• CTA: A Trusted Environment

    The Cyber Threat Alliance (CTA) Sharing Model relies on our organization’s status as a trusted environment for all of our private-sector members, as well as public sector and civil society partners. That trust also allows us to do so much more. The fact that all of CTA’s private-sector members have access to the same shared… View Article
  • Incident Response Blog: Exploitation of Microsoft Exchange Vulnerabilities

    During recent weeks, cybersecurity providers, businesses, governments, and other organizations have been responding to the publicization of four zero-day vulnerabilities affecting Microsoft Exchange Servers (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065). On March 2, Microsoft released emergency, out-of-band security updates to address these vulnerabilities, which affect a number of Microsoft Exchange product versions. Ongoing and escalating exploitation… View Article
  • Incident Response Blog: SUNBURST / SolarWinds

    On December 13, FireEye and Microsoft released information regarding a newly discovered nation-state campaign actors leveraging access to the SolarWinds Orion Platform. The SolarWinds Orion Platform is used for IT infrastructure management in many government agencies and corporate networks. Nation-state actors compromised the SolarWinds supply chain to trojanize their software updates and gain access to SolarWinds’… View Article