CISA Cybersecurity Alerts

Flash cybersecurity advisories from the US Government. These alerts provide timely technical and operational information, indicators of compromise, and mitigations for current major security threats, vulnerabilities, and exploits. These alerts have been edited and adapted for audio by The CyberWire as a public service.

Trailer

Recent Episodes

Ep 32 | 9.22.22

CISA Alert AA22-265A – Control system defense: know the opponent.

This alert builds on previous NSA and CISA guidance to stop malicious ICS activity and reduce OT exposure. The alert documentation linked in the show notes describes TTPs that malicious actors use to compromise OT/ICS assets. It also recommends mitigations that owners and operators can use to defend their systems from each of the listed TTPs. NSA and CISA encourage OT and ICS owners and operators to apply the recommendations in this documentation.

Transcript

Ep 31 | 9.22.22

CISA Alert AA22-264A – Iranian state actors conduct cyber operations against the government of Albania.

In July 2022, Iranian state cyber actors—identifying as “HomeLand Justice”—launched a destructive cyber attack against the Government of Albania which rendered websites and services unavailable. An FBI investigation indicates Iranian state cyber actors acquired initial access to the victim’s network approximately 14 months before launching the destructive cyber attack, which included a ransomware-style file encryptor and disk wiping malware.

Transcript

Ep 30 | 9.15.22

CISA Alert AA22-257A – Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations.

This joint Cybersecurity Advisory highlights continued malicious cyber activity by advanced persistent threat actors affiliated with the Iranian Government’s Islamic Revolutionary Guard Corps. The IRGC-affiliated actors are actively targeting a broad range of entities, including entities across multiple U.S. critical infrastructure sectors as well as Australian, Canadian, and United Kingdom organizations.

Transcript

Ep 29 | 9.6.22

CISA Alert AA22-249A – #StopRansomware: Vice Society.

CISA, the FBI, and the Multi-State Information Sharing and Analysis Center, or MS ISAC, are releasing this advisory to disseminate indicators of compromise and TTPs associated with Vice Society actors and their ransomware campaigns. The FBI, CISA, and the MS-ISAC have recently observed Vice Society actors disproportionately targeting the education sector with ransomware attacks.

Transcript

Ep 28 | 8.17.22

CISA Alert AA22-228A – Threat actors exploiting multiple CVEs against Zimbra Collaboration suite.

CISA and the Multi-State Information Sharing & Analysis Center, or MS-ISAC are publishing this joint Cybersecurity Advisory in response to active exploitation of multiple Common Vulnerabilities and Exposures against Zimbra Collaboration Suite, an enterprise cloud-hosted collaboration software and email platform.

Transcript

Schedule: Ad Hoc

Credits: Alert sources include the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA). Technical Editor is Brandon Karpf, Producer is Jennifer Eiben, Audio Engineering, Editing and original music by Elliott Peltzman.

Social Media:

Creator: CyberWire, Inc.