Homeland Security Digital Library

SEARCH THE HSDL

Searching for terms: EXACT: "United States. Federal Bureau of Investigation" in: publisher

Results 751 - 768 (of 768) sorted by relevance sort by date

Only 2/3! You are seeing results from the Public Collection, not the complete Full Collection. Sign in to search everything (see eligibility).

Joint Cybersecurity Advisory: APT Actors Exploiting Newly Identified Vulnerability in ManageEngine ADSelfService Plus

Show summary Open resource [pdf] (open full abstract)
From the Summary: This joint advisory is the result of analytic efforts between the Federal Bureau of Investigation (FBI), United States Coast Guard Cyber Command (CGCYBER), and the Cybersecurity and Infrastructure Security Agency (CISA) to highlight the cyber threat associated with active exploitation of a newly identified vulnerability (CVE-2021-40539) in ManageEngine ADSelfService Plus--a self-service password management and single sign-on solution."

United States. Cybersecurity & Infrastructure Security Agency; United States. Federal Bureau of Investigation; United States. Coast Guard. Cyber Command

2021-09-16
Joint Cybersecurity Advisory: Conti Ransomware [Updated February 28, 2022]

Show summary Open resource [pdf] (open full abstract)
From the Summary: "This joint CSA [Cybersecurity Advisory] was updated to include indicators of compromise and the United States Secret Service as a co-author. [...] Conti cyber threat actors remain active and reported Conti ransomware attacks against U.S. and international organizations have risen to more than 1000. Notable attack vectors include Trickbot and Cobalt Strike. While there are no specific or credible cyber threats to the U.S. homeland at this time, CISA [Cybersecurity & Infrastructure Security Agency], FBI, NSA [National Security Agency], and the United States Secret Service (USSS) encourage organizations to review this advisory and apply the recommended mitigations."

United States. Cybersecurity & Infrastructure Security Agency; United States. Federal Bureau of Investigation; United States. National Security Agency . . .

United States. Cybersecurity & Infrastructure Security Agency; United States. Federal Bureau of Investigation; United States. National Security Agency . . .

2021-09-22
Joint Cybersecurity Advisory: APT Cyber Tools Targeting ICS/SCADA Devices

Show summary Open resource [pdf] (open full abstract)
From the Summary: "The Department of Energy (DOE), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) are releasing this joint Cybersecurity Advisory (CSA) to warn that certain advanced persistent threat (APT) actors have exhibited the capability to gain full system access to multiple industrial control system (ICS)/supervisory control and data acquisition (SCADA) devices, including: [1] Schneider Electric programmable logic controllers (PLCs), [2] OMRON Sysmac NEX PLCs, and [3] Open Platform Communications Unified Architecture (OPC UA) servers. The APT actors have developed custom-made tools for targeting ICS/SCADA devices. The tools enable them to scan for, compromise, and control affected devices once they have established initial access to the operational technology (OT) network. [...] DOE, CISA, NSA, and the FBI urge critical infrastructure organizations, especially Energy Sector organizations, to implement the detection and mitigation recommendations provided in this CSA to detect potential malicious APT activity and harden their ICS/SCADA devices."

United States. Department of Energy; United States. Cybersecurity & Infrastructure Security Agency; United States. National Security Agency . . .

2022-04-14
Nationwide SAR Initiative Annual Report 2011

Show summary Open resource [pdf] (open full abstract)
"The Nationwide Suspicious Activity Reporting (SAR) Initiative (NSI) Program Management Office (PMO) was established in March 2010 and is a collaborative effort led by the U.S. Department of Justice (DOJ), Bureau of Justice Assistance (BJA), in partnership with the U.S. Department of Homeland Security (DHS), the Federal Bureau of Investigation (FBI), and state, local, tribal, and territorial (SLTT) law enforcement partners. The NSI PMO has been working with the National Network of Fusion Centers, hometown security partners, and SLTT and federal law enforcement to implement the policies, processes, and standards of the NSI across all levels of government while ensuring that privacy, civil rights, and civil liberties are protected. Over the past year, the NSI PMO has brought in new staff members who have become essential in the continued development of the NSI. […] The NSI has worked diligently in implementing the standards, policies, and processes of the NSI across the National Network of Fusion Centers, and as of March 2012, 68 fusion centers have the capability to contribute and share suspicious activity reports, expanding the reach of the NSI to over 14,000 law enforcement agencies in 46 states, including the District of Columbia. The expansion of the NSI has allowed the Federated Search Tool to be accessed by more trained users--increasing the number of searches to more than 43,000--and over 17,000 SARs were submitted for sharing by the end of March 2011."

