For a downloadable copy of indicators of compromise, see: 

Today, CISA released a cybersecurity advisory detailing lessons learned from an incident response engagement following the detection of potential malicious activity identified through security alerts generated by the agency’s endpoint detection and response tool. 

View CSAF

View CSAF

View CSAF

View CSAF

CISA is releasing this Alert to provide guidance in response to a widespread software supply chain compromise involving the world’s largest JavaScript registry, npmjs.com. A self-replicating worm—publicly known as “Shai-Hulud”—has compromised over 500 packages.[i]

SonicWall released a security advisory to assist their customers with protecting systems impacted by the MySonicWall cloud backup file incident. SonicWall’s investigation found that a malicious actor performed a series of brute force techniques against their MySonicWall.com web portal to gain access to a subset of customers’ preference files stored in their cloud backups. While credentials within the files were encrypted, the files also included information that actors can use to gain access to customers’ SonicWall Firewall devices. 

Statement from the NCSC regarding the cyber incident affecting Collins Aerospace.

The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of increased targeting of online code repositories, with threat actors employing various tactics to scan for and extract secrets, access private code bases, and modify packages to infect users. The ASD’s ACSC does not have information to indicate that a specific industry or sector is being targeted, with this advisory providing general awareness of an observed increase in activity.