FBI Releases PIN on Ransomware Straining Local Governments and Public Services

03/31/2022 11:00 AM EDT

Original release date: March 31, 2022

The Federal Bureau of Investigation (FBI) has released a Private Industry Notification (PIN) to inform U.S. Government Facilities Sector partners of cyber actors conducting ransomware attacks on local government agencies that have resulted in disrupted operational services, risks to public safety, and financial losses.

CISA encourages local government officials and public service providers to review FBI PIN: Ransomware Attacks Straining Local U.S. Governments and Public Services and apply the recommended mitigations.
 

This product is provided subject to this Notification and this Privacy & Use policy.

CISA Compiles Free Cybersecurity Services and Tools for Network Defenders

02/18/2022 10:00 AM EST

Original release date: February 18, 2022

CISA has compiled and published a list of free cybersecurity services and tools to help organizations reduce cybersecurity risk and strengthen resiliency. This non-exhaustive living repository includes services provided by CISA, widely used open source tools, and free tools and services offered by private and public sector organizations across the cybersecurity community. Before turning to the free offerings, CISA strongly recommends organizations take certain foundational measures to implement a strong cybersecurity program:

CISA encourages network defenders to take the measures above and consult the list of free cybersecurity services and tools to reduce the likelihood of a damaging cyber incident, detect malicious activity, respond to confirmed incidents, and strengthen resilience.

This product is provided subject to this Notification and this Privacy & Use policy.

Mozilla Releases Security Updates for Network Security Services

12/02/2021 05:41 PM EST

Original release date: December 2, 2021

Mozilla has released security updates to address a vulnerability in Network Security Services (NSS).  An attacker could exploit this vulnerability to take control of an affected system.  

CISA encourages users and administrators to review the Mozilla Security Advisory for NSS and apply the necessary update. 

This product is provided subject to this Notification and this Privacy & Use policy.

NOBELIUM Attacks on Cloud Services and other Technologies

10/25/2021 02:44 PM EDT

Original release date: October 25, 2021

Microsoft has released a blog on NOBELIUM attacks on cloud services and other technologies. CISA urges users and administrators to review [NOBELIUM targeting delegated administrative privileges to facilitate broader attacks] and apply the necessary mitigations.

This product is provided subject to this Notification and this Privacy & Use policy.