/ en Wed, 30 Jul 2025 15:19:20 -0500 Tue, 29 Jul 25 09:19:56 -0500 /h-isac-white-reports/2025-07-29-h-isac-tlp-white-threat-bulletin-russia-nexus-threat-actors-may-retaliate-against-ukraine <div class="container row"><div class="row"><div class="col-md-8"><p>In an update on July 28, the US has shortened the deadline to 12 days, putting more pressure on Russia to broker a deal with Ukraine.</p><p>Today, it was also announced by pro-Ukrainian threat actors that they were responsible for attacking Russia’s largest airline. The two events are likely to create a flare-up in tensions between the US and Russia, which is likely to manifest itself in the form of cyber attacks against US and NATO critical infrastructure.</p></div><div class="col-md-4"><div><p><strong>For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:</strong></p><h3><a href="/system/files/media/file/2020/11/AHA-Riggi-Senior-Advisor-for-Cyber-and-Risk-Bio-08102020.pdf">John Riggi</a></h3><h4>National Advisor for Cybersecurity and Risk, AHA</h4><h4><a href="mailto:jriggi@aha.org?subject=Cybersecurity and Risk Advisory Services Query">jriggi@aha.org</a></h4><h4>(O) <a href="tel:1-202-626-2272">+1 202 626 2272</a></h4><div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/system/files/media/file/2020/11/AHA-Riggi-Senior-Advisor-for-Cyber-and-Risk-Bio-08102020.pdf" target="_blank">More on John Riggi</a></div><div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/guidesreports/2018-06-15-cybersecurity-and-risk-advisory-services" target="_blank">Learn more about AHA's Cybersecurity and Risk Advisory Services</a></div></div></div></div></div> Tue, 29 Jul 2025 09:19:56 -0500 H-ISAC: White Reports /h-isac-white-reports/2025-07-09-h-isac-tlp-white-threat-bulletin-poc-exploits-available-citrix-netscaler-adc-and-netscaler <div class="container row"><div class="row"><div class="col-md-8"><p>Proof-of-Concept (PoC) exploits for a critical vulnerability, tracked as CVE-2025-5777 and dubbed CitrixBleed2, affecting Citrix NetScaler ADC and Gateway devices are publicly available.</p><p>Security researchers have confirmed that the security flaw’s exploit complexity is low and can lead to the compromise of user session tokens. Successful exploitation allows threat actors to access memory contents by delivering specially crafted POST requests during login attempts.</p><p>Despite Citrix advising that there is no evidence to suggest CVE-2025-5777 is actively being exploited, security researchers have <a href="https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Freliaquest.com%2Fblog%2Fthreat-spotlight-citrix-bleed-2-vulnerability-in-netscaler-adc-gateway-devices%2F&data=05%7C02%7Cdsamuels%40aha.org%7C23356d730c794c5ef65b08ddbef91ecd%7Cb9119340beb74e5e84b23cc18f7b36a6%7C0%7C0%7C638876699647804055%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=xzx7UutRLdQUSQ32xNR%2FUto19vaHq8TaRjf3%2F6XMvf8%3D&reserved=0" target="_blank">opposing information</a> that indicates otherwise.</p><p>View the detailed report below.</p></div><div class="col-md-4"><div><p><strong>For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:</strong></p><h3><a href="/system/files/media/file/2020/11/AHA-Riggi-Senior-Advisor-for-Cyber-and-Risk-Bio-08102020.pdf">John Riggi</a></h3><h4>National Advisor for Cybersecurity and Risk, AHA</h4><h4><a href="mailto:jriggi@aha.org?subject=Cybersecurity and Risk Advisory Services Query">jriggi@aha.org</a></h4><h4>(O) <a href="tel:1-202-626-2272">+1 202 626 2272</a></h4><div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/system/files/media/file/2020/11/AHA-Riggi-Senior-Advisor-for-Cyber-and-Risk-Bio-08102020.pdf" target="_blank">More on John Riggi</a></div><div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/guidesreports/2018-06-15-cybersecurity-and-risk-advisory-services" target="_blank">Learn more about AHA's Cybersecurity and Risk Advisory Services</a></div></div></div></div></div> Wed, 09 Jul 2025 10:16:30 -0500 H-ISAC: White Reports /h-isac-white-reports/2025-06-26-h-isac-tlp-green-ransomware-data-leak-sites-report-june-26-2025 <div class="container row"><div class="row"><div class="col-md-8"><p>The information provided in the report is pulled from threat