United States. Department of Homeland Security; United States. Bureau of Justice Assistance; United States. Department of Justice . . .

2012
Nationwide SAR Initiative Annual Report 2010

Show summary Open resource [pdf] (open full abstract)
"The Nationwide Suspicious Activity Reporting (SAR) Initiative (NSI) Program Management Office (PMO) initiated operations in March 2010 with the daunting challenge of ensuring that regardless of where in the country suspicious activity is reported, these potential indicators of terrorist activity can be analyzed and compared to other SAR information nationwide. This type of SAR analysis is at the heart of detecting and deterring a terrorist attack. Law enforcement agencies at all levels of government--state, local, tribal, territorial, and federal--have been collecting reports on suspicious activity, either from concerned citizens or businesses or through their regular duties, for years. The challenge for the NSI has been how to incorporate the informal processes that these agencies have historically used into the standards, policies, and processes developed by the NSI that allow analysts to compare and analyze SAR information from across the country and share this information with the critical law enforcement entities that need it to help prevent terrorist attacks. Community and law enforcement outreach, standardized processes, training, a privacy framework, and enabling technology are the cornerstones for successful implementation of the NSI. Through strong leadership and outreach, the NSI works with key partners at the state, local, tribal, and federal levels of government, as well as advocacy groups, to not only develop the policies and processes of the NSI but also help ensure that Americans' privacy, civil rights, and civil liberties are protected throughout these processes."

United States. Department of Homeland Security; United States. Bureau of Justice Assistance; United States. Department of Justice . . .

2011
Guidance on Initial Responses to a Suspicious Letter/Container with a Potential Biological Threat

Show summary Open resource [pdf] (open full abstract)
"A large number of potentially suspicious letters and packages continue to be reported to federal, state, and local law enforcement and emergency response agencies nationwide. In some instances these letters or packages may include powders, liquids, or other materials. Federal, state, and local response agencies should be mindful of the potential for small-scale exposure, which could result from material contained in threatening or suspicious packages. While this guidance is generally focused on the initial response to potential biological threats, all personnel responding to such incidents must be aware of the potential for exposure to hazardous chemical and/or radiological materials in addition to biological hazards. Additionally, there may be a threat posed from secondary releases or devices. Consistent with established protocols, response agencies should follow standard law enforcement procedures and hazard risk assessments in response to calls, and should pre-identify the relevant local public health points of contact to be notified in the event of a potential bioterrorism event. The following guidelines are recommendations for local responders, based on existing procedures (including recommendations from the International Association of Fire Chiefs). This document provides guidance on the initial response to a suspicious letter/container, while other follow-on response plans, such as portions of the National Response Plan (NRP), may be utilized if a threat is deemed credible. In general, these potential threats or incidents fall into one of five general scenarios."

United States. Department of Health and Human Services; United States. Federal Bureau of Investigation; United States. Department of Homeland Security . . .

2004-11-02
Nationwide SAR Initiative Annual Report 2012

Show summary Open resource [pdf] (open full abstract)
From the executive summary: "In March 2010, the Nationwide Suspicious Activity Reporting (SAR) Initiative (NSI) Program Management Office (PMO) was established as a collaborative effort led by the U.S. Department of Justice (DOJ), Bureau of Justice Assistance (BJA), in partnership with the U.S. Department of Homeland Security (DHS), the Federal Bureau of Investigation (FBI), and state, local, tribal, and territorial (SLTT) partners. Through its work with the National Network of Fusion Centers, hometown security partners, and SLTT and federal law enforcement, the NSI PMO continues to implement NSI policies, processes, and standards across all levels of government while ensuring that privacy, civil rights, and civil liberties are protected. [...] The ongoing collaboration among DOJ, DHS, the FBI, SLTT partners, and the National Network of Fusion Centers has strengthened, allowing the NSI to expand its nationwide information sharing capability. As of March 2013, 73 fusion centers have met the requirements outlined by the NSI PMO to be fully NSI-Operational--an increase of 5 centers from the same time last year--and all 78 fusion centers now maintain the capability to contribute and share suspicious activity reports through the Shared Space or eGuardian. This expansion of the NSI has allowed the Federated Search Tool to be accessed by more trained users--increasing the number of searches to more than 76,400--and more than 25,900 Information Sharing Environment (ISE)-SARs had been submitted and shared by the end of March 2013. Further, with the support of the National Network of Fusion Centers, 46 states and the District of Columbia are participating in statewide implementation of the NSI; implementation efforts are currently under way in Guam, Puerto Rico, and the U.S. Virgin Islands to ensure a strengthened nationwide capacity for sharing ISE-SAR information."

