01/11/2022 LIFARS ALERT: CISA, FBI, and NSA Cybersecurity Advisory: Mitigating Russian State Sponsored Cyber Threat –DOWNLOAD PDF HERE
12/14/2021 LIFARS ALERT iPhone Security Vulnerability: The iOS 15.2 update fixes 42 serious security vulnerabilities. Update as soon as possible before attackers strike. Update details: https://lifa.rs/iosupdatealert
12/13/2021 LIFARS ALERT: Apache Releases Log4j Version 2.15.0 to Address Critical RCE Vulnerability Under Exploitation. Review the Apache Log4j 2.15.0 Announcement HERE. Upgrade to Log4j 2.15.0 or apply the recommended mitigations immediately.
12/8/2021 LIFARS SMS ALERT: SonicWall has released a security advisory to address vulnerabilities affecting SonicWall Secure Mobile Access (SMA) 100 series appliances. A remote attacker could exploit these vulnerabilities to take control of an affected system. View SonicWall Advisory
12/3/2021 LIFARS SMS ALERT TLP: WHITE FBI and CISA warning APT Actors Exploiting CVE-2021-44077 in Zoho ManageEngine ServiceDesk DOWNLOAD PDF HERE
11/22/2021 LIFARS SMS ALERT – FBI, CISA, and CGCYBER have reports of malicious cyber actors using exploits against CVE-2021-40539 to gain access to ManageEngine ADSelfService Plus DOWNLOAD PDF HERE
11/19/2021 LIFARS SMS ALERT TLP:WHITE – FBI Issues Flash Alert on Actively Exploited FatPipe VPN Zero-Day Bug. Zero-day vulnerability enables a remote attacker to upload a file to any location on the filesystem on an affected device: https://lifa.rs/fbiflashalert
11/16/2021 LIFARS SMS ALERT: Chrome vulnerabilities have been discovered. Google has released Chrome version 96.0.4664.45 This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. Upgrade now.
11/14/2021 LIFARS SMS ALERT FBI Update – A software misconfiguration temporarily allowed an actor to leverage the Law Enforcement Enterprise Portal (LEEP) to send fake emails: https://lifa.rs/fbibreechupdate
11/13/2021 LIFARS SMS ALERT: FBI Server hack. Beware of emails impersonating FBI warnings that your network was breached. Messages may come from: “email@example.com” Subject: “Urgent: Threat actor in systems.” Email IP address 22.214.171.124 (mx-east-ic.fbi.gov)
10/19/2021 ALERT TLP WHITE This joint Cybersecurity Advisory was developed by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) to provide information on BlackMatter ransomware. BlackMatter ransomware has targeted multiple U.S. critical infrastructure entities, including two U.S. Food and Agriculture Sector organizations. DOWNLOAD PDF HERE
9/16/2021 ALERT TLP WHITE This joint advisory is the result of analytic efforts between the Federal Bureau of Investigation (FBI), United States Coast Guard Cyber Command (CGCYBER), and the Cybersecurity and Infrastructure Security Agency (CISA) to highlight the cyber threat associated with active exploitation of a newly identified vulnerability (CVE-2021-40539) in ManageEngine ADSelfService Plus—a self-service password management and single sign-on solution. DOWNLOAD PDF HERE
9/03/2021 Alert TLP WHITE- The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have observed an increase in highly impactful ransomware attacks occurring on holidays and weekends when offices are normally closed in the United States, as recently as the Fourth of July holiday in 2021. DOWNLOAD PDF HERE
8/30/2021 Alert TLP GREEN- The United States Secret Service continues to see a sharp rise in Business Email Compromise (BEC) incidents – both successful attacks and thwarted attempts – across all sectors of business and industry. From 2019 to present, the U.S. Secret Service has seen the frequency of reported BEC incidents increase. Particularly, due to several underlying factors, the Real Estate industry has been hit hard in several different ways. DOWNLOAD PDF HERE