CISA Alerts

AA20-106A: Guidance on the North Korean Cyber Threat

Original release date: April 15, 2020 | Last revised: June 23, 2020 Summary The U.S. Departments of State, the Treasury, and Homeland Security, and the Federal Bureau of Investigation are issuing this advisory as a comprehensive resource on the North Korean cyber threat for the international community, network defenders, and the public. The advisory highlights …

AA20-106A: Guidance on the North Korean Cyber Threat Read More »

AA20-099A: COVID-19 Exploited by Malicious Cyber Actors

Original release date: April 8, 2020 Summary This is a joint alert from the United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC). This alert provides information on exploitation by cybercriminal and advanced persistent threat (APT) groups of the current coronavirus disease …

AA20-099A: COVID-19 Exploited by Malicious Cyber Actors Read More »

AA20-099A: COVID-19 Exploited by Malicious Cyber Actors

Original release date: April 8, 2020 Summary This is a joint alert from the United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC). This alert provides information on exploitation by cybercriminal and advanced persistent threat (APT) groups of the current coronavirus disease …

AA20-099A: COVID-19 Exploited by Malicious Cyber Actors Read More »

AA20-073A: Enterprise VPN Security

Original release date: March 13, 2020 | Last revised: April 15, 2020 Summary As organizations prepare for possible impacts of Coronavirus Disease 2019 (COVID-19), many may consider alternate workplace options for their employees. Remote work options—or telework—require an enterprise virtual private network (VPN) solution to connect employees to an organization’s information technology (IT) network. As …

AA20-073A: Enterprise VPN Security Read More »

AA20-073A: Enterprise VPN Security

Original release date: March 13, 2020 | Last revised: April 15, 2020 Summary As organizations prepare for possible impacts of Coronavirus Disease 2019 (COVID-19), many may consider alternate workplace options for their employees. Remote work options—or telework—require an enterprise virtual private network (VPN) solution to connect employees to an organization’s information technology (IT) network. As …

AA20-073A: Enterprise VPN Security Read More »

AA20-049A: Ransomware Impacting Pipeline Operations

Original release date: February 18, 2020 Summary Note: This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) framework. See the MITRE ATT&CK for Enterprise and ATT&CK for Industrial Control Systems (ICS) frameworks for all referenced threat actor techniques and mitigations. The Cybersecurity and Infrastructure Security Agency (CISA) encourages asset owner operators …

AA20-049A: Ransomware Impacting Pipeline Operations Read More »

AA20-049A: Ransomware Impacting Pipeline Operations

Original release date: February 18, 2020 | Last revised: June 30, 2020 Summary Note: This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) framework. See the MITRE ATT&CK for Enterprise and ATT&CK for Industrial Control Systems (ICS) frameworks for all referenced threat actor techniques and mitigations. The Cybersecurity and Infrastructure Security …

AA20-049A: Ransomware Impacting Pipeline Operations Read More »

AA20-031A: Detecting Citrix CVE-2019-19781

Original release date: January 31, 2020 | Last revised: February 18, 2020 Summary Unknown cyber network exploitation (CNE) actors have successfully compromised numerous organizations that employed vulnerable Citrix devices through a critical vulnerability known as CVE-2019-19781.[1] Though mitigations were released on the same day Citrix announced CVE-2019-19781, organizations that did not appropriately apply the mitigations …

AA20-031A: Detecting Citrix CVE-2019-19781 Read More »

AA20-020A: Critical Vulnerability in Citrix Application Delivery Controller, Gateway, and SD-WAN WANOP

Original release date: January 20, 2020 | Last revised: January 27, 2020 Summary Note: As of January 24, 2020, Citrix has released all expected updates in response to CVE-2019-19781.[1]  On January 19, 2020, Citrix released firmware updates for Citrix Application Delivery Controller (ADC) and Citrix Gateway versions 11.1 and 12.0. On January 22, 2020, Citrix released security …

AA20-020A: Critical Vulnerability in Citrix Application Delivery Controller, Gateway, and SD-WAN WANOP Read More »

AA20-014A: Critical Vulnerabilities in Microsoft Windows Operating Systems

Original release date: January 14, 2020 Summary New vulnerabilities are continually emerging, but the best defense against attackers exploiting patched vulnerabilities is simple: keep software up to date. Timely patching is one of the most efficient and cost-effective steps an organization can take to minimize its exposure to cybersecurity threats. On January 14, 2020, Microsoft …

AA20-014A: Critical Vulnerabilities in Microsoft Windows Operating Systems Read More »