HGN Alerts

Home HU DIS IntraHuman HGN News America HGN International HGN Financial HGN SouthWest NEW ORLEANS HU SHOPPING HGN White House HGN U.S. CONGRESS HGN Alerts HGN Editorial HGN Recalls/Safety HU Shalom 2 HU Shalom Medical HGN WEATHER HGN Nat'l Hazard HGN Hurricane HGN Marine Flood Data HGN Nat'l Radar HGN Voyage HGN Time Zone HGN Auto HU Gulf HU Canon NEWS ARCHIVES RELATED LINKS Rights/Privacy/Refunds CONTACT Foundation Page

"My people are destroyed for lack of knowledge...." Hosea 4:6-7

The natural, inalienable rights and legal rights of the citizenry to be accurately informed must not, by corruption, be perverted, lest that citizenry, acting on such perversion in their daily judgments, certainly suffer to their physical and spiritual detriment. ©2014 Edgar Rogers-Chairman 

 

hgn.news

HGNAlert

NATIONAL/GLOBAL/GALACTIC ALERTS AND EMERGENCY SITUATIONS

HGN News Journal™ "No Knowledge Hid That Won't Be Revealed"™

HGN News®    1974-2024©All Rights Reserved

"For nothing is secret, that shall not be made manifest; neither any thing hid, that shall not be known and come abroad."  Luke 8:17 

"Every government degenerates when trusted to the rulers of the people alone. And even under the best forms, those entrusted with power have, in time and by slow operations, perverted it into tyranny."                             Thomas Jefferson

"...without active protest and petition, there is no protection against corrupt government and a corrupt society."     Homer Rogers/Edgar Rogers


 

 

All information is as is provided by the entity so providing and the presentation here does not constitute any endorsement by HGN News or by that entity of HGN News.

HGN News “No Truth Hid That Won’t Be Revealed”™

 

 

 

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

01/02/2024 2:19 PM EST

Juniper released a security advisory to address multiple vulnerabilities affecting Juniper Secure Analytics. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the Juniper advisory JSA75636 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

01/03/2024 12:00 PM EST

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

  • CVE-2023-7024 Google Chromium WebRTC Heap Buffer Overflow Vulnerability
  • CVE-2023-7101 Spreadsheet::ParseExcel Remote Code Execution Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. 

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

This product is provided subject to this Notification and this Privacy & Use policy.

 

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

 

06/07/2023 02:30 PM EDT

CISA and FBI released a joint Cybersecurity Advisory (CSA) CL0P Ransomware Gang Exploits MOVEit Vulnerability in response to a recent vulnerability exploitation attributed to CL0P Ransomware Gang. This [joint guide] provides indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) identified through FBI investigations as recently as May this year. Additionally, it provides immediate actions to help reduce the impact of CL0P ransomware. 

The CL0P Ransomware Gang, also known as TA505, reportedly began exploiting a previously unknown SQL injection vulnerability in Progress Software's managed file transfer (MFT) solution known as MOVEit Transfer. Internet- facing MOVEit Transfer web applications were infected with a web shell named LEMURLOOT, which was then used to steal data from underlying MOVEit Transfer databases.

CISA and FBI encourage information technology (IT) network defenders to review the MOVEit Transfer Advisory and implement the recommended mitigations to reduce the risk of compromise. This joint CSA is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed TTPs and IOCs to help organizations protect against ransomware. Visit stopransomware.gov to see all #StopRansomware advisories and to learn more about other ransomware threats and no-cost resources.

This product is provided subject to this Notification and this Privacy & Use policy.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

 

06/07/2023 02:30 PM EDT

Mozilla has released security updates to address vulnerabilities for Firefox 114 and Firefox ESR 102.12. An attacker could exploit these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review Mozilla’s security advisories for Firefox 114 and Firefox ESR 102.12 for more information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

05/22/2023 09:37 AM EDT

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

High: vulnerabilities with a CVSS base score of 7.0–10.0
Medium: vulnerabilities with a CVSS base score of 4.0–6.9
Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

 

05/23/2023 08:00 AM EDT

Today, CISA, the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) published an updated version of the #StopRansomware Guide, as ransomware actors have accelerated their tactics and techniques since its initial release in 2020. The update incorporates lessons learned from the past two years and includes additional recommended actions, resources, and tools to maximize its relevancy and effectiveness and to further help reduce the prevalence and impacts of ransomware.

