This advisory provides details on the Common Vulnerabilities and Exposures (CVEs) routinely and frequently exploited by malicious cyber actors in 2022 and the associated Common Weakness Enumeration(s) (CWE).
Resource Type: Advisory
Understanding LockBit
Since January 2020, affiliates using LockBit have attacked organizations of varying sizes across an array of critical infrastructure sectors, including financial services, food and agriculture, education, energy, government, emergency services, healthcare, manufacturing, and transportation.
Guide To Securing Remote Access Software
This guide overviews common exploitations and associated tactics, techniques, and procedures (TTPs) malicious actors to leverage, rendering these businesses exposed and vulnerable. It also includes recommendations to IT, OT, and ICS professionals and organizations on best practices for using remote capabilities and detecting and defending against malicious actors abusing this software.
Forecasting & Scenario Planning
How effectively is your business converting revenue into free cash flow? This measurement is the definition of business value.
CISA Ransomware Guide
Ransomware incidents can severely impact business processes and leave organizations without the data to operate and deliver mission-critical services.
Federal Joint Statement on Crypto Asset Risks
The past year’s events have been marked by significant volatility and the exposure of vulnerabilities in the crypto-asset sector. These events highlight a number of key risks associated with crypto-assets and crypto-asset sector participants that banking organizations should be aware.
Threat Hunter Handbook
Threat hunting provides a second level of defense to address gaps in the overall cybersecurity architecture by finding and disrupting attackers that evaded the organization’s automated defenses.
DoD Zero Trust Strategy
Our adversaries are in our networks, exfiltrating our data and exploiting the Department’s users. To adapt and significantly improve our deterrence strategies, this never trust, always-verify mindset requires us to take responsibility for the security of our devices, applications, assets, and services; users are granted access to only the data they need when needed.
China Cyberspace Administration Measures
Companies domiciled outside China that directly collect and process the personal information of individuals residing in China in a cross-border manner are subject to the extraterritorial application of the PIPL.
Mapping Ransomware Payment Ecosystem
Central to mitigating ransomware threats is developing an understanding of the actors, stakeholders, processes, and information.