US-CERT Blog Alerts

View CSAF

View CSAF

date: March 24, 2022

Summary

Actions to Take Today to Protect Energy Sector Networks:
• Implement and ensure robust network segmentation between IT and ICS networks.
• Enforce MFA to authenticate to a system.
• Manage the creation of, modification of, use of—and permissions associated with—privileged accounts.

date: March 17, 2022

Summary

Actions to Take Today:
• Use secure methods for authentication.
• Enforce principle of least privilege.
• Review trust relationships.
• Implement encryption.
• Ensure robust patching and system configuration audits.
• Monitor logs for suspicious activity.
• Ensure incident response, resilience, and continuity of operations plans are in place.

date: March 15, 2022

Summary

Multifactor Authentication (MFA): A Cybersecurity Essential
• MFA is one of the most important cybersecurity practices to reduce the risk of intrusions—according to industry research, users who enable MFA are up to 99 percent less likely to have an account compromised.
• Every organization should enforce MFA for all employees and customers, and every user should sign up for MFA when available.
• Organizations that implement MFA should review default configurations and modify as necessary, to reduce the likelihood that a sophisticated adversary can circumvent this control.

date: February 26, 2022 | Last revised: March 1, 2022

Summary

Actions to Take Today:
• Set antivirus and antimalware programs to conduct regular scans.
• Enable strong spam filters to prevent phishing emails from reaching end users.
• Filter network traffic.
• Update software.
• Require multifactor authentication.

date: February 24, 2022

Summary

Actions to Take Today to Protect Against Malicious Activity
* Search for indicators of compromise.
* Use antivirus software.
* Patch all systems.
* Prioritize patching known exploited vulnerabilities.
* Train users to recognize and report phishing attempts.
* Use multi-factor authentication.

date: February 16, 2022

Summary

Actions to Help Protect Against Russian State-Sponsored Malicious Cyber Activity:
• Enforce multifactor authentication.
• Enforce strong, unique passwords.
• Enable M365 Unified Audit Logs.
• Implement endpoint detection and response tools.

date: February 9, 2022 | Last revised: February 10, 2022

Summary

Immediate Actions You Can Take Now to Protect Against Ransomware: • Update your operating system and software.
• Implement user training and phishing exercises to raise awareness about the risk of suspicious links and attachments.
• If you use Remote Desktop Protocol (RDP), secure and monitor it.
• Make an offline backup of your data.
• Use multifactor authentication (MFA).

date: January 11, 2022 | Last revised: March 1, 2022

Summary

Actions Critical Infrastructure Organizations Should Implement to Immediately Strengthen Their Cyber Posture.
• Patch all systems. Prioritize patching known exploited vulnerabilities.
• Implement multi-factor authentication.
• Use antivirus software.
• Develop internal contact lists and surge support.