The #StopRansomware Guide serves as a one-stop resource to help organizations reduce the risk of ransomware incidents through best practices to detect, prevent, respond, and recover, including step-by-step approaches to address potential attacks. The authoring organizations recommend that entities review this joint guide to prepare and protect their facilities, personnel, and customers from the impacts of ransomware and data exfiltration. For more information and to access the latest resources about how to stop ransomware, please visit stopransomware.gov.

This joint guide was developed through the Joint Ransomware Task Force (JRTF), an interagency collaborative effort to reduce the prevalence and impact of ransomware attacks. JRTF was established by Congress in 2022 and is co-chaired by CISA and FBI. For additional information about the JRTF, please visit CISA's newly launched Joint Ransomware Task Force (JRTF) webpage.

This product is provided subject to this Notification and this Privacy & Use policy.

Offices of the United States Attorneys

 

05/16/2023 12:00 AM EDT

The Justice Department today unsealed two indictments charging a Russian national and resident with using three different ransomware variants to attack numerous victims throughout the United States, including law enforcement agencies in Washington, D.C. and New Jersey, as well as victims in healthcare and other sectors nationwide.

 

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

02/21/2023 01:34 PM EST

Original release date: February 21, 2023

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view other newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column—which will sort by descending dates.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

This product is provided subject to this Notification and this Privacy & Use policy.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

02/14/2023 02:30 PM EST

Original release date: February 14, 2023

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review Microsoft’s February 2023 Security Update Guide and Deployment Information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

 

02/14/2023 04:00 PM EST

Original release date: February 14, 2023

Mozilla has released security updates to address vulnerabilities in Firefox 110 and Firefox ESR. An attacker could exploit these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review Mozilla’s security advisories for Firefox 110 and Firefox ESR 102.8 for more information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

 

Adobe Releases Security Updates for Multiple Products
02/14/2023 04:30 PM EST

Original release date: February 14, 2023

Adobe has released security updates to address multiple vulnerabilities in Adobe software. An attacker can exploit these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

 

 

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

09/02/2022 10:00 AM EDT

Original release date: September 2, 2022

Mozilla has released security update to address a vulnerability in Thunderbird. An attacker could exploit this vulnerability to take control of an affected system.

CISA encourages users and administrators to review the Mozilla security advisory for Thunderbird 102.2.1 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

 

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

 

06/14/2022 02:53 PM EDT

Original release date: June 14, 2022

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review Microsoft’s June 2022 Security Update Summary and Deployment Information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

06/30/2022 01:00 PM EDT

Original release date: June 30, 2022

CISA, the Federal Bureau of Investigation (FBI), the Department of the Treasury (Treasury), and the Financial Crimes Enforcement Network (FinCEN) have released a joint Cybersecurity Advisory (CSA), #StopRansomware: MedusaLocker, to provide information on MedusaLocker ransomware. MedusaLocker actors target vulnerabilities in Remote Desktop Protocol (RDP) to access victims’ networks. Note: this joint #StopRansomware CSA is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors.

CISA, FBI, Treasury and FinCEN encourage network defenders to examine their current cybersecurity posture and apply the recommended mitigations in this joint CSA, which include:

  • Prioritize remediating known exploited vulnerabilities.
  • Train users to recognize and report phishing attempts.
  • Enable and enforce multifactor authentication.

See #StopRansomware: MedusaLocker to learn about MedusaLocker actors' tactics, techniques, and procedures and the recommended mitigations. Additionally, review the U.S. government resource StopRansomware.gov for more guidance on ransomware protection, detection, and response. 

This product is provided subject to this Notification and this Privacy & Use policy.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

You are subscribed to Cybersecurity Advisories for Cybersecurity and Infrastructure Security Agency. This information has recently been updated, and is now available.

05/16/2022 11:00 AM EDT

Original release date: May 16, 2022

The Apache Software Foundation has released a security advisory to address a vulnerability in multiple versions of Tomcat. An attacker could exploit this vulnerability to obtain sensitive information.  
 
CISA encourages users and administrators to review Apache’s security advisory and apply the necessary updates. 

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure TomorrowYou are

05/18/2022 09:00 AM EDT

Original release date: May 18, 2022

CISA and the Multi-State Information Sharing and Analysis Center (MS-ISAC) have released the joint Cybersecurity Advisory Threat Actors Exploiting F5 BIG-IP CVE-2022-1388 in response to active exploitation of CVE-2022-1388, which affects F5 Networks BIG-IP devices. The vulnerability allows an unauthenticated actor to gain control of affected systems via the management port or self-IP addresses.

