ms-isac - X-Industry - Red Sky Alliance2024-03-28T21:57:58Zhttps://redskyalliance.org/xindustry/feed/tag/ms-isacCurrent DDoS Attackshttps://redskyalliance.org/xindustry/current-ddos-attacks2024-03-25T12:00:00.000Z2024-03-25T12:00:00.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}12403473466,RESIZE_930x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}12403473466,RESIZE_400x{{/staticFileLink}}" width="250" alt="12403473466?profile=RESIZE_400x" /></a>The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing this joint distributed denial-of-service (DDoS) attack guidance for federal, state, local, tribal, and territorial government entities to serve as a comprehensive resource to address the specific needs and challenges faced by government agencies in defending against DDoS attacks.</p>
<p>Distributed denial-of-service attacks typically originate from multiple sources, making them difficult to trace and effectively block the attacking internet protocol (IP) addresses. This guide provides an overview of the denial-of-service (DoS) and DDoS landscapes, including attack types, motivations, and potential impacts on government operations, as well as practical steps on implementing preventative measures, and incident response for each of the defined DDoS and DoS technique types. Additionally, it highlights why it is important for organizations to focus their planning efforts on emerging DDoS trends and technologies to better defend against malicious DDoS activity.</p>
<p>Link to full report: <a href="{{#staticFileLink}}12403473461,original{{/staticFileLink}}">Understanding and Responding to Distributed Denial-of-Service Attacks_508c.pdf</a></p>
<p><em>This article is shared at no charge for educational and informational purposes only.</em></p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com </p>
<p>Weekly Cyber Intelligence Briefings:</p>
<ul>
<li>Reporting: <a href="https://www.redskyalliance.org/">https://www.redskyalliance.org/</a></li>
<li>Website: <a href="https://www.redskyalliance.com/">https://www.redskyalliance.com/</a></li>
<li>LinkedIn: <a href="https://www.linkedin.com/company/64265941%C2%A0">https://www.linkedin.com/company/64265941 </a></li>
</ul>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>REDSHORTS - Weekly Cyber Intelligence Briefings</p>
<p><a href="https://attendee.gotowebinar.com/register/5993554863383553632">https://attendee.gotowebinar.com/register/5993554863383553632</a></p>
<p> </p></div>New #StopRansomware Guidehttps://redskyalliance.org/xindustry/new-stopransomware-guide2023-05-25T16:10:00.000Z2023-05-25T16:10:00.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}11147225465,RESIZE_400x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}11147225465,RESIZE_400x{{/staticFileLink}}" alt="11147225465?profile=RESIZE_400x" width="250" /></a>On 23 May 2023, US authorities in CISA, the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) published an updated version of the #StopRansomware Guide. Ransomware actors have accelerated their tactics and techniques since its initial release in 2020 and this guide will assist in helping cyber prevention. The update incorporates lessons learned from the past two years and includes additional recommended actions, resources, and tools to maximize its relevancy and effectiveness and to further help reduce the prevalence and impacts of ransomware.<a href="#_ftn1">[1]</a></p>
<table width="100%">
<tbody>
<tr>
<td>
<p><strong>This guide was developed through the US Joint Ransomware Task Force (JRTF).</strong></p>
<p><em>The JRTF, co-chaired by CISA and FBI, is an interagency, collaborative effort to combat the growing threat of ransomware attacks. The JRTF was launched in response to a series of high[1]profile ransomware attacks on US critical infrastructure and government agencies.</em></p>
<p><em>The JRTF:</em></p>
<p><em>• Coordinates and streamlines the US Government's response to ransomware attacks and facilitates information sharing and collaboration between government agencies and private sector partners.</em></p>