United States. Department of Homeland Security; United States. Bureau of Justice Assistance; United States. Department of Justice . . .

2013-08
Insider Threat Program: Maturity Framework

Show summary Open resource [pdf] (open full abstract)
From the introduction: "The National Insider Threat Task Force (NITTF) is charged under Executive Order (EO) 13587 with reviewing and, when appropriate, adding to or modifying the Minimum Standards and guidance in coordination with the executive branch departments and agencies (D/As) subject to the EO. The Minimum Standards provide the basic elements necessary to establish a fully functional insider threat program (InTP) and thereby serve as milestones in the InTP maturity process. The insider threat is a dynamic problem set, requiring resilient and adaptable programs to address an evolving threat landscape, advances in technology, and organizational change. The effort requires continual evaluation and updated perspectives and approaches. In furtherance of this effort, the NITTF has developed, in collaboration with executive branch D/As, an InTP Maturity Framework (hereafter referred to as 'Framework') to enhance the Minimum Standards. The Framework identifies key elements within the Minimum Standards construct to enable D/As to increase the effectiveness of program functionality, garner greater benefit from InTP resources, procedures, and processes, and tightly integrate InTP procedures and objectives with their distinct missions and challenges."

National Counterintelligence and Security Center (U.S.); United States. Department of Justice; United States. Office of the Director of National Intelligence . . .

2018-10?
Ongoing Cyber Threats to U.S. Water and Wastewater Systems

Show summary Open resource [pdf] (open full abstract)
From the Summary: "This joint advisory is the result of analytic efforts between the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Agency (CISA), the Environmental Protection Agency (EPA), and the National Security Agency (NSA) to highlight ongoing malicious cyber activity--by both known and unknown actors--targeting the information technology (IT) and operational technology (OT) networks, systems, and devices of U.S. Water and Wastewater Systems (WWS) Sector facilities. This activity--which includes attempts to compromise system integrity via unauthorized access--threatens the ability of WWS facilities to provide clean, potable water to, and effectively manage the wastewater of, their communities. [...] To secure WWS facilities--including Department of Defense (DoD) water treatment facilities in the United States and abroad--against the TTPs [tactics, techniques, and procedures] listed below, CISA, FBI, EPA, and NSA strongly urge organizations to implement the measures described in the Recommended Mitigations section of this advisory."

United States. Cybersecurity & Infrastructure Security Agency; United States. Federal Bureau of Investigation; United States. Environmental Protection Agency . . .

2021-10-14
Compromise of U.S. Water Treatment Facility

Show summary Open resource [pdf] (open full abstract)
From the Summary: "On February 5, 2021, unidentified cyber actors obtained unauthorized access to the supervisory control and data acquisition (SCADA) system at a U.S. drinking water treatment plant. The unidentified actors used the SCADA system's software to increase the amount of sodium hydroxide, also known as lye, a caustic chemical, as part of the water treatment process. Water treatment plant personnel immediately noticed the change in dosing amounts and corrected the issue before the SCADA system's software detected the manipulation and alarmed due to the unauthorized change. As a result, the water treatment process remained unaffected and continued to operate as normal. The cyber actors likely accessed the system by exploiting cybersecurity weaknesses, including poor password security, and an outdated operating system. Early information indicates it is possible that a desktop sharing software, such as TeamViewer, may have been used to gain unauthorized access to the system. Onsite response to the incident included Pinellas County Sheriff Office (PCSO), U.S. Secret Service (USSS), and the Federal Bureau of Investigation (FBI). The FBI, the Cybersecurity and Infrastructure Security Agency (CISA), the Environmental Protection Agency (EPA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) have observed cyber criminals targeting and exploiting desktop sharing software and computer networks running operating systems with end of life status to gain unauthorized access to systems."

United States. Federal Bureau of Investigation; United States. Cybersecurity & Infrastructure Security Agency; United States. Environmental Protection Agency . . .