CISA encourages users and administrators to review the joint advisory for detection methods and mitigations, which include updating F5 BIG-IP software, or, if unable to immediately update, applying temporary workarounds.  

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

04/18/2022 03:06 PM EDT

Original release date: April 18, 2022

CISA,  the Federal Bureau of Investigation (FBI), and the U.S. Treasury Department have released a joint Cybersecurity Advisory (CSA) that details cyber threats associated with cryptocurrency thefts and tactics used by a North Korean state-sponsored advanced persistent threat (APT) actor known as the Lazarus Group.  

CISA encourages organizations to review joint CSA: TraderTraitor: North Korean State-Sponsored APT Targets Blockchain Companies and apply the recommendations. 

 

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

05/13/2022 08:20 PM EDT

Original release date: May 13, 2022

CISA is temporarily removing CVE-2022-26925 from its Known Exploited Vulnerability Catalog due to a risk of authentication failures when the May 10, 2022 Microsoft rollup update is applied to domain controllers. After installing May 10, 2022 rollup update on domain controllers, organizations might experience authentication failures on the server or client for services, such as Network Policy Server (NPS), Routing and Remote access Service (RRAS), Radius, Extensible Authentication Protocol (EAP), and Protected Extensible Authentication Protocol (PEAP). Microsoft notified CISA of this issue, which is related to how the mapping of certificates to machine accounts is being handled by the domain controller.

For more information see the Microsoft Knowledge Base article, KB5014754—Certificate-based authentication changes on Windows domain controllers: Key Distribution Center registry key.

Note: installation of updates released May 10, 2022, on client Windows devices and non-domain controller Windows Servers will not cause this issue and is still strongly encouraged. This issue only affects May 10, 2022 updates installed on servers used as domain controllers. Organizations should continue to apply updates to client Windows devices and non-domain controller Windows Servers.

 

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

03/10/2022 12:37 PM EST

Original release date: March 10, 2022

CISA is aware of a privilege escalation vulnerability in Linux kernel versions 5.8 and later known as “Dirty Pipe” (CVE-2022-0847). A local attacker could exploit this vulnerability to take control of an affected system.

CISA encourages users and administrators to review (CVE-2022-0847) and update to Linux kernel versions 5.16.11, 5.15.25, and 5.10.102 or later.

This product is provided subject to this Notification and this Privacy & Use polic

 

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

Russian State-Sponsored Cyber Actors Access Network Misconfigured with Default MFA Protocols

03/15/2022 10:00 AM EDT
Original release date: March 15, 2022

CISA and the Federal Bureau of Investigation (FBI) have released a joint Cybersecurity Advisory that details how Russian state-sponsored cyber actors accessed a network with misconfigured default multifactor authentication (MFA) protocols. The actors then exploited a critical Windows Print Spooler vulnerability, “PrintNightmare” (CVE-2021-34527), to run arbitrary code with system privileges. The advisory provides observed tactics, techniques, and procedures, as well as indicators of compromise and mitigations to protect against this threat. 

CISA encourages users and administrators to review AA22-074A: Russian State-Sponsored Cyber Actors Gain Network Access by Exploiting Default Multifactor Authentication Protocols and “PrintNightmare” Vulnerability. For general information on Russian state-sponsored malicious cyber activity, see cisa.gov/Russia. For more information on the threat of Russian state-sponsored malicious cyber actors to U.S. critical infrastructure, as well as additional mitigation recommendations, see AA22-011A: Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure and cisa.gov/shields-up.

 

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

03/03/2022 12:22 PM EST

Original release date: March 3, 2022

The National Security Agency (NSA) has released a new Cybersecurity Technical Report (CTR): Network Infrastructure Security Guidance. The report captures best practices based on the depth and breadth of experience in supporting customers and responding to threats. Recommendations include perimeter and internal network defenses to improve monitoring and access controls throughout the network.

CISA encourages network architects, defenders, and administrators to review NSA’s Network Infrastructure Security Guidance as well as CISA’s recently published Layering Network Security Through Segmentation infographic for assistance in hardening networks against cyber threats.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

02/09/2022 09:00 AM EST

Original release date: February 9, 2022

CISA, the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), the Australian Cyber Security Centre (ACSC), and the United Kingdom’s National Cyber Security Centre (NCSC-UK) have released a joint Cybersecurity Advisory (CSA) highlighting a global increase in sophisticated, high-impact, ransomware incidents against critical infrastructure organizations in 2021. This CSA provides observed behaviors and trends as well as mitigation recommendations to help network defenders reduce their risk of compromise by ransomware.

