dChan
Anonymous ID: f0f174 Oct. 14, 2020, 10:40 a.m. No.11068760   🗄️.is 🔗kun

>>11068630

>https://www.cisa.gov/sites/default/files/publications/PSA_CyberThreats_Final-508.pdf

Q IF WE PULL ALL [1] MARKERS IS THAT OUR FOCUS?

 

Seems like its Planned Parenthood, Media, No-Name type posts…

Anonymous ID: f0f174 Oct. 14, 2020, 10:51 a.m. No.11068978   🗄️.is 🔗kun

Victim Reporting and Additional Information

The FBI and CISA encourages the public to report information concerning suspicious or criminal activity to their local FBI field office (www.fbi.gov/contact-us/field). For additional assistance to include: common terms and best practices, such as media literacy, please visit the following websites:

• Protected Voices: www.fbi.gov/investigate/counterintelligence/foreign- influence/protected-voices;

• Election Crimes and Security: www.fbi.gov/scams-and- safety/common-scams-and-crimes/election-crimes-and-security; and

• #Protect2020: www.cisa.gov/protect2020.

Anonymous ID: f0f174 Oct. 14, 2020, 10:54 a.m. No.11069042   🗄️.is 🔗kun

LOCAL TECH ADMINS MUST PATCH SOFTWARE

 

Some common tactics, techniques, and procedures (TTPs) used by APT actors include leveraging legacy network access and virtual private network (VPN) vulnerabilities in association with the recent critical CVE-2020-1472 Netlogon vulnerability. CISA is aware of multiple cases where the Fortinet FortiOS Secure Socket Layer (SSL) VPN vulnerability CVE-2018-13379 has been exploited to gain access to networks. To a lesser extent, CISA has also observed threat actors exploiting the MobileIron vulnerability CVE-2020-15505. While these exploits have been observed recently, this activity is ongoing and still unfolding.

 

After gaining initial access, the actors exploit CVE-2020-1472 to compromise all Active Directory (AD) identity services. Actors have then been observed using legitimate remote access tools, such as VPN and Remote Desktop Protocol (RDP), to access the environment with the compromised credentials. Observed activity targets multiple sectors and is not limited to SLTT entities.

 

CISA recommends network staff and administrators review internet-facing infrastructure for these and similar vulnerabilities that have or could be exploited to a similar effect, including Juniper CVE-2020-1631, Pulse Secure CVE-2019-11510, Citrix NetScaler CVE-2019-19781, and Palo Alto Networks CVE-2020-2021 (this list is not considered exhaustive).

 

Click here for a PDF version of this report.

 

https://us-cert.cisa.gov/ncas/alerts/aa20-283a