actor data leak sites ‘as is,’ meaning, it is shared as it has been posted by the threat group. They have been known to make mistakes, have typos, mis-name victims, or use other language aside from the victim name. The report shares the information ‘as is’ and neither the source of the report, nor our team, goes to the individual sites to verify the information, though it can be (and we sometimes do) cross-referenced with other reporting sources. Neither the originator of the report, nor our team, is in direct discussion w/ the threat actors. There are cyber threat intelligence firms that do engage in cybercrime forums and can provide additional perspectives of victims and ongoing discussions occurring in those forums.</p></div><div class="col-md-4"><div><p><strong>For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:</strong></p><h3><a href="/system/files/media/file/2020/11/AHA-Riggi-Senior-Advisor-for-Cyber-and-Risk-Bio-08102020.pdf">John Riggi</a></h3><h4>National Advisor for Cybersecurity and Risk, AHA</h4><h4><a href="mailto:jriggi@aha.org?subject=Cybersecurity and Risk Advisory Services Query">jriggi@aha.org</a></h4><h4>(O) <a href="tel:1-202-626-2272">+1 202 626 2272</a></h4><div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/system/files/media/file/2020/11/AHA-Riggi-Senior-Advisor-for-Cyber-and-Risk-Bio-08102020.pdf" target="_blank">More on John Riggi</a></div><div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/guidesreports/2018-06-15-cybersecurity-and-risk-advisory-services" target="_blank">Learn more about AHA's Cybersecurity and Risk Advisory Services</a></div></div></div></div></div> Thu, 26 Jun 2025 08:25:52 -0500 H-ISAC: White Reports /h-isac-white-reports/2025-06-20-h-isac-tlp-white-threat-update-potential-cascading-cybersecurity-impacts-israeli-strikes <div class="container row"><div class="row"><div class="col-md-8"><p><em><strong>June 20, 2025 Update</strong></em></p><p><em>Multiple hacktivist groups are gearing up to launch attacks against Israel in response to the onset of the Israel-Iran war. According to the cybersecurity firm Radware, there has been a sharp increase in the number of distributed denial of service (DDoS) attacks targeting Israel. </em></p><p>View the details below. </p></div><div class="col-md-4"><div><p><strong>For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:</strong></p><h3><a href="/system/files/media/file/2020/11/AHA-Riggi-Senior-Advisor-for-Cyber-and-Risk-Bio-08102020.pdf">John Riggi</a></h3><h4>National Advisor for Cybersecurity and Risk, AHA</h4><h4><a href="mailto:jriggi@aha.org?subject=Cybersecurity and Risk Advisory Services Query">jriggi@aha.org</a></h4><h4>(O) <a href="tel:1-202-626-2272">+1 202 626 2272</a></h4><div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/system/files/media/file/2020/11/AHA-Riggi-Senior-Advisor-for-Cyber-and-Risk-Bio-08102020.pdf" target="_blank">More on John Riggi</a></div><div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/guidesreports/2018-06-15-cybersecurity-and-risk-advisory-services" target="_blank">Learn more about AHA's Cybersecurity and Risk Advisory Services</a></div></div></div></div></div> Fri, 20 Jun 2025 09:59:11 -0500 H-ISAC: White Reports /h-isac-white-reports/2025-06-20-h-isac-tlp-white-hacking-healthcare-weekly-blog-june-19-2025 <p>This week, Health-ISAC<sup>®</sup>'s Hacking Healthcare<sup>®</sup> looks at how the European Commission continues to support its action plan to improve the cybersecurity of hospitals and healthcare providers directly and indirectly with new funding opportunities totaling nearly €150 million. Join us as we investigate what the European Commission wants to achieve and how it might affect Health-ISAC members.</p><p>View the details below. </p> Fri, 20 Jun 2025 09:36:03 -0500 H-ISAC: White Reports /h-isac-white-reports/2025-06-06-h-isac-tlp-white-hacking-healthcare-weekly-blog-june-6-2025 <div class="container row"><div class="row"><div class="col-md-8"><p>This week, Health-ISAC®'s Hacking Healthcare® examines where things stand several months into the Trump Administration's term regarding healthcare and cybersecurity. This edition of Hacking Healthcare will recap some of the significant developments from the beginning of Trump’s term to Thursday’s confirmation hearings, and then will assess what we might expect to see happen next.