Let Us Create A Free Data Management Plan For You!
Get your data connected to an IT STAR!
StarDM is not affiliated with nor a partner of CISA – This information is provided as a convenience for informational purposes only
Mitigating Attacks Against Uninterruptable Power Supply Devices
Original release date: March 29, 2022CISA and the Department of Energy (DOE) are aware of threat actors gaining access to a variety of internet-connected uninterruptable power supply (UPS) devices, often through unchanged default usernames and
CISA Adds 32 Known Exploited Vulnerabilities to Catalog
Original release date: March 28, 2022CISA has added 32 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber
CISA Adds 66 Known Exploited Vulnerabilities to Catalog
Original release date: March 25, 2022CISA has added 66 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber
State-Sponsored Russian Cyber Actors Targeted Energy Sector from 2011 to 2018
Original release date: March 24, 2022CISA, the Federal Bureau of Investigation, and the Department of Energy have released a joint Cybersecurity Advisory (CSA) detailing campaigns conducted by state-sponsored Russian cyber actors from 2011 to 2018 that
AA22-083A: Tactics, Techniques, and Procedures of Indicted State-Sponsored Russian Cyber Actors Targeting the Energy Sector
Original release date: March 24, 2022SummaryActions to Take Today to Protect Energy Sector Networks: • Implement and ensure robust network segmentation between IT and ICS networks. • Enforce MFA to authenticate to a system. •
FBI and FinCEN Release Advisory on AvosLocker Ransomware
Original release date: March 22, 2022The Federal Bureau of Investigation (FBI) and the Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) have released a joint Cybersecurity Advisory identifying indicators of compromise associated with AvosLocker ransomware.
CRI-O Security Update for Kubernetes
Original release date: March 18, 2022CRI-O has released a security update addressing a critical vulnerability—CVE-2022-0811—in CRI-O 1.19. A local attacker could exploit this vulnerability to take control of an affected Kubernetes environment as well as
AA22-076A: Strengthening Cybersecurity of SATCOM Network Providers and Customers
Original release date: March 17, 2022SummaryActions to Take Today: • Use secure methods for authentication. • Enforce principle of least privilege. • Review trust relationships. • Implement encryption. • Ensure robust patching and system configuration
CISA Adds 15 Known Exploited Vulnerability to Catalog
Original release date: March 15, 2022CISA has added 15 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of