2021-02-05
Russian GRU Conducting Global Brute Force Campaign to Compromise Enterprise and Cloud Environments

Show summary Open resource [pdf] (open full abstract)
From the Executive Summary: "Since at least mid-2019 through early 2021, Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS), military unit 26165, used a Kubernetes cluster to conduct widespread, distributed, and anonymized brute force access attempts against hundreds of government and private sector targets worldwide. GTsSS malicious cyber activity has previously been attributed by the private sector using the names Fancy Bear, APT28, Strontium, and a variety of other identifiers. The 85th GTsSS directed a significant amount of this activity at organizations using Microsoft Office 365 cloud services; however, they also targeted other service providers and on-premises email servers using a variety of different protocols. These efforts are almost certainly still ongoing."

United States. National Security Agency; United States. Cybersecurity & Infrastructure Security Agency; United States. Federal Bureau of Investigation . . .

2021-07
Guide for Developing High-Quality School Emergency Operations Plans for K-12

Show summary Open resource [pdf] (open full abstract)
"Each school day, our nation's schools are entrusted to provide a safe and healthy learning environment for approximately 55 million elementary and secondary school students in public and nonpublic schools. Families and communities expect schools to keep their children and youths safe from threats (human-caused emergencies such as crime and violence) and hazards (natural disasters, disease outbreaks, and accidents). In collaboration with their local government and community partners, schools can take steps to plan for these potential emergencies through the creation of a school Emergency Operations Plan (school EOP). Lessons learned from school emergencies highlight the importance of preparing school officials and first responders to implement emergency operations plans. By having plans in place to keep students and staff safe, schools play a key role in taking preventative and protective measures to stop an emergency from occurring or reduce the impact of an incident. Although schools are not traditional response organizations, when a school-based emergency occurs, school personnel respond immediately. They provide first aid, notify response partners, and provide instructions before first responders arrive. They also work with their community partners, i.e., governmental organizations that have a responsibility in the school emergency operations plan to provide a cohesive, coordinated response. Community partners include first responders (law enforcement officers, fire officials, and emergency medical services personnel) as well as public and mental health entities. in public and nonpublic schools. Families and communities expect schools to keep their children and youths safe from threats (human-caused emergencies such as crime and violence) and hazards (natural disasters, disease outbreaks, and accidents). In collaboration with their local government and community partners, schools can take steps to plan for these potential emergencies through the creation of a school Emergency Operations Plan (school EOP)."

United States. Department of Education; United States. Department of Health and Human Services; United States. Department of Homeland Security . . .

2013
Incorporating Active Shooter Incident Planning into Health Care Facility Emergency Operations Plans

Show summary Open resource [pdf] (open full abstract)
From the Introduction: "Our Nation's health care facilities (HCFs) are entrusted with providing expert medical care in safe and secure environments for patients, staff, and visitors. HCFs include hospitals, health clinics, hospices, long-term care facilities, academic medical centers, group medical care facilities, and physicians' and other health care providers' offices. HCFs are faced with planning for emergencies of all kinds, ranging from active shooters, hostage situations, and other similar security challenges, as well as threats from fires, tornadoes, floods, hurricanes, earthquakes, and pandemics of infectious diseases. Many of these emergencies occur with little to no warning; therefore, it is critical for HCFs to plan in advance to help ensure the safety, security, and general welfare of all members of the health care community. This document is primarily designed to encourage facilities to consider how to better prepare for an active shooter incident. Though hospitals and many other HCFs have emergency operations plans (EOPs), this document provides emergency planners, disaster committees, executive leadership, and others involved in emergency operations planning with detailed discussions of unique issues faced in an HCF. This document also includes discussions on related topics, including information sharing, psychological first aid (PFA), and law enforcement/security."

United States. Federal Emergency Management Agency; United States. Department of Health and Human Services. Office of the Assistant Secretary for Preparedness and Response; United States. Department of Justice . . .

2014-11
Joint Cybersecurity Advisory: Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure

Show summary Open resource [pdf] (open full abstract)
From the Document: "The cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom are releasing this joint Cybersecurity Advisory (CSA). The intent of this joint CSA is to warn organizations that Russia's invasion of Ukraine could expose organizations both within and beyond the region to increased malicious cyber activity [hyperlink]. This activity may occur as a response to the unprecedented economic costs imposed on Russia as well as materiel support provided by the United States and U.S. allies and partners. Evolving intelligence indicates that the Russian government is exploring options for potential cyberattacks[...]. Recent Russian state-sponsored cyber operations have included distributed denial-of-service (DDoS) attacks [hyperlink], and older operations have included deployment of destructive malware against Ukrainian government and critical infrastructure organizations [hyperlink]. Additionally, some cybercrime groups have recently publicly pledged support for the Russian government. These Russian-aligned cybercrime groups have threatened to conduct cyber operations in retaliation for perceived cyber offensives against the Russian government or the Russian people. Some groups have also threatened to conduct cyber operations against countries and organizations providing materiel support to Ukraine. Other cybercrime groups have recently conducted disruptive attacks against Ukrainian websites, likely in support of the Russian military offensive. This advisory updates joint CSA Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure [hyperlink], which provides an overview of Russian state-sponsored cyber operations and commonly observed tactics, techniques, and procedures (TTPs). This CSA [...] provides an overview of Russian state-sponsored advanced persistent threat (APT) groups, Russian-aligned cyber threat groups, and Russian-aligned cybercrime groups to help the cybersecurity community protect against possible cyber threats."

United States. Cybersecurity & Infrastructure Security Agency; United States. National Security Agency; United States. Federal Bureau of Investigation . . .

2022-04-20
Joint Cybersecurity Advisory: Protecting Against Cyber Threats to Managed Service Providers and Their Customers

Show summary Open resource [pdf] (open full abstract)
From the Summary: "The cybersecurity authorities of the United Kingdom (NCSC-UK [United Kingdom National Cyber Security Centre] [hyperlink]), Australia (ACSC [Australian Cyber Security Centre] [hyperlink]), Canada (CCCS [Canadian Centre for Cyber Security] [hyperlink]), New Zealand (NCSC-NZ [New Zealand National Cyber Security Centre] [hyperlink]), and the United States (CISA [U.S. Cybersecurity and Infrastructure Security Agency] [hyperlink]), (NSA [National Security Agency] [hyperlink]), (FBI [hyperlink]) are aware of recent reports that observe an increase in malicious cyber activity targeting managed service providers (MSPs) and expect this trend to continue. This joint Cybersecurity Advisory (CSA) provides actions MSPs and their customers can take to reduce their risk of falling victim to a cyber intrusion. This advisory describes cybersecurity best practices for information and communications technology (ICT) services and functions, focusing on guidance that enables transparent discussions between MSPs and their customers on securing sensitive data. Organizations should implement these guidelines as appropriate to their unique environments, in accordance with their specific security needs, and in compliance with applicable regulations. MSP customers should verify that the contractual arrangements with their provider include cybersecurity measures in line with their particular security requirements."

United Kingdom. National Cyber Security Centre; Australian Cyber Security Centre; Canadian Centre for Cyber Security . . .

2022-05-11
Joint Cybersecurity Advisory: Weak Security Controls and Practices Routinely Exploited for Initial Access

Show summary Open resource [pdf] (open full abstract)
From the Summary: "Cyber actors routinely exploit poor security configurations (either misconfigured or left unsecured), weak controls, and other poor cyber hygiene practices to gain initial access or as part of other tactics to compromise a victims' system. This joint Cybersecurity Advisory identifies commonly exploited controls and practices and includes best practices to mitigate the issues."

United States. Cybersecurity & Infrastructure Security Agency; United States. Federal Bureau of Investigation; United States. National Security Agency . . .

2022-05-17
Fentanyl: Safety Recommendations for First Responders

Show summary Open resource [pdf] (open full abstract)
From the Document: "[1] The abuse of drugs containing fentanyl is killing Americans. Misinformation and inconsistent recommendations regarding fentanyl have resulted in confusion in the first responder community. [2] You as a first responder (law enforcement, fire, rescue, and emergency medical services (EMS) personnel) are increasingly likely to encounter fentanyl in your daily activities (e.g., responding to overdose calls, conducting traffic stops, arrests, and searches). [3] This document provides scientific, evidence-based recommendations to protect yourself from exposure."

United States. Office of National Drug Control Policy; United States. Department of Justice; Centers for Disease Control and Prevention (U.S.) . . .

2018?
Fourth Generation Agents: Reference Guide

Show summary Open resource [pdf] (open full abstract)
"This guide was developed as part of ongoing preparedness for all hazards and is intended to inform decisions, protect emergency responders, and support response operations if an incident ever occurs involving a fourth generation agent (FGA, also known as A-series or Novichok nerve agents), such as the one used in the United Kingdom in 2018. No illicit use or manufacture of an FGA or other nerve agent is known to have occurred in the United States, and there is no known threat of any nerve agent use in the United States."

National Library of Medicine (U.S.); United States. Department of Defense; United States. Department of Transportation . . .

2019-01

21 22 23 24 25 26