CISA encourages users and administrators to review joint CSA: 2021 Trends Show Increased Globalized Threat of Ransomware and visit StopRansomware.gov for more information on protecting against and responding to ransomware attacks.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

02/07/2022 10:16 AM EST

Original release date: February 7, 2022

The Federal Bureau of Investigation (FBI) has released a Flash report detailing indicators of compromise (IOCs) associated with attacks, using LockBit 2.0, a Ransomware-as-a-Service that employs a wide variety of tactics, techniques, and procedures, creating significant challenges for defense and mitigation.

CISA encourages users and administrators to review the IOCs and technical details in FBI Flash CU-000162-MW and apply the recommend mitigations.

 

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

 

01/14/2022 10:18 AM EST
Original release date: January 14, 2022

Ivanti has updated its Log4j Advisory with security updates for multiple products to address CVE-2021-44228. An unauthenticated attacker could exploit this vulnerability to take control of an affected system.

CISA encourages users and administrators to review the Ivanti security advisories pages for Avalanche; File Director; and MobileIron Core, MobileIron Sentry (Core/Cloud), and MobileIron Core Connector and apply the necessary updates and workarounds.

This product is provided subject to this Notification and this Privacy & Use policy.

 

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

 

Microsoft Warns of Destructive Malware Targeting Ukrainian Organizations
01/16/2022 09:13 AM EST

Original release date: January 16, 2022

Microsoft has released a blog post on possible Master Boot Record (MBR) Wiper activity targeting Ukrainian organizations, including Ukrainian government agencies. According to Microsoft, powering down the victim device executes the malware, which overwrites the MBR with a ransom note; however, the ransom note is a ruse because the malware actually destroys the MBR and the targeted files.
 
CISA recommends network defenders review the Microsoft blog for tactics, techniques, and procedures, as well as indicators of compromise related to this activity. CISA additionally recommends network defenders review recent Cybersecurity Advisories and the CISA Insights, Preparing For and Mitigating Potential Cyber Threats.

 

 

 

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

You are subscribed to National Cyber Awareness System Current Activity for Cybersecurity and Infrastructure Security Agency. This information has recently been updated, and is now available.

01/11/2022 10:00 AM EST

Original release date: January 11, 2022

CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have released a joint Cybersecurity Advisory (CSA) that provides an overview of Russian state-sponsored cyber operations, including commonly observed tactics, techniques, and procedures. The CSA also provides detection actions, incident response guidance, and mitigations. CISA, the FBI, and NSA are releasing the joint CSA to help the cybersecurity community reduce the risk presented by Russian state-sponsored cyber threats.  

CISA, the FBI, and NSA encourage the cybersecurity community—especially critical infrastructure network defenders—to adopt a heightened state of awareness, conduct proactive threat hunting, and implement the mitigations identified in the joint CSA. CISA recommends network defenders review CISA's Russia Cyber Threat Overview and Advisories page for more information on Russian state-sponsored malicious cyber activity. CISA recommends critical infrastructure leaders review CISA Insights: Preparing For and Mitigating Potential Cyber Threats for steps to proactively strengthen their organization’s operational resiliency against sophisticated threat actors, including nation-states and their proxies. 

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

CISA Adds 15 Known Exploited Vulnerabilities to Catalog

01/10/2022 10:00 AM EST

Original release date: January 10, 2022

CISA has added 15 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise.

CVE Number CVE Title

Remediation
Due Date

CVE-2021-22017 VMware vCenter Server Improper Access Control Vulnerability 1/24/2022
CVE-2021-36260   Hikvision Improper Input Validation Vulnerability 1/24/2022
CVE-2021-27860 FatPipe WARP, IPVPN, and MPVPN Privilege Escalation vulnerability 1/24/2022
CVE-2020-6572 Google Chrome prior to 81.0.4044.92 Use-After-Free Vulnerability 7/10/2022
CVE-2019-1458 Microsoft Win32K Elevation of Privilege Vulnerability 7/10/2022
CVE-2013-3900 Microsoft WinVerify Trust Function Remote Code Execution Vulnerability 7/10/2022
CVE-2019-2725 Oracle WebLogic Server, Injection Vulnerability 7/10/2022
CVE-2019-9670 Synacor Zimbra Collaboration Suite Improper Restriction of XML External Entity Reference Vulnerability 7/10/2022
CVE-2018-13382 Fortinet FortiOS and FortiProxy Improper Authorization Vulnerability 7/10/2022
CVE-2018-13383 Fortinet FortiOS and FortiProxy Improper Authorization Vulnerability 7/10/2022
CVE-2019-1579 Palo Alto Networks PAN-OS Remote Code Execution Vulnerability     7/10/2022
CVE-2019-10149 Exim Mail Transfer Agent (MTA) Improper Input Validation Vulnerability 7/10/2022
CVE-2015-7450     IBM WebSphere Application Server and Server Hy Server Hypervisor Edition Remote Code Execution Vulnerability 7/10/2022
CVE-2017-1000486 Primetek Primefaces Application Remote Code Execution Vulnerability 7/10/2022
CVE-2019-7609 Elastic Kibana Remote Code Execution Vulnerability 7/10/2022

