CyberSecurity Updates

November 16, 2022: CISA and FBI Release Advisory on Iranian Government-Sponsored APT Actors Compromising Federal Network

Today, CISA and the Federal Bureau of Investigation (FBI) published a joint Cybersecurity Advisory (CSA), Iranian Government-Sponsored APT Actors Compromise Federal Network, Deploy Crypto Miner, Credential Harvester. The CSA provides information on an incident at a Federal Civilian Executive Branch (FCEB) organization in which Iranian government-sponsored APT actors exploited a Log4Shell vulnerability in unpatched VMware Horizon server.

The CSA includes a malware analysis report (MAR), MAR-10387061-1-v1 XMRig Cryptocurrency Mining Software, on the mining software that the APT actors used against the compromised FCEB network. The CSA also provides tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) obtained from the incident response as well as recommended mitigations.

CISA and FBI strongly recommend organizations apply the recommended mitigations and defensive measures, which include:

  • Updating affected VMware Horizon and unified access gateway (UAG) systems to the latest version.
  • Minimizing your organization’s internet-facing attack surface.
  • Exercising, testing, and validating your organization’s security program against the threat behaviors mapped to the MITRE ATT&CK for Enterprise framework in the CSA.
  • Testing your organization’s existing security controls against the ATT&CK techniques described in the CSA.

For additional information on malicious Iranian government-sponsored cyber activity, see CISA’s Iran Cyber Threat Overview and Advisories webpage and FBI’s Iran Threats webpage.


November 10, 2022: CISA Releases SSVC Methodology to Prioritize Vulnerabilities

Today CISA published its guide on Stakeholder-Specific Vulnerability Categorization (SSVC), a vulnerability management methodology that assesses vulnerabilities and prioritizes remediation efforts based on exploitation status, impacts to safety, and prevalence of the affected product in a singular system.

As stated in Executive Assistant Director (EAD) Eric Goldstein’s blog post Transforming the Vulnerability Management Landscape, implementing a methodology, such as SSVC, is a critical step to advancing the vulnerability management ecosystem. Additionally, the blog details advances—including

CISA’s Known Exploited Vulnerabilities (KEV) catalog, Common Security Advisory Framework (CSAF) machine-readable security advisories, and the Vulnerability Exploitability eXchange (VEX)—that, used in conjunction with SSVC, will reduce the window cyber threat actors have to exploit networks.

CISA encourages organizations to read EAD Goldstein’s blog post and to use the following resources on the SSVC webpage to strengthen their vulnerability management processes:

  • CISA’s SSVC decision tree
  • SSVC Guide on using SSVC and the SSVC decision tree
  • SSVC Calculator for prioritizing vulnerability responses in an organization’s respective environment

Nov. 7, 2022: CSD Cyber Defense Education and Training (CDET) Offerings

Highlights: What You Want to Know

  • CISA will host the 200th Industrial Control Systems Cybersecurity (301L) course on November 7th! This is a four-day, instructor-led, hands-on lab that is taught at a training facility in Idaho Falls, Idaho, USA. This course has a full day capstone activity dedicated to a Red Team versus Blue Team exercise. To register, please visit https://www.cisa.gov/uscert/ics/Calendar
  • A new category has been added to FedVTE under the Cybersecurity Courses called Non-Technical Cybersecurity. Some new courses that fall into this category include Cloud Monitoring, Critical Infrastructure Protection, and Cybersecurity Investigations. To see the full list of available courses in this category, visit https://fedvte.usalearning.gov/courses_nontech_cybersecurity.php
  • CISA now offers a new Analysis of a Cyber Incident course on FedVTE. This three-module course teaches the beginner analyst how to develop the analytical skills and capabilities needed to handle a potential cyber incident — from analysis to reporting findings. This course is available to federal employees. For a full list of available courses on FedVTE for federal employees, please see the course catalog. For courses available to the public, please visit https://fedvte.usalearning.gov/public_fedvte.php
  • In November and December, U.S. Executive Branch employees and contractors can participate in numerous CDM Dashboard courses, including the new CDM and Federal Mandates- Featuring how to use the CDM Dashboard to enable automated BOD-22-01 Reporting course. This course presents information regarding current Federal cybersecurity directives, mandates, and policies, and how they can be supported by the CDM Agency Dashboard. Featured prominently will be details on how to use the CDM Dashboard to enable automated BOD-22-01 Reporting.

CISA Upgrades to Version 2.0 of Traffic Light Protocol in One Week – Join Us!

October 25, 2022

On Nov. 1, 2022, CISA will upgrade from Traffic Light Protocol (TLP) 1.0 to TLP 2.0 in accordance with the recommendation by the Forum of Incident Response Security Teams (FIRST) that organizations move to 2.0 by the end of 2022. TLP Version 2.0 brings the following key updates:

  • TLP:CLEAR replaces TLP:WHITE for publicly releasable information.
  • TLP:AMBER+STRICT supplements TLP:AMBER, clarifying when information  may be shared with the recipient’s organization only.

CISA encourages all network defenders and partners to upgrade to TLP Version 2.0 to facilitate greater information sharing and collaboration. For more information see:


Cybersecurity Awareness Month 2022: CISA Mid-Campaign Announcement

Hello Campaign Partners and Friends,

Cybersecurity Awareness Month is in full swing! Our next focus is on cyber careers, and you can get involved by participating in: The National Initiative for Cybersecurity and Education’s (NICE) Cybersecurity Career Awareness Week from October 17-22.

CISA focuses on building a cyber aware public and introducing them to cyber careers from an early age. We do this through a variety of training programs for educators, the federal cyber workforce and critical infrastructure operators, as well as non-traditional training opportunities to help bring skilled professionals into the workforce quicker than traditional pathways. With these resources, CISA strives to reach those who may not have access to training in underserved communities. Some of the key resources for Cybersecurity Career Awareness Week include:


We will continue to share our campaign theme, See Yourself in Cyber, and the four action steps below:

  1. Enable Multi-Factor Authentication
  1. Use Strong Passwords – see this week’s focus below!
  1. Recognize and Report Phishing
  1. Update Your Software

 Get involved by:

  • Amplifying messages through emails, blogs, and social media.
  • Using the CISA and NCA Cybersecurity Awareness Month websites’ resources and information to create your own outreach campaign.
  • Connecting with peers, families, friends and your communities as cybersecurity awareness ambassadors, sharing how we can all See Ourselves in Cyber.