The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
CISA is taking action to understand and address the recent supply-chain ransomware attack against Kaseya VSA and the multiple managed service providers (MSPs) that employ VSA software. CISA encourages organizations to review the Kaseya advisory and immediately follow their guidance to shutdown VSA servers.
The National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and the UK’s National Cyber Security Centre (NCSC) have released Joint Cybersecurity Advisory (CSA): Russian GRU Conducting Global Brute Force Campaign to Compromise Enterprise and Cloud Environments.
(Updated July 2, 2021) For new information and mitigations, see Microsoft's updated guidance for the Print spooler vulnerability (CVE-2021-34527).
(Updated July 1, 2021) See Microsoft's new guidance for the Print spooler vulnerability (CVE-2021-34527) and apply the necessary workarounds.
CISA has released a new module in its Cyber Security Evaluation Tool (CSET): the Ransomware Readiness Assessment (RRA). CSET is a desktop software tool that guides network defenders through a step-by-step process to evaluate their cybersecurity practices on their networks. CSET—applicable to both information technology (IT) and industrial control system (ICS) networks—enables users to perform a comprehensive evaluation of their cybersecurity posture using many recognized government and industry standards and recommendations.
In a blog post by Executive Assistant Director (EAD) Eric Goldstein, CISA announced the creation of a catalog to document bad cybersecurity practices that are exceptionally risky for any organization and especially dangerous for those supporting designated Critical Infrastructure or National Critical Functions.
Citrix has released security updates to address vulnerabilities in Hypervisor. An attacker could exploit these vulnerabilities to cause a denial-of-service condition.
CISA encourages users and administrators to review Citrix Security Update CTX316325 and apply the necessary updates.