US-CERT Alerts

CISA Alerts

Alerts warn about vulnerabilities, incidents, and other security issues that pose a significant risk.

AA20-225A: Malicious Cyber Actor Spoofing COVID-19 Loan Relief Webpage via Phishing Emails

Author: CISA
Posted: August 12, 2020, 1:49 pm
Original release date: August 12, 2020

Summary

The Cybersecurity and Infrastructure Security Agency (CISA) is currently tracking an unknown malicious cyber actor who is spoofing the Small Business Administration (SBA) COVID-19 loan relief webpage via phishing emails. These emails include a malicious link to the spoofed SBA website that the cyber actor is using for malicious re-directs and credential stealing.

For a downloadable copy of IOCs, see STIX file.

Technical Details

CISA analysts observ...


Read More

AA20-209A: Potential Legacy Risk from Malware Targeting QNAP NAS Devices

Author: CISA
Posted: July 27, 2020, 12:20 pm
Original release date: July 27, 2020 | Last revised: August 6, 2020

Summary

This is a joint alert from the United States Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC).

CISA and NCSC are investigating a strain of malware known as QSnatch, which attackers used in late 2019 to target Network Attached Storage (NAS) devices manufactured by the firm QNAP.  

All QNAP NAS devices are potentially vulnerable to QSnatch malware if ...


Read More

AA20-206A: Threat Actor Exploitation of F5 BIG-IP CVE-2020-5902

Author: CISA
Posted: July 24, 2020, 10:59 am
Original release date: July 24, 2020

Summary

The Cybersecurity and Infrastructure Security Agency (CISA) is issuing this alert in response to recently disclosed exploits that target F5 BIG-IP devices that are vulnerable to CVE-2020-5902. F5 Networks, Inc. (F5) released a patch for CVE-2020-5902 on June 30, 2020.[1] Unpatched F5 BIG-IP devices are an attractive target for malicious actors. Affected organizations that have not applied the patch to fix this critical remote code execution (RCE) vul...


Read More

AA20-205A: NSA and CISA Recommend Immediate Actions to Reduce Exposure Across Operational Technologies and Control Systems

Author: CISA
Posted: July 23, 2020, 2:29 pm
Original release date: July 23, 2020

Summary

Note: This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise and ATT&CK for Industrial Control Systems frameworks for all referenced threat actor techniques and mitigations.

Over recent months, cyber actors have demonstrated their continued willingness to conduct malicious cyber activity against critical infrastructure (CI) by exploiting internet-accessible operati...


Read More

AA20-198A: Malicious Cyber Actor Use of Network Tunneling and Spoofing to Obfuscate Geolocation

Author: CISA
Posted: July 16, 2020, 12:09 pm
Original release date: July 16, 2020

Summary

This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) and Pre-ATT&CK frameworks. See the MITRE ATT&CK for Enterprise and Pre-ATT&CK frameworks for referenced threat actor techniques.

Attributing malicious cyber activity that uses network tunneling and spoofing techniques to a specific threat actor is difficult. Attribution requires analysis of multiple variables, including location. Because threat actors ...


Read More