Major Incidents

Incident Response Blog: Cyber Incidents in Ukraine

As Russian forces take military action in Ukraine, cybersecurity companies are reporting various cyber attacks targeting organizations within Ukraine, such as government agencies and critical infrastructure companies, and organizations outside of the country that provide services to Ukraine. Additionally, the U.S. government has warned organizations to prepare for any cyber…

Major Incidents

Incident Response Blog: Log4j

A zero-day vulnerability (CVE-2021-44228) has been discovered in Apache Log4j. Apache Log4j is a java-based logging utility. It is widely used in cloud and enterprise software services. Exploit code has been shared publicly and multiple actors are attempting to exploit the vulnerability. The vulnerability has the potential to allow…

Major Incidents

Incident Response Blog: REvil Ransomware Campaign Targeting Kaseya VSA Customers

On Friday, 2 July, CTA members became aware of a ransomware campaign targeting Kaseya’s VSA product. VSA is used by Managed Service Providers (MSPs) to monitor and manage information technology for their clients, provide automation, and assist with software patch management. In this incident, an affiliate of REvil leveraged a…

Major Incidents

Incident Response Blog: Exploitation of Microsoft Exchange Vulnerabilities

During recent weeks, cybersecurity providers, businesses, governments, and other organizations have been responding to the publicization of four zero-day vulnerabilities affecting Microsoft Exchange Servers (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065). On March 2, Microsoft released emergency, out-of-band security updates to address these vulnerabilities, which affect a…

Major Incidents

Incident Response Blog: SUNBURST / SolarWinds

On December 13, FireEye and Microsoft released information regarding a newly discovered nation-state campaign actors leveraging access to the SolarWinds Orion Platform. The SolarWinds Orion Platform is used for IT infrastructure management in many government agencies and corporate networks. Nation-state actors compromised the SolarWinds supply chain to trojanize…

Best Practices

CTA Embarks on Year #2: Enhancing our Operational Collaboration

CTA was absolutely thrilled to have recently celebrated our first anniversary just a few weeks ago during the RSA Conference. We highlighted strong growth in membership, in staff, and in the amount of cyber threat information we shared at machine speed on a daily basis. Our first year…