Author: DEFENDEDGE

  • AA21-077A: Detecting Post-Compromise Threat Activity Using the CHIRP IOC Detection Tool

    Original release date: March 18, 2021 Summary This Alert announces the CISA Hunt and Incident Response Program (CHIRP) tool. CHIRP is a forensics collection tool that CISA developed to help network defenders find indicators of compromise (IOCs) associated with activity detailed in the following CISA Alerts: AA20-352A: Advanced Persistent Threat Compromise of Government Agencies, Critical… Read more

  • Zoom Screen-Sharing Glitch ‘Briefly’ Leaks Sensitive Data

    A glitch in Zoom’s screen-sharing feature shows parts of presenters’ screens that they did not intend to share – potentially leaking emails or passwords. Read more

  • Tutor LMS for WordPress Open to Info-Stealing Security Holes

    The popular learning-management system for teacher-student communication is rife with SQL-injection vulnerabilities. Read more

  • Cisco Plugs Security Hole in Small Business Routers

    The Cisco security vulnerability exists in the RV132W ADSL2+ Wireless-N VPN Routers and RV134W VDSL2 Wireless-AC VPN Routers. Read more

  • Do you have OPSEC?

    Do you have OPSEC? When organizations are finding ways to harden their networks and meet cybersecurity compliance standards, Operations Security or “OPSEC”is not a concern that always comes to mind. But this oversight can have disastrous consequences and spell financial ruin for your company. Organizations should consider OPSEC as their first layer of security. Our U.S.… Read more

  • TTP Table for Detecting APT Activity Related to SolarWinds and Active Directory/M365 Compromise

    Original release date: March 17, 2021 CISA has released a table of tactics, techniques, and procedures (TTPs) used by the advanced persistent threat (APT) actor involved with the recent SolarWinds and Active Directory/M365 compromise. The table uses the MITRE ATT&CK framework to identify APT TTPs and includes detection recommendations. This information will assist network defenders… Read more

  • AA21-076A: TrickBot Malware

    Original release date: March 17, 2021 Summary This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) have observed continued targeting through spearphishing campaigns using TrickBot… Read more

  • CISA-FBI Joint Advisory on TrickBot Malware

    Original release date: March 17, 2021 CISA and the Federal Bureau of Investigation (FBI) have released a Joint Cybersecurity Advisory (CSA) on TrickBot malware. A sophisticated group of cyber criminals are using phishing emails claiming to contain proof of traffic violations to lure victims into downloading TrickBot. TrickBot is a highly modular, multi-stage malware that… Read more

  • Microsoft Releases Exchange On-premises Mitigation Tool

    Original release date: March 16, 2021 Microsoft has released the Exchange On-premises Mitigation Tool (EOMT.ps1) that can automate portions of both the detection and patching process. Microsoft stated the following along with the release: “[the tool is intended] to help customers who do not have dedicated security or IT teams to apply these security updates.… Read more

  • Latest Mirai Variant Targets SonicWall, D-Link and IoT Devices

    A new Mirai variant is targeting known flaws in D-Link, Netgear and SonicWall devices, as well as newly-discovered flaws in unknown IoT devices. Read more