The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

RSS feed for current activities

Guidance on Remediating Networks Affected by the SolarWinds and Active Directory/M365 Compromise

Since December 2020, CISA has been responding to a significant cybersecurity incident involving an advanced persistent threat (APT) actor targeting networks of multiple U.S. government agencies, critical infrastructure entities, and private sector organizations. The APT actor added malicious code to multiple versions of the SolarWinds Orion platform and leveraged it—as well as other techniques, including—for initial access to enterprise networks.

CISA Strongly Urges All Organizations to Immediately Address Microsoft Exchange Vulnerabilities

CISA has published a Remediating Microsoft Exchange Vulnerabilities web page that strongly urges all organizations to immediately address the recent Microsoft Exchange Server product vulnerabilities. As exploitation of these vulnerabilities is widespread and indiscriminate, CISA strongly advises organizations follow the guidance laid out in the web page. The guidance provides specific steps for both leaders and IT security staff and is applicable for all sizes of organizations across all sectors.

Microsoft IOC Detection Tool for Exchange Server Vulnerabilities

Microsoft has released an updated script that scans Exchange log files for indicators of compromise (IOCs) associated with the vulnerabilities disclosed on March 2, 2021.

Microsoft Releases Alternative Mitigations for Exchange Server Vulnerabilities

Microsoft has released alternative mitigation techniques for Exchange Server customers who are not able to immediately apply updates that address vulnerabilities disclosed on March 2, 2021.

Update to Alert on Mitigating Microsoft Exchange Server Vulnerabilities

CISA is aware of threat actors using open source tools to search for vulnerable Microsoft Exchange Servers and advises entities to investigate for signs of a compromise from at least September 1, 2020. CISA has updated the Alert on the Microsoft Exchange server vulnerabilities with additional detailed mitigations. 

Joint NSA and CISA Guidance on Strengthening Cyber Defense Through Protective DNS

The National Security Agency (NSA) and CISA have released a Joint Cybersecurity Information (CSI) sheet with guidance on selecting a protective Domain Name System (PDNS) service as a key defense against malicious cyber activity. Protective DNS can greatly reduce the effectiveness of ransomware, phishing, botnet, and malware campaigns by blocking known-malicious domains. Additionally organizations can use DNS query logs for incident response and threat hunting activities.