TTCSIRT-364.10.02.20: TT-CSIRT ADVISORY – Remote Access Trojan: SLOTHFULMEDIA
The malware variant, known as SlothfulMedia, has been used by a sophisticated cyber actor. CISA and CNMF are distributing this MAR to enable network defense and reduced exposure to malicious…
Read MoreTTCSIRT-363.09.25.20: TT-CSIRT ADVISORY – LokiBot Malware
There has been a notable increase in the use of LokiBot malware by malicious cyber actors since July 2020. Throughout this period, CISA’s EINSTEIN Intrusion Detection System has detected persistent…
Read MoreTTCSIRT-362.09.25.20: TT-CSIRT ADVISORY – Cisco Security Updates
Cisco has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. Administrators are encouraged to…
Read MoreTTCSIRT-361.09.25.20: TT-CSIRT ADVISORY – Apple Security Updates
Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. Users and administrators need…
Read MoreTTCSIRT-360.09.15.20: TT-CSIRT ADVISORY – Iran-Based Threat Actor Exploits VPN Vulnerabilities
An analysis of threat actor’s indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) indicates a correlation with the group known by the names, Pioneer Kitten and UNC757. This…
Read MoreTTCSIRT-359.09.15.20: TT-CSIRT ADVISORY – Netlogon Remote Protocol Vulnerability
There is a publicly available exploit code for CVE-2020-1472, an elevation of privilege vulnerability in Microsoft’s Netlogon. Although Microsoft provided patches for CVE-2020-1472 in August 2020, unpatched systems will be an…
Read More