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise. BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the meet the specified criteria

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

01/07/2022 02:30 PM EST

Original release date: January 7, 2022

WordPress versions between 3.7 and 5.8 are affected by multiple vulnerabilities. Exploitation of some of these vulnerabilities could cause a denial of service condition.  

CISA encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 5.8.3.

This product is provided subject to this Notification and this Privacy & Use policy.

 

 

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

12/14/2021 01:17 PM EST

Original release date: December 14, 2021

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review Microsoft’s December 2021 Security Update Summary and Deployment Information and apply the necessary updates.

 

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

12/02/2021 05:43 PM EST

Original release date: December 2, 2021

CISA and the Federal Bureau of Investigation (FBI) have released a joint Cybersecurity Advisory identifying active exploitation of a vulnerability—CVE-2021-44077—in Zoho ManageEngine ServiceDesk Plus. CVE-2021-44077 is an unauthenticated remote code execution vulnerability that affects all ServiceDesk Plus versions up to, and including, version 11305. 

This vulnerability was addressed by the update released by Zoho on September 16, 2021 for ServiceDesk Plus versions 11306 and above. If left unpatched, successful exploitation of the vulnerability allows an attacker to upload executable files and place webshells that enable post-exploitation activities, such as compromising administrator credentials, conducting lateral movement, and exfiltrating registry hives and Active Directory files. Zoho has set up a security response plan center that provides additional details, a downloadable tool that can be run on potentially affected systems, and a remediation guide.

CISA encourages organizations to review the joint Cybersecurity Advisory and apply the recommended mitigations immediately.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

12/06/2021 01:58 PM EST

Original release date: December 6, 2021

CISA has released an Industrial Controls Systems (ICS) advisory detailing vulnerabilities in Distributed Data Systems WebHMI products. A remote attacker could exploit these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review ICS advisory ICSA-21-336-03 Distributed Data Systems WebHMI for more information and apply the necessary mitigations. 

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

12/06/2021 04:20 PM EST

Original release date: December 6, 2021

Zoho has released a security advisory to address an authentication bypass vulnerability in ManageEngine Desktop Central and Desktop Central MSP. An attacker could exploit this vulnerability to take control of an affected system. According to Zoho, this vulnerability is being actively exploited in the wild.

CISA encourages users and administrators to review the Zoho Vulnerability Notification and the Zoho ManageEngine Desktop Central and  ManageEngine Desktop Central MSP security advisories and apply the recommended mitigations immediately.

 

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

11/17/2021 09:00 AM EST

Original release date: November 17, 2021

CISA, the Federal Bureau of Investigation (FBI), the Australian Cyber Security Centre (ACSC), and the United Kingdom’s National Cyber Security Centre (NCSC)  have released a joint Cybersecurity Advisory highlighting ongoing malicious cyber activity by an advanced persistent threat (APT) group that FBI, CISA, ACSC, and NCSC assess is associated with the government of Iran.  FBI and CISA have observed this Iranian government-sponsored APT exploit Fortinet and Microsoft Exchange ProxyShell vulnerabilities to gain initial access to systems in advance of follow-on operations, which include deploying ransomware.

Joint Cybersecurity Advisory AA21-321A provides observed tactics and techniques, as well as indicators of compromise that FBI, CISA, ACSC, and NCSC assess are likely associated with this Iranian government-sponsored APT activity. FBI, CISA, ACSC, and NCSC urge critical infrastructure organizations to apply the recommendations listed in the advisory to mitigate risk of compromise from Iranian government-sponsored cyber actors. 

CISA also recommends reviewing its Iran Cyber Threat Overview and other Iran-related Advisories.

