Original release date: July 19, 2021
This advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9, and MITRE D3FEND™ framework, version 0.9.2-BETA-3. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques and the D3FEND framework for referenced defensive tactics and techniques.
The National Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), and Federal Bureau of Investigation (FBI) assess that People’s Republic of China state-sponsored malicious cyber activity is a major threat to U.S. and Allied cyberspace assets. Chinese state-sponsored cyber actors aggressively target U.S. and allied political, economic, military, educational, and critical infrastructure (CI) personnel and organizations to steal sensitive data, critical and emerging key technologies, intellectual property, and personally identifiable information (PII). Some target sectors include managed service providers, semiconductor companies, the Defense Industrial Base (DIB), universities, and medical institutions. These cyber operations support China’s long-term economic and military development objectives.
This Joint Cybersecurity Advisory (CSA) provides information on tactics, techniques, and procedures (TTPs) used by Chinese state-sponsored cyber actors. This advisory builds on previous NSA, CISA, and FBI reporting to inform federal, state, local, tribal, and territorial (SLTT) government, CI, DIB, and private industry organizations about notable trends and persistent TTPs through collaborative, proactive, and retrospective analysis.
To increase the defensive posture of their critical networks and reduce the risk of Chinese malicious cyber activity, NSA, CISA, and FBI urge government, CI, DIB, and private industry organizations to apply the recommendations listed in the Mitigations section of this advisory and in Appendix A: Chinese State-sponsored Cyber Actors’ Observed Procedures. Note: NSA, CISA, and FBI encourage organization leaders to review CISA Joint Insights: Chinese Malicious Cyber Activity: Threat Overview for Leaders for information on this threat to their organization.
Click here for a PDF version of this report.
07/19/2021 07:00 AM EDT
07/19/2021 07:23 AM EDT
Have you seen the latest coronavirus Delta variant numbers? That rise in cases means one thing for sure: Your employees aren’t returning to their cubicles anytime soon.
In businesses and homes, email is still a necessity for communication. But which email client is the best to use? You might be surprised to find out that it’s not Microsoft Outlook.
IT and OT environments are increasing targets and threat actors are using Dark Web forums to launch cybercrimes, according to Accenture’s 2021 Cyber Threat Intelligence report.
Microsoft Linux has arrived, but it’s not what you imagined. Jack Wallen shares his take on this new arrival called CBL-Mariner and even shows you how to build it.
Original release date: July 21, 2021
As part of CISA’s ongoing response to Pulse Secure compromises, CISA has analyzed 13 malware samples related to exploited Pulse Secure devices. CISA encourages users and administrators to review the following 13 malware analysis reports (MARs) for threat actor techniques, tactics, and procedures (TTPs) and indicators of compromise (IOCs) and to review CISA’s Alert Exploitation of Pulse Connect Secure Vulnerabilities for more information.
An attacker who exploits this flaw could use system privileges to install programs, view or delete data, and create accounts with full user rights.
Original release date: July 21, 2021
The Homeland Security Systems Engineering and Development Institute, sponsored by the Department of Homeland Security and operated by MITRE, has released the 2021 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses list. The Top 25 uses data from the National Vulnerability Database (NVD) to compile the most frequent and critical errors that can lead to serious vulnerabilities in software. An attacker can often exploit these vulnerabilities to take control of an affected system, obtain sensitive information, or cause a denial-of-service condition.
Commentary: DuckDuckGo is small by Google’s standards, but the company is proving it’s very possible to make a lot of money with just a bit more privacy.