CISA Issues Guides & Resources
- Launching the Joint Cyber Defense Collaborative, a collaboration between federal, state, local, tribal, and private-sector partners to develop and execute whole-nation cybersecurity plans. The coalition looks to create unified objectives and plans, share insights, implement preventative measures, and support joint exercises between all parties.
- Communications and Cyber Resiliency Guide to support public safety agencies and others responsible for communications networks in evaluating and improving resiliency capabilities.
- Cybersecurity Workforce Training Guide to assist future and current federal, state and local staff expand their cybersecurity skills and career options.
- CISA’s Information and Communications (ICT) Supply Chain Risk Management Task Force has been extended until July 2023. Read more about the task force here and see the ICT Supply Chain Resource Library here
- A fact sheet to address the rise in ransomware attacks and highlight measures to prevent attacks and protect sensitive and personal information if an attack does occur.
StopRansomware.gov is the new US Government website launched to help organizations reduce their risk of ransomware. This site helps government agencies pool resources to better protect their networks against cyber threats like ransomware. The website will also highlight the latest ransomware related alerts.
A White House memo on ransomware
What We Urge You To Do (June 2021) - a message from Neuberger, Deputy Assistant to the President and Deputy National Security Advisor for Cyber and Emerging Technology.
MEMO: To Protect Against The Threat of Ransomware
FACT SHEET: President Signs Executive Order Charting New Course to Improve the Nation’s Cybersecurity and Protect Federal Government
Apache Log4j Vulnerability Exploit Quick Guide
Log4j is a ubiquitous piece of software used to record activities in a wide range of systems found in consumer-facing products and services. Recently, a serious vulnerability in the popular Java logging package, Log4j (CVE-2021-44228) was disclosed, posing a severe risk to millions of consumer products to enterprise software and web applications. The vulnerability (CVE-2021-44228) in the Apache Log4j logging library allows for remote code execution (RCE), ransomware, crypto miners, and data exfiltration. The Log4shell attacks can be delivered through a variety of protocols including IMAP, DNS, SMTP, HTTP, and LDAP. This vulnerability is being widely exploited by a growing set of attackers, and we urge you to take action. For more informtaion, please view the Strategic Technology Solutions' Apache Log4j Vulnerability Exploit Quick Guide....