 

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

11/12/2021 10:13 AM EST

Original release date: November 12, 2021

VMware has released a security update to address a vulnerability in Tanzu Application Service for VMs. A remote attacker could exploit this vulnerability to cause a denial-of-service condition.

CISA encourages users and administrators to review VMware Security Advisory VMSA-2021-0026 and apply the necessary update.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

 

10/18/2021 10:00 PM EDT

Original release date: October 18, 2021

CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have released joint Cybersecurity Advisory (CSA): BlackMatter Ransomware.

Since July 2021, malicious cyber actors have used BlackMatter ransomware to target multiple U.S. critical infrastructure entities, including a U.S. Food and Agriculture Sector organization. Using an analyzed sample of BlackMatter ransomware and information from trusted third parties, this CSA provides cyber actor tactics, techniques, and procedures and outlines mitigations to improve ransomware protection, detection, and response.

To reduce the risk of BlackMatter ransomware, CISA, FBI, and NSA encourage organizations to implement the recommended mitigations in the joint CSA and visit StopRansomware.gov for more information on protecting against and responding to ransomware attacks.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

10/20/2021 10:55 AM EDT

Original release date: October 20, 2021

Google has released Chrome version 95.0.4638.54  for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

CISA encourages users and administrators to review the Chrome Release Note and apply the necessary update as soon as possible.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

10/21/2021 11:46 AM EDT

Original release date: October 21, 2021

Cisco has released security updates to address a vulnerability in IOS XE SD-WAN Software. An authenticated local attacker could exploit this vulnerability to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

CISA encourages users and administrators to review Cisco Advisory cisco-sa-sd-wan-rhpbE34A and apply the necessary updates.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

10/21/2021 03:36 PM EDT

Original release date: October 21, 2021

Critical Infrastructure (CI) owners and operators, and other users who obtain Coordinated Universal Time (UTC) from Global Positioning System (GPS) devices, should be aware of a GPS Daemon (GPSD) bug in GPSD versions 3.20 (released December 31, 2019) through 3.22 (released January 8, 2021). 
 
On October 24, 2021, Network Time Protocol (NTP) servers using bugged GPSD versions 3.20-3.22 may rollback the date 1,024 weeks—to March 2002—which may cause systems and services to become unavailable or unresponsive.  
 
CISA urges affected CI owners and operators to ensure systems—that use GPSD to obtain timing information from GPS devices—are using GPSD version 3.23 (released August 8, 2021) or newer.
 
For more information, see Keeping Track of Time: Network Time Protocol and a GPSD Bug.

 

10/14/2021 02:57 PM EDT

Original release date: October 14, 2021

CISA, the Federal Bureau of Investigation (FBI), the Environmental Protection Agency (EPA), and the National Security Agency (NSA) have released a joint Cybersecurity Advisory (CSA) that details ongoing cyber threats to U.S. Water and Wastewater Systems (WWS) Sector. This activity—which includes cyber intrusions leading to ransomware attacks—threatens the ability of WWS facilities to provide clean, potable water to, and effectively manage the wastewater of, their communities. The joint CSA provides extensive mitigations and resources to assist WWS Sector facilities in strengthening operational resilience and cybersecurity practices.

CISA has also released a Cyber Risks & Resources for the Water and Wastewater Systems Sector infographic that details both information technology and operational technology risks the WWS Sector faces and provides select resources.

 

 

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

 

10/15/2021 11:11 AM EDT

Original release date: October 15, 2021

The Apache Software Foundation has released a security advisory to address a vulnerability in multiple versions of Tomcat. An attacker could exploit this vulnerability to cause a denial of service condition.

CISA encourages users and administrators to review Apache’s security advisory for CVE-2021-42340 and apply the necessary updates.

 

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow
 

Colleagues,

CISA is pleased to announce the Public Safety Communications and Cyber Resiliency Toolkit has been updated to include new resources and can be found on the SAFECOM Technology Resources webpage cisa.gov/safecom/technology under “Communications and Cyber Resiliency.”

The Toolkit is a collection of resources for public safety agencies and others responsible for communications networks to assist with evaluating current resiliency capabilities, identifying ways to improve resiliency, and developing plans for mitigating the effects of potential resiliency threats. It is designed to be user-friendly and features an interactive graphic where topic specific system-based resources appear as building shapes (blue) and threats are cloud shapes (red).

