The Cybersecurity and Infrastructure Security Agency (CISA) is pleased to announce the updated Fire as a Weapon Action Guide to better understand the threats of fire as a weapon and help mitigate future attacks. In this action guide, CISA compiled notable events within the past year to capture the increased incidents of arson and incendiary…

CISA is offering free training geared toward Critical Infrastructure owners/operators designed to reduce cybersecurity risks to critical infrastructure and encourage cooperation between CISA and the private sector. These 10 day trainings run from 9:00am-6:00pm CST. For more information regarding these trainings, visit the following link:

CISA has developed no-cost cybersecurity incident response training for government employees and contractors across Federal, State, Local, and is open to educational and critical infrastructure partners.  This can be supplemental to other training resources that are available. Incident Response Training: Identify, Mitigate, Recover (IMR) series: To support the capacity of our nation’s cyber enterprise to…

Partners, In recognition of National Supply Chain Integrity Month, the Cybersecurity and Infrastructure Security Agency (CISA) is partnering with the Office of the Director of National Intelligence (ODNI), the Department of Defense, and other government and industry partners to promote a call to action for a unified effort by organizations across the country to strengthen…

CISA Releases Supplemental Guidance on Emergency Directive for Microsoft Exchange Server Vulnerabilities (TLP:WHITE)   CISA has released (TLP:WHITE) Current Activity: CISA Releases Supplemental Guidance on Emergency Directive for Microsoft Exchange Server Vulnerabilities. CISA has issued supplemental direction to Emergency Directive (ED) 21-02: Mitigate Microsoft Exchange On-Premises Product Vulnerabilities providing additional forensic triage and server hardening…

  The TVTP Grant Program seeks to provide funding to applications that align with these objectives and that protect privacy, civil rights, and civil liberties. Applicants are required to conduct a rigorous needs assessment to outline what resources are already available in their area and what gaps need to be filled. All projects have required…

  The Cybersecurity and Infrastructure Security Agency (CISA) released its next National Emergency Communications Plan (NECP) Spotlight: Leveraging Mobile Applications to Bolster Emergency Alerts and Warnings cisa.gov/necp.   This is the fourth Spotlight in a series of articles designed to demonstrate how the NECP’s recommendations apply within real-world events. This Spotlight examines three different mobile…

  CISA has published two TLP:WHITE Malware Analysis Reports (MARs) associated with Alert AA21-062A: Mitigate Microsoft Exchange Server Vulnerabilities (TLP:WHITE); details are provided below.   MAR-10329496-1.v1: China Chopper Webshell https://us-cert.cisa.gov/ncas/analysis-reports/ar21-084a MAR-10329499-1.v1: China Chopper Webshell https://us-cert.cisa.gov/ncas/analysis-reports/ar21-084b   V/r,

Critical Infrastructure Colleagues and Partners,   CISA has released the CISA Hunt and Incident Response Program (CHIRP) – a forensics collection capability – to assist network defenders with detecting activity related to the supply chain compromises affecting SolarWinds and Active Directory/Microsoft 365.   CHIRP is an open source project and is freely available to all…

Due to the overwhelming response in the number of individuals that have registered for our April 20, 2021, New Mexico Tech Counter-UAS Training Course, we are now hosting a second training course on April 27 to allow maximum participation.  Registration for the April 27 course is below and attached. The Cybersecurity and Infrastructure Security Agency,…