 2022SummaryActions to take today to mitigate cyber threats from ransomware: • Prioritize remediating known exploited vulnerabilities. • Train users to recognize and report phishing attempts. • Enable and enforce multifactor authentication. Note: this joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to see all #StopRansomware advisories and to learn more about other ransomware threats and no-cost resources. The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Department of the Treasury, and […]

  • AA22-174A: Malicious Cyber Actors Continue to Exploit Log4Shell in VMware Horizon Systems
    by CISA on June 23, 2022 at 5:00 pm

    Original release date: June 23, 2022 | Last revised: July 18, 2022SummaryActions to take today: • Install fixed builds, updating all affected VMware Horizon and UAG systems to the latest versions. If updates or workarounds were not promptly applied following VMware’s release of updates for Log4Shell in December 2021, treat all affected VMware systems as compromised. • Minimize the internet-facing attack surface by hosting essential services on a segregated demilitarized (DMZ) zone, ensuring strict network perimeter access controls, and implementing regularly updated web application firewalls (WAFs) in front of public-facing services The Cybersecurity and Infrastructure Security Agency (CISA) and United States Coast Guard Cyber Command (CGCYBER) are releasing this joint Cybersecurity Advisory (CSA) to warn network defenders that cyber threat actors, including state-sponsored advanced persistent threat (APT) actors, have continued to exploit CVE-2021-44228 (Log4Shell) in VMware […]

DOJ and FBI

Information from the Department of Justice (DOJ) and the FBI focused on federal law enforcement, significant cases in the news, and other alerts.

FBI Top Stories

Kidnappings and Missing Persons

    Feed has no items.

FBI Intelligence

    Feed has no items.