February 2024
Red Sox’s 2024 MLB season will be chronicled in Netflix documentary series
Netflix will also air a documentary about the 2004 World Series-winning Red Sox team.
I Have $640k in a 401(k). How Do I Avoid Paying Taxes When Converting to a Roth IRA?
6 Privileged Phrases That White People Say Without Realizing It
Yankees offseason grades for every key signing and trade ahead of 2024 season
Here are Yankees offseason grades for every key trade and signing ahead of the 2024 MLB season.
CISA Launches #Protect2024 Resources Webpage for State and Local Election Officials
CISA and EPA Collaborate on Water and Wastewater Sector Cyber Resources
U.S. and International Partners Publish Cybersecurity Advisory on People’s Republic of China State-Sponsored Hacking of U.S. Critical Infrastructure
VMware Releases Security Advisory for Aria Operations for Networks
VMware released a security advisory to address multiple vulnerabilities in Aria Operations for Networks. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review VMware security advisory VMSA-2024-0002 and apply the necessary updates.
CISA and Partners Release Advisory on PRC-sponsored Volt Typhoon Activity and Supplemental Living Off the Land Guidance
Today, CISA, the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) released a joint Cybersecurity Advisory (CSA), PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure alongside supplemental Joint Guidance: Identifying and Mitigating Living off the Land Techniques.
The following federal agencies and international organizations are additional co-authors on the joint advisory and guidance:
- U.S. Department of Energy (DOE)
- U.S. Environmental Protection Agency (EPA)
- U.S. Transportation Security Administration (TSA)
- Australian Signals Directorate’s (ASD’s) Australian Cyber Security Centre (ACSC)
- Canadian Centre for Cyber Security (CCCS) a part of the Communications Security Establishment (CSE)
- United Kingdom National Cyber Security Centre (NCSC-UK)
- New Zealand National Cyber Security Centre (NCSC-NZ)
Volt Typhoon actors are seeking to pre-position themselves—using living off the land (LOTL) techniques—on IT networks for disruptive or destructive cyber activity against U.S. critical infrastructure in the event of a major crisis or conflict with the United States. The advisory provides actionable information from U.S. incident response activity that can help all organizations:
- Recognize Volt Typhoon techniques,
- Assess whether Volt Typhoon techniques have compromised your organization,
- Secure your networks from these adversarial techniques by implementing recommended mitigations.
To supplement the advisory, the Joint Guidance provides threat detection information and mitigations applicable to LOTL activity, regardless of threat actor. Additionally, CISA has published Secure by Design Alert: Security Design Improvements for SOHO Device Manufacturers, which provides technology manufactures guidance on protecting their products from Volt Typhoon compromises.
CISA and its partners strongly urge critical infrastructure organizations and technology manufacturers to read the joint advisory and guidance to defend against this threat. For more information on People’s Republic of China (PRC) state-sponsored actors, visit People’s Republic of China Cyber Threat. To learn more about secure by design principles and practices, visit Secure by Design.