Current topic areas include:

  • Alerts, Warnings, and Notifications (AWNs)
  • Cyber Incidents
  • Cybersecurity
  • Electromagnetic Pulse (EMP)
  • Jamming
  • Local Access Networks (LAN)
  • Next Generation 911 (NG911)
  • Positioning, Navigation, and Timing (PNT) Disruptions
  • Power
  • Priority Services
  • Ransomware
  • Resiliency Introduction
  • Site Hardening
  • Unmanned Aircraft Systems (UAS)

The Toolkit is expandable and maintained as a living site to allow for future resources and topic areas. Originally published in July 2020, the Toolkit has been refreshed and the updated version is now available. The enhanced version features 48 resources over 14 topic areas and includes not only CISA guidance, but also guidance from other trusted resources, such as the Association of Public-Safety Communications Officials (APCO), the Federal Communications Commission (FCC), and the National Institute of Standards and Technology (NIST). We are also unveiling a new look and feel designed to enhance the user experience.

I encourage you to share the Toolkit’s blog post and website link with your colleagues and others who might be interested in this document.

Thank you again for your continued support of this resource.

David J. Nolan
Branch Chief for Advanced Interoperable Technology
Nationwide Governance Sub-Division
Cybersecurity and Infrastructure Security Agency (CISA)

 

 

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

 

10/12/2021 12:56 PM EDT

Original release date: October 12, 2021

Apple has released a security update to address a vulnerability—CVE-2021-30883—in multiple products. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability has been detected in exploits in the wild.

CISA encourages users to review the Apple security page for iOS 15.0.2 and iPadOS 15.0.2 and apply the necessary updates as soon as possible.

 

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

09/21/2021 11:56 AM EDT

Original release date: September 21, 2021

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates:

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

08/18/2021 07:57 AM EDT

Original release date: August 18, 2021

Google has released Chrome version 92.0.4515.159 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

08/17/2021 07:36 AM EDT

Original release date: August 17, 2021

Apple has released a security update to address vulnerabilities in iCloud for Windows 12.5. An attacker could exploit these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the Apple security update and apply the necessary updates.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

08/18/2021 08:00 AM EDT

Original release date: August 18, 2021

Mozilla has released security updates to address vulnerabilities in Firefox 91.0.1 and Thunderbird 91.0.1. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review Mozilla Security Advisory 2021-37 and apply the necessary updates.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

08/17/2021 01:16 PM EDT

Original release date: August 17, 2021

CISA has released an Industrial Control Systems (ICS) advisory detailing a vulnerability affecting several versions of ThroughTek Kalay P2P Software Development Kit (SDK). A remote attacker could exploit this vulnerability to take control of an affected system.

CISA encourages users and administrators to review the ICS Advisory: ICSA-21-229-01 ThroughTek Kalay P2P SDK and the FireEye Mandiant blog: Mandiant Discloses Critical Vulnerability Affecting Millions of IoT Devices for more information and to apply the necessary update and mitigations.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

08/17/2021 10:39 AM EDT

Original release date: August 17, 2021

CISA released an Alert today on devices incorporating older versions of multiple BlackBerry QNX products affected by a BadAlloc vulnerability. A malicious actor could exploit this vulnerability to take control of an affected system or cause a denial-of-service condition. 

Because devices incorporating older versions of BlackBerry QNX products support critical infrastructure and national critical functions, CISA is strongly urging all organizations whose devices use affected QNX-based systems to immediately apply the mitigations provided in CISA Alert AA21-229A and Blackberry Advisory QNX-2021-001.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

08/18/2021 07:57 AM EDT

Original release date: August 18, 2021

Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates:

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

08/18/2021 12:30 AM EDT

Original release date: August 18, 2021

CISA has released the fact sheet Protecting Sensitive and Personal Information from Ransomware-Caused Data Breaches to address the increase in malicious cyber actors using ransomware to exfiltrate data and then threatening to sell or leak the exfiltrated data if the victim does not pay the ransom. These data breaches, often involving sensitive or personal information, can cause financial loss to the victim organization and erode customer trust.

The fact sheet provides information for organizations to use in preventing and responding to ransomware-caused data breaches. CISA encourages organizations to adopt a heightened state of awareness and implement the recommendations listed in this fact sheet to reduce their risk to ransomware and protect sensitive and personal information. Review StopRansomware.gov for additional ransomware resources.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

08/19/2021 08:09 AM EDT

Original release date: August 19, 2021

The Internet Systems Consortium (ISC) has released a security advisory that addresses a vulnerability affecting multiple versions of the ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit this vulnerability to cause a denial-of-service condition.

