CISA and FBI Release Advisory on Iranian Government-Sponsored APT Actors Compromise Federal Network

The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) published a joint Cybersecurity Advisory (CSA) about suspected Iranian government-sponsored actors that compromised a federal civilian executive branch (FCEB) agency. The advisory, “Iranian Government-Sponsored APT Actors Compromise Federal Network, Deploy Crypto Miner, Credential Harvester” provides information on their tactics, techniques, and procedures…

Read More

DHS/CISA Mass Gathering Security Planning Tool Available

The Cybersecurity and Infrastructure Security Agency (CISA) recently released a new tool titled; Mass Gathering Security Planning Tool that I wanted to share with you. This tool will provide event planners with a framework to begin or continue planning efforts for a mass gathering or special event, as well as key resources that will point…

Read More

DHS Virtual Instructor Led Training (VILT) Awareness Courses

The Office for Bombing Prevention (OBP) leads the Department of Homeland Security’s (DHS) efforts to implement the National Policy for Countering Improvised Explosive Devices (PDF) (National Counter-IED policy) and enhance the nation’s ability to prevent, protect against, respond to, and mitigate the use of explosives against critical infrastructure; the private sector; and federal, state, local, tribal, and territorial…

Read More

CISA Adds Seven Known Exploited Vulnerabilities to Catalog

CISA Adds Seven Known Exploited Vulnerabilities to Catalog 11/08/2022 10:57 AM EST Original release date: November 8, 2022 CISA has added seven vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.…

Read More

Cyber Training Bulletin  –  November and December

Cyber Training Bulletin  –  November and December   CSD Cyber Defense Education and Training (CDET) Offerings Highlights: What You Want to Know CISA will host the 200th Industrial Control Systems Cybersecurity (301L) course on November 7th! This is a four-day, instructor-led, hands-on lab that is taught at a training facility in Idaho Falls, Idaho, USA.…

Read More

CISA, NSA, ODNI Announce New ESF Guidance for Software Suppliers/Vendors

The Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Office of the Director of National Intelligence (ODNI) partnered with industry and government experts under the Enduring Security Framework (ESF) to release Securing the Software Supply Chain Recommended Practices Guide for Suppliers and accompanying fact sheet. Software suppliers/vendors act as a…

Read More

CISA Kicks Off Infrastructure Security Month

The Cybersecurity and Infrastructure Security Agency (CISA) kicks off Infrastructure Security Month 2022. This November, CISA reminds everyone that Infrastructure Security is National Security: Together we can Drive Down Risk, Build Resilience. Keeping the nation’s critical infrastructure secure is a foundation of our national security. Critical infrastructure spans everything from healthcare, water, and education to chemical, transportation…

Read More

CISA Releases Guidance on Phishing-Resistant and Numbers Matching Multifactor Authentication

The Cybersecurity and Infrastructure Security Agency (CISA) released a released two fact sheets to give IT leaders and network defenders an improved understanding of current threats against accounts and systems that use multifactor authentication (MFA), “Implementing Phishing-Resistant MFA” and “Implementing Number Matching in MFA Applications.” Because not all forms of MFA are equally secure, the…

Read More

CISA, FBI and MS-ISAC Release New Joint DDoS Guide

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI) and the  Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint guide, “Understanding and Responding to Distributed Denial-of-Service Attacks”, to provide organizations with proactive steps to reduce the likelihood and impact of distributed denial-of-service (DDoS) attacks. Although DDoS attacks are unlikely…

Read More

CISA Region 4 November Active Shooter Preparedness Workshop

THIS IS NOT A TACTICAL TRAINING COURSE Tuesday, November 8, 2022 1:00 p.m. EST (12:00 p.m. CST) The Cybersecurity and Infrastructure Security Agency (CISA), Region 4 (Alabama, Florida, Georgia, Kentucky, Mississippi, North Carolina, South Carolina, and Tennessee) invites you to join a two-hour security webinar to enhance your organization’s resilience in case of an active…

Read More