Resource Type: Advisory


Top Routinely Exploited Vulnerabilities

This advisory provides details on the Common Vulnerabilities and Exposures (CVEs) routinely and frequently exploited by malicious cyber actors in 2022 and the associated Common Weakness Enumeration(s) (CWE).

Shutterstock 1612695883

Understanding LockBit

Since January 2020, affiliates using LockBit have attacked organizations of varying sizes across an array of critical infrastructure sectors, including financial services, food and agriculture, education, energy, government, emergency services, healthcare, manufacturing, and transportation.

Shutterstock 2068258154

Guide To Securing Remote Access Software

This guide overviews common exploitations and associated tactics, techniques, and procedures (TTPs) malicious actors to leverage, rendering these businesses exposed and vulnerable. It also includes recommendations to IT, OT, and ICS professionals and organizations on best practices for using remote capabilities and detecting and defending against malicious actors abusing this software.


Forecasting & Scenario Planning

How effectively is your business converting revenue into free cash flow? This measurement is the definition of business value.

Ransomware, ,close,up,of,your,files,are,encrypted,on

CISA Ransomware Guide

Ransomware incidents can severely impact business processes and leave organizations without the data to operate and deliver mission-critical services.


Federal Joint Statement on Crypto Asset Risks

The past year’s events have been marked by significant volatility and the exposure of vulnerabilities in the crypto-asset sector. These events highlight a number of key risks associated with crypto-assets and crypto-asset sector participants that banking organizations should be aware.

Concept,of,danger.,metal,bear,trap.,business Trick.,3d,illustration

Threat Hunter Handbook

Threat hunting provides a second level of defense to address gaps in the overall cybersecurity architecture by finding and disrupting attackers that evaded the organization’s automated defenses.


DoD Zero Trust Strategy

Our adversaries are in our networks, exfiltrating our data and exploiting the Department’s users. To adapt and significantly improve our deterrence strategies, this never trust, always-verify mindset requires us to take responsibility for the security of our devices, applications, assets, and services; users are granted access to only the data they need when needed.


China Cyberspace Administration Measures

Companies domiciled outside China that directly collect and process the personal information of individuals residing in China in a cross-border manner are subject to the extraterritorial application of the PIPL.


Mapping Ransomware Payment Ecosystem

Central to mitigating ransomware threats is developing an understanding of the actors, stakeholders, processes, and information.