As Russian forces take military action in Ukraine, cybersecurity companies are reporting various cyber attacks targeting organizations within Ukraine, such as government agencies and critical infrastructure companies, and organizations outside of the country that provide services to Ukraine. Additionally, the U.S. government has warned organizations to prepare for any cyber… Read More
A zero-day vulnerability (CVE-2021-44228) has been discovered in Apache Log4j. Apache Log4j is a java-based logging utility. It is widely used in cloud and enterprise software services. Exploit code has been shared publicly and multiple actors are attempting to exploit the vulnerability. The vulnerability has the potential to allow… Read More
When you read superhero comics, you know something exciting is going to happen when you get an issue with a milestone number, like 100, 250, or 500. Those anniversary issues are always giant-sized and start or end a huge storyline (like Amazing Spider-Man #300, when Venom first appears and Spidey… Read More
On Friday, 2 July, CTA members became aware of a ransomware campaign targeting Kaseya’s VSA product. VSA is used by Managed Service Providers (MSPs) to monitor and manage information technology for their clients, provide automation, and assist with software patch management. In this incident, an affiliate of REvil leveraged a… Read More
The Cyber Threat Alliance (CTA) released our first threat assessment focusing on the 2020 Summer Olympics in Tokyo way back in February 2020. Around the release date, we were seeing stories of a novel coronavirus beginning to spread. Some of us were starting to get concerned about it here in… Read More
The Cyber Threat Alliance (CTA) Sharing Model relies on our organization’s status as a trusted environment for all of our private-sector members, as well as public sector and civil society partners. That trust also allows us to do so much more. The fact that all of CTA’s private-sector… Read More
During recent weeks, cybersecurity providers, businesses, governments, and other organizations have been responding to the publicization of four zero-day vulnerabilities affecting Microsoft Exchange Servers (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065). On March 2, Microsoft released emergency, out-of-band security updates to address these vulnerabilities, which affect a… Read More
On December 13, FireEye and Microsoft released information regarding a newly discovered nation-state campaign actors leveraging access to the SolarWinds Orion Platform. The SolarWinds Orion Platform is used for IT infrastructure management in many government agencies and corporate networks. Nation-state actors compromised the SolarWinds supply chain to trojanize… Read More
At the heart of the Cyber Threat Alliance (CTA) is a commitment to improve cybersecurity defenses across the global information ecosystem. Our sharing of automated threat intelligence and collective engagement on unique cyber threats are critical aspects of this mission. Over time, CTA’s early sharing program has grown to be… Read More
This blog is authored by Neil Jenkins (CTA) and Kendall McKay (Cisco Talos, and lead author on the Threat Assessment) Today, the Cyber Threat Alliance (CTA) released the 2020 Summer Olympics Threat Assessment (updated April 2021), our first event-specific threat report focused on cyber risks to this… Read More