</p><p>View the detailed report below.</p></div><div class="col-md-4"><div><p><strong>For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:</strong></p><h3><a href="/system/files/media/file/2020/11/AHA-Riggi-Senior-Advisor-for-Cyber-and-Risk-Bio-08102020.pdf">John Riggi</a></h3><h4>National Advisor for Cybersecurity and Risk, AHA</h4><h4><a href="mailto:jriggi@aha.org?subject=Cybersecurity and Risk Advisory Services Query">jriggi@aha.org</a></h4><h4>(O) <a href="tel:1-202-626-2272">+1 202 626 2272</a></h4><div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/system/files/media/file/2020/11/AHA-Riggi-Senior-Advisor-for-Cyber-and-Risk-Bio-08102020.pdf" target="_blank">More on John Riggi</a></div><div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/guidesreports/2018-06-15-cybersecurity-and-risk-advisory-services" target="_blank">Learn more about AHA's Cybersecurity and Risk Advisory Services</a></div></div></div></div></div> Fri, 06 Jun 2025 15:15:37 -0500 H-ISAC: White Reports /h-isac-white-reports/2025-05-29-h-isac-tlp-white-brazilian-critical-infrastructure-threat-landscape <p>Monthly Geopolitical Deep Dive: <strong>May</strong> <strong>2025</strong></p><p>This report, published once a month, is an in-depth analysis of a geopolitical trend whose cascading consequences adversely impact the healthcare sector. This report is a joint endeavor between RANE and Health-ISAC. The guidance and insight within are designed to help members navigate particularly complex geopolitical developments with healthcare-specific analysis and mitigation strategies. </p><p>View the detailed reports below. </p> Thu, 29 May 2025 11:56:18 -0500 H-ISAC: White Reports /h-isac-white-reports/2025-05-29-brazilian-critical-infrastructure-threat-landscape-and-implications-healthcare-organizations <h2>Key Judgements </h2><ul><li>Fragmented care between rural and urban clinical environments has led to heightened risks of violence toward health sector employees. Brazilian centralized healthcare access requires large data stores, which threat actors have often targeted.</li><li>Nation-state actors and financially-motivated criminals pose espionage, data breach and extortion risks: Brazilian critical infrastructure organizations face a broad array of cyber threats, including sophisticated foreign state-sponsored threats, as well as growing nonstate cybercriminal (and hacktivist) campaigns, which elevate a range of monetary and operational risks, including for healthcare entities.</li><li>Petty criminals and organized criminal groups occasionally threaten critical services: Copper cable thefts are pervasive and sporadically result in blackouts or disruption to traffic light systems, while organized criminal groups damage or prevent maintenance of water stations and telecommunication antennas in low-income areas they control, posing operational risks to healthcare service providers in these regions.</li><li>Protest activity and labor action will likely pick up ahead of 2026 elections: Brazil’s polarized political and social environments will fuel recurring protests and strikes over the coming 18months, opening the door to sporadic violent and/or disruptive incidents.</li><li>Terrorism risks will remain low, although isolated plots will persist: While Brazil has not recorded terrorist incidents in recent decades, police have thwarted multiple plots in recent years, highlighting underlying risks of religiously- or politically-motivated attacks.</li><li>Increasingly frequent extreme weather events threaten to disrupt transportation and utilities: Intense droughts have become more frequent and will threaten hydroelectric power generation and water transportation, while heavy rains will result in flash floods and landslides, causing significant damage to urban and road infrastructure.</li></ul><p>View the detailed report below.