StarDM is not affiliated with nor a partner of CISA – This information is provided as a convenience for informational purposes only
Guidance on Sharing Cyber Incident Information
Original release date: April 7, 2022CISA’s Sharing Cyber Event Information Fact Sheet provides our stakeholders with clear guidance and information about what to share, who should share, and how to share information about unusual cyber
CISA Adds Three Known Exploited Vulnerabilities to Catalog
Original release date: April 6, 2022CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber
CERT/CC Releases Information on Spring4Shell Vulnerability
Original release date: April 1, 2022The CERT Coordination Center (CERT/CC) has released information on a vulnerability (CVE-2022-22965), known as “Spring4Shell,” affecting Spring Framework, a Java framework that creates applications, including web applications. A remote attacker
CISA Releases Security Advisories for Rockwell Automation Products
Original release date: March 31, 2022CISA has released two Industrial Controls Systems Advisories (ICSAs) detailing vulnerabilities in Rockwell Automation products. An attacker could exploit these vulnerabilities to inject code on affected system. CISA encourages
FBI Releases PIN on Ransomware Straining Local Governments and Public Services
Original release date: March 31, 2022The Federal Bureau of Investigation (FBI) has released a Private Industry Notification (PIN) to inform U.S. Government Facilities Sector partners of cyber actors conducting ransomware attacks on local government agencies
CISA Adds Seven Known Exploited Vulnerabilities to Catalog
Original release date: March 31, 2022CISA has added seven new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber
FBI Releases PIN on Phishing Campaign against U.S. Election Officials
Original release date: March 30, 2022The Federal Bureau of Investigation (FBI) has released a Private Industry Notification (PIN) to warn U.S. election and other state and local government officials about invoice-themed phishing emails that could
Mitigating Attacks Against Uninterruptable Power Supply Devices
Original release date: March 29, 2022CISA and the Department of Energy (DOE) are aware of threat actors gaining access to a variety of internet-connected uninterruptable power supply (UPS) devices, often through unchanged default usernames and
CISA Adds 32 Known Exploited Vulnerabilities to Catalog
Original release date: March 28, 2022CISA has added 32 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber