<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">

<meta name="Generator" content="Microsoft Word 15 (filtered medium)">

<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}

o\:* {behavior:url(#default#VML);}

w\:* {behavior:url(#default#VML);}

.shape {behavior:url(#default#VML);}

</style><![endif]--><style><!--

/* Font Definitions */

@font-face

        {font-family:"Cambria Math";

        panose-1:2 4 5 3 5 4 6 3 2 4;}

@font-face

        {font-family:Calibri;

        panose-1:2 15 5 2 2 2 4 3 2 4;}

/* Style Definitions */

p.MsoNormal, li.MsoNormal, div.MsoNormal

        {margin:0in;

        font-size:11.0pt;

        font-family:"Calibri",sans-serif;}

a:link, span.MsoHyperlink

        {mso-style-priority:99;

        color:#0563C1;

        text-decoration:underline;}

p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph

        {mso-style-priority:34;

        margin-top:0in;

        margin-right:0in;

        margin-bottom:0in;

        margin-left:.5in;

        font-size:11.0pt;

        font-family:"Calibri",sans-serif;}

.MsoChpDefault

        {mso-style-type:export-only;

        font-size:10.0pt;}

@page WordSection1

        {size:8.5in 11.0in;

        margin:1.0in 1.0in 1.0in 1.0in;}

div.WordSection1

        {page:WordSection1;}

/* List Definitions */

@list l0

        {mso-list-id:211582269;

        mso-list-template-ids:-518377292;}

@list l0:level1

        {mso-level-start-at:2;

        mso-level-tab-stop:.5in;

        mso-level-number-position:left;

        text-indent:-.25in;}

@list l1

        {mso-list-id:503597413;

        mso-list-template-ids:-556134936;}

@list l2

        {mso-list-id:582839967;

        mso-list-template-ids:924240552;}

@list l2:level1

        {mso-level-start-at:3;

        mso-level-tab-stop:.5in;

        mso-level-number-position:left;

        text-indent:-.25in;}

@list l3

        {mso-list-id:1332678895;

        mso-list-type:hybrid;

        mso-list-template-ids:-16615304 1621128394 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}

@list l3:level1

        {mso-level-text:"\(%1\)";

        mso-level-tab-stop:none;

        mso-level-number-position:left;

        text-indent:-.25in;}

@list l3:level2

        {mso-level-number-format:alpha-lower;

        mso-level-tab-stop:none;

        mso-level-number-position:left;

        text-indent:-.25in;}

@list l3:level3

        {mso-level-number-format:roman-lower;

        mso-level-tab-stop:none;

        mso-level-number-position:right;

        text-indent:-9.0pt;}

@list l3:level4

        {mso-level-tab-stop:none;

        mso-level-number-position:left;

        text-indent:-.25in;}

@list l3:level5

        {mso-level-number-format:alpha-lower;

        mso-level-tab-stop:none;

        mso-level-number-position:left;

        text-indent:-.25in;}

@list l3:level6

        {mso-level-number-format:roman-lower;

        mso-level-tab-stop:none;

        mso-level-number-position:right;

        text-indent:-9.0pt;}

@list l3:level7

        {mso-level-tab-stop:none;

        mso-level-number-position:left;

        text-indent:-.25in;}

@list l3:level8

        {mso-level-number-format:alpha-lower;

        mso-level-tab-stop:none;

        mso-level-number-position:left;

        text-indent:-.25in;}

@list l3:level9

        {mso-level-number-format:roman-lower;

        mso-level-tab-stop:none;

        mso-level-number-position:right;

        text-indent:-9.0pt;}

@list l4

        {mso-list-id:1874658958;

        mso-list-template-ids:1227499146;}

@list l4:level1

        {mso-level-start-at:4;

        mso-level-tab-stop:.5in;

        mso-level-number-position:left;

        text-indent:-.25in;}

@list l5

        {mso-list-id:2033333165;

        mso-list-template-ids:1077179478;}

@list l5:level1

        {mso-level-start-at:5;

        mso-level-tab-stop:.5in;

        mso-level-number-position:left;

        text-indent:-.25in;}

ol

        {margin-bottom:0in;}

ul

        {margin-bottom:0in;}

--></style><!--[if gte mso 9]><xml>

<o:shapedefaults v:ext="edit" spidmax="1026" />

</xml><![endif]--><!--[if gte mso 9]><xml>

<o:shapelayout v:ext="edit">

<o:idmap v:ext="edit" data="1" />

</o:shapelayout></xml><![endif]-->

</head>

<body lang="EN-US" link="#0563C1" vlink="#954F72" style="word-wrap:break-word">

<div class="WordSection1">

<p class="MsoNormal">FYSA<o:p></o:p></p>

<p class="MsoNormal"><span style="font-size:12.0pt"><o:p> </o:p></span></p>

<p class="MsoNormal"><span style="font-size:12.0pt">Just a couple of Cyber threat alert highlights from this week:<o:p></o:p></span></p>

<p class="MsoNormal"><o:p> </o:p></p>

<ol style="margin-top:0in" start="1" type="1">

<li class="MsoListParagraph" style="color:black;margin-left:0in;mso-list:l3 level1 lfo3">

<span style="font-size:12.0pt;background:white">03/06/22 – FBI and CISA published a joint message to law enforcement community.  If you are aware of a cyber incident contact the FBI or CISA (see attached).<o:p></o:p></span></li></ol>

<p class="MsoListParagraph"><span style="font-size:12.0pt"><o:p> </o:p></span></p>

<ol style="margin-top:0in" start="2" type="1">

<li class="MsoListParagraph" style="margin-left:0in;mso-list:l3 level1 lfo3"><span style="font-size:12.0pt;color:black;background:white">03/07/22 – CISA, FBI, NSA, and USSS added additional indicators of compromise to the Conti Ransomware advisory:

</span><span style="font-size:12.0pt"><a href="http://go.usa.gov/xz87x?trk=public_post_share-update_update-text"><b><span style="color:#0A66C2;border:none windowtext 1.0pt;padding:0in;background:white;text-decoration:none">go.usa.gov/xz87x</span></b></a><span style="color:black;background:white">

 Malicious cyber actors can use ransomware to hold your data hostage. We encourage all organizations to review this advisory to mitigate risk. This update is part of our larger efforts to help organizations stay on top of cybersecurity threats. We encourage

 all organizations to go Shields Up and protect their sensitive information. Learn more:

</span><a href="http://cisa.gov/shields-up?trk=public_post_share-update_update-text"><b><span style="color:#0A66C2;border:none windowtext 1.0pt;padding:0in;background:white;text-decoration:none">cisa.gov/shields-up</span></b></a><span style="color:black;background:white">

 For more information about ransomware, visit </span><a href="http://stopransomware.gov/?trk=public_post_share-update_update-text"><b><span style="color:#0A66C2;border:none windowtext 1.0pt;padding:0in;background:white;text-decoration:none">StopRansomware.gov</span></b></a><span style="color:black;background:white">

</span><a href="https://www.linkedin.com/signup/cold-join?session_redirect=https%3A%2F%2Fwww%2Elinkedin%2Ecom%2Ffeed%2Fhashtag%2Fstopransomware&trk=public_post_share-update_update-text"><b><span style="color:#0A66C2;border:none windowtext 1.0pt;padding:0in;background:white;text-decoration:none">#StopRansomware</span></b></a><o:p></o:p></span></li></ol>

<p class="MsoListParagraph"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>

<ol style="margin-top:0in" start="3" type="1">

<li class="MsoListParagraph" style="margin-left:0in;mso-list:l3 level1 lfo3"><span style="font-size:12.0pt;color:black">03/08/22 -

</span><span style="font-size:12.0pt;color:#333333">SAP has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.  CISA encourages users

 and administrators to review the <a href="https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10"><span style="color:#2B72AF">SAP Security Notes for March 2022</span></a> and apply the necessary updates. </span><span style="font-size:12.0pt"><o:p></o:p></span></li></ol>

<p class="MsoListParagraph"><span style="font-size:12.0pt;color:#333333"><o:p> </o:p></span></p>

<ol style="margin-top:0in" start="4" type="1">

<li class="MsoListParagraph" style="margin-left:0in;mso-list:l3 level1 lfo3"><span style="font-size:12.0pt;color:#333333">03/09/22 – TLP AMBER Alert Indicators of Compromise (IOCs) for APT41 (China state sponsored) shared with State CISOs.  There has been a

 lot on Russian threats just beware there are other actors still operating. More information can be found here on APT41:

</span><span style="font-size:12.0pt;color:black"><a href="https://attack.mitre.org/groups/G0096/">APT41, WICKED PANDA, Group G0096 | MITRE ATT&CK®</a></span><span style="font-size:12.0pt"><o:p></o:p></span></li></ol>

<p class="MsoListParagraph"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>

<ol style="margin-top:0in" start="5" type="1">

<li class="MsoListParagraph" style="margin-left:0in;mso-list:l3 level1 lfo3"><span style="font-size:12.0pt;color:black">03/10/22 -

</span><span style="font-size:12.0pt;color:#333333">CISA is aware of a privilege escalation vulnerability in Linux kernel versions 5.8 and later known as “Dirty Pipe” (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0847"><span style="color:#2B72AF">CVE-2022-0847</span></a>).

 A local attacker could exploit this vulnerability to take control of an affected system.  CISA encourages users and administrators to review (<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0847"><span style="color:#2B72AF">CVE-2022-0847</span></a>)

 and update to Linux kernel versions 5.16.11, 5.15.25, and 5.10.102 or later.</span><span style="font-size:12.0pt"><o:p></o:p></span></li></ol>

<p style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:7.5pt;margin-left:0in;background:white">

<span style="font-size:12.0pt;color:#333333"><o:p> </o:p></span></p>

<p class="MsoNormal"><b><span style="color:#1F497D">Theresa A. Masse<o:p></o:p></span></b></p>

<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Cyber Security Advisor, Region 10 (Oregon)

<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Cybersecurity and Infrastructure Security Agency<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Department of Homeland Security<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Phone: (503) 930-5671

<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Email:</span><span style="font-size:10.0pt;color:#777777">

</span><a href="mailto:theresa.masse@cisa.dhs.gov"><span style="font-size:10.0pt">theresa.masse@cisa.dhs.gov</span></a><u><span style="font-size:10.0pt;color:#0760C1"><o:p></o:p></span></u></p>

<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>

<p class="MsoNormal"><img border="0" width="97" height="97" style="width:1.0138in;height:1.0138in" id="Picture_x0020_1" src="cid:image001.png@01D83538.AC484DD0"><span style="color:#1F497D"><o:p></o:p></span></p>

<p class="MsoNormal"><o:p> </o:p></p>

<div>

<p class="MsoNormal"><o:p> </o:p></p>

</div>

</div>

</body>

</html>