</p> Thu, 29 May 2025 11:39:07 -0500 H-ISAC: White Reports /h-isac-white-reports/2025-05-07-h-isac-tlp-green-ransomware-data-leak-sites-report-may-7-2025 <div class="container row"><div class="row"><div class="col-md-8"><p>The information provided in the report is pulled from threat actor data leak sites ‘as is,’ meaning, it is shared as it has been posted by the threat group. They have been known to make mistakes, have typos, mis-name victims, or use other language aside from the victim name. The report shares the information ‘as is’ and neither the source of the report, nor our team, goes to the individual sites to verify the information, though it can be (and we sometimes do) cross-referenced with other reporting sources. Neither the originator of the report, nor our team, is in direct discussion w/ the threat actors. There are cyber threat intelligence firms that do engage in cybercrime forums and can provide additional perspectives of victims and ongoing discussions occurring in those forums.</p><p>View the detailed report below.</p></div><div class="col-md-4"><div><p><strong>For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:</strong></p><h3><a href="/system/files/media/file/2020/11/AHA-Riggi-Senior-Advisor-for-Cyber-and-Risk-Bio-08102020.pdf">John Riggi</a></h3><h4>National Advisor for Cybersecurity and Risk, AHA</h4><h4><a href="mailto:jriggi@aha.org?subject=Cybersecurity and Risk Advisory Services Query">jriggi@aha.org</a></h4><h4>(O) <a href="tel:1-202-626-2272">+1 202 626 2272</a></h4><div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/system/files/media/file/2020/11/AHA-Riggi-Senior-Advisor-for-Cyber-and-Risk-Bio-08102020.pdf" target="_blank">More on John Riggi</a></div><div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/guidesreports/2018-06-15-cybersecurity-and-risk-advisory-services" target="_blank">Learn more about AHA's Cybersecurity and Risk Advisory Services</a></div></div></div></div></div> Wed, 07 May 2025 14:28:02 -0500 H-ISAC: White Reports /2025-04-03-h-isac-tlp-white-threat-bulletin-ivanti-connect-secure-vulnerability-actively-exploited-china-nexus-group <div class="container row"><div class="row"><div class="col-md-8"><p>On April 3, 2025, Ivanti released a <a href="https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fforums.ivanti.com%2Fs%2Farticle%2FApril-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-22457%3Flanguage%3Den_US&data=05%7C02%7Cdsamuels%40aha.org%7C7647d718a4864ab4a43c08dd72e1b884%7Cb9119340beb74e5e84b23cc18f7b36a6%7C0%7C0%7C638793035997807744%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=eBvIsCGHz%2BSUjUti1SNx3h4HahWVPPLpgZWpU%2Fbm9o8%3D&reserved=0" target="_blank">security advisory</a> regarding the active exploitation of a critical security flaw affecting vulnerable Ivanti Connect Secure, Pulse Connect Secure, Policy Secure, and ZTA gateway products.</p><p>The vulnerability, tracked as CVE-2025-22457, has a CVSS critical score of 9.0 and is a stack-based buffer overflow flaw impacting Ivanti Connect Secure (22.7R2.5 and prior), Pulse Connect Secure (9.1R18.9 and prior) which reached end-of-support as of December 31, 2024, Ivanti Policy Secure (22.7R1.3 and prior), and ZTA Gateways (22.8R2 and prior).</p><p>Successful exploitation of the security flaw allows remote unauthenticated threat actors to gain remote code execution capabilities on vulnerable instances.</p><p>VIew the detailed report below.</p></div><div class="col-md-4"><div><p><strong>For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:</strong></p><h3><a href="/system/files/media/file/2020/11/AHA-Riggi-Senior-Advisor-for-Cyber-and-Risk-Bio-08102020.pdf">John Riggi</a></h3><h4>National Advisor for Cybersecurity and Risk, AHA</h4><h4><a href="mailto:jriggi@aha.org?subject=Cybersecurity and Risk Advisory Services Query">jriggi@aha.org</a></h4><h4>(O) <a href="tel:1-202-626-2272">+1 202 626 2272</a></h4><div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/system/files/media/file/2020/11/AHA-Riggi-Senior-Advisor-for-Cyber-and-Risk-Bio-08102020.pdf" target="_blank">More on John Riggi</a></div><div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/guidesreports/2018-06-15-cybersecurity-and-risk-advisory-services" target="_blank">Learn more about AHA's Cybersecurity and Risk Advisory Services</a></div></div></div></div></div> Thu, 03 Apr 2025 15:40:09 -0500 H-ISAC: White Reports