<p><em>• Ensures operational coordination for activities such as developing and sharing best practices for preventing and responding to ransomware attacks, conducting joint investigations and operations against ransomware threat actors, and providing guidance and resources to organizations that have been victimized by ransomware.</em></p>
<p><em>• Represents a significant step forward in enabling unity of effort across the US Government's efforts to address the growing threat of ransomware attacks.</em></p>
</td>
</tr>
</tbody>
</table>
<p>The #StopRansomware Guide<a href="#_ftn2">[2]</a> serves as a one-stop resource to help organizations reduce the risk of ransomware incidents through best practices to detect, prevent, respond, and recover, including step-by-step approaches to address potential attacks. The authoring organizations recommend that entities review this joint guide to prepare and protect their facilities, personnel, and customers from the impacts of ransomware and data exfiltration. For more information and to access the latest resources about how to stop ransomware, please visit stopransomware.gov.</p>
<p>This joint guide was developed through the Joint Ransomware Task Force (JRTF), an interagency collaborative effort to reduce the prevalence and impact of ransomware attacks. JRTF was established by Congress in 2022 and is co-chaired by CISA and FBI. For additional information about the JRTF, please visit CISA's newly launched Joint Ransomware Task Force (JRTF) webpage.</p>
<p>Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225, or feedback@redskyalliance.com</p>
<p>Weekly Cyber Intelligence Briefings:</p>
<ul>
<li>Reporting: <a href="https://www.redskyalliance.org/">https://www.redskyalliance.org/</a></li>
<li>Website: <a href="https://www.redskyalliance.com/">https://www.redskyalliance.com/</a></li>
<li>LinkedIn: <a href="https://www.linkedin.com/company/64265941">https://www.linkedin.com/company/64265941</a></li>
</ul>
<p>Weekly Cyber Intelligence Briefings:</p>
<p>REDSHORTS - Weekly Cyber Intelligence Briefings</p>
<ul>
<li><a href="https://attendee.gotowebinar.com/register/5504229295967742989">https://attendee.gotowebinar.com/register/5504229295967742989</a></li>
</ul>
<p><a href="#_ftnref1">[1]</a> <a href="https://www.cisa.gov/news-events/alerts/2023/05/23/cisa-and-partners-update-stopransomware-guide-developed-through-joint-ransomware-task-force-jrtf">https://www.cisa.gov/news-events/alerts/2023/05/23/cisa-and-partners-update-stopransomware-guide-developed-through-joint-ransomware-task-force-jrtf</a></p>
<p><a href="#_ftnref2">[2]</a> <a href="https://www.cisa.gov/resources-tools/resources/stopransomware-guide">https://www.cisa.gov/resources-tools/resources/stopransomware-guide</a></p></div>Multiple Vulnerabilities in PHP Could Allow for Arbitrary Code Executionhttps://redskyalliance.org/xindustry/multiple-vulnerabilities-in-php-could-allow-for-arbitrary-code-ex2020-02-21T17:41:21.000Z2020-02-21T17:41:21.000ZBill Schenkelberghttps://redskyalliance.org/members/BillSchenkelberg<div><p><a href="{{#staticFileLink}}3887263688,RESIZE_710x{{/staticFileLink}}"><img class="align-left" src="{{#staticFileLink}}3887263688,RESIZE_710x{{/staticFileLink}}" alt="3887263688?profile=RESIZE_710x" width="276" /></a>From our Friends at the US Multi-State (MS)-ISAC:</p>
<p><strong>OVERVIEW </strong>Multiple vulnerabilities have been discovered in PHP, the most severe of which could allow for arbitrary code execution. PHP is a programming language originally designed for use in web-based applications with HTML content. PHP supports a wide variety of platforms and is used by numerous web-based software applications. Successfully exploiting the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the affected application. Depending on the privileges associated with the application, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights. Failed exploitation could result in a denial-of-service condition.</p>
<p>Link to full MS-ISAC report and IOCs: <a href="{{#staticFileLink}}3887344169,original{{/staticFileLink}}">TR-20-052-001_PHP_ Abitrary Code Execution_02202020.pdf</a></p></div>