CISA encourages users and administrators to review ISC advisory CVE-2021-25218 and apply the necessary updates or workarounds.

 

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

08/12/2021 06:57 AM EDT

Original release date: August 12, 2021

Mozilla has released security updates to address vulnerabilities in Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the Mozilla Security Advisory for Thunderbird 91 and apply the necessary updates.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

08/12/2021 09:16 PM EDT

Original release date: August 12, 2021 | Last revised: August 13, 2021

Drupal has released security updates to address vulnerabilities that could affect versions 8.9, 9.1, and 9.2. An attacker could exploit these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review Drupal Security Advisory SA-CORE-2021-005 and apply the necessary updates.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

08/06/2021 07:06 AM EDT

Original release date: August 6, 2021

Pulse Secure has released Pulse Secure Connect system software version 9.1R12 to address multiple vulnerabilities an attacker could exploit to take control of an affected system.

CISA encourages users and administrators to review Pulse Secure’s Security Advisory SA44858 and apply the necessary update.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

08/10/2021 09:06 AM EDT

Original release date: August 10, 2021

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the Mozilla Security Advisory for Firefox 91 and Firefox ESR 78.13 and apply the necessary updates.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

08/10/2021 11:31 AM EDT

Original release date: August 10, 2021

Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates:

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

08/10/2021 07:37 AM EDT

Original release date: August 10, 2021

Intel has released security updates to address vulnerabilities multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the following Intel advisories and apply the necessary updates: 

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

08/10/2021 02:01 PM EDT

Original release date: August 10, 2021

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review Microsoft’s August 2021 Security Update Summary and Deployment Information and apply the necessary updates.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

08/10/2021 07:38 AM EDT

Original release date: August 10, 2021

SAP has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review SAP Security Notes for August 2021 and apply the necessary updates.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

08/10/2021 04:56 PM EDT

Original release date: August 10, 2021

Citrix has released a security update to address a vulnerability affecting Citrix ShareFile storage zones controller. An attacker can exploit this vulnerability to obtain access to sensitive information.

CISA recommends users and administrators review Citrix Security Bulletin CTX322787 and apply the necessary update.

 

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

08/03/2021 02:26 PM EDT

Original release date: August 3, 2021

CISA has released an Industrial Control Systems (ICS) advisory detailing multiple vulnerabilities in Swisslog Healthcare Translogic Pneumatic Tube Systems (PTS). An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the ICS Medical Advisory ICSMA-21-215-01 Swisslog Translogic PTS and apply the necessary updates and mitigations.

 

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

08/02/2021 04:14 PM EDT

Original release date: August 2, 2021 | Last revised: August 3, 2021

The National Security Agency (NSA) and CISA have released Kubernetes Hardening Guidance, a cybersecurity technical report detailing the complexities of securely managing Kubernetes—an open-source, container-orchestration system used to automate deploying, scaling, and managing containerized applications. 

This report describes the security challenges associated with setting up and securing a Kubernetes cluster, and presents hardening strategies to guide system administrators avoid common misconfigurations. 

CISA encourages users and administrators to ensure the security of applications by following the hardening guidance outlined in this report. 

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

07/30/2021 07:02 AM EDT

Original release date: July 30, 2021

The National Security Agency (NSA) has released an information sheet with guidance on securing wireless devices while in public for National Security System, Department of Defense, and Defense Industrial Base teleworkers, as well as the general public. This information sheet provides information on malicious techniques used by cyber actors to target wireless devices and ways to protect against it.

CISA encourages organization leaders, administrators, and users to review NSA’s guidance on Securing Wireless Devices in Public Settings and CISA’s Security Tip on Privacy and Mobile Device Apps for information on protecting devices and data.

 

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

07/30/2021 07:04 AM EDT

Original release date: July 30, 2021

CISA has announced the establishment of its Vulnerability Disclosure Policy (VDP) Platform for the federal civilian enterprise, which will allow the Federal Civilian Executive Branch to coordinate with the civilian security research community in a streamlined fashion. The VDP Platform provides a single, centrally managed website that agencies can leverage as the primary point of entry for intaking, triaging, and routing vulnerabilities disclosed by researchers. It enables researchers and members of the general public to find vulnerabilities in agency websites and submit reports for analysis.

This new platform allows agencies to gain greater insights into potential vulnerabilities, which will improve their cybersecurity posture. This approach also means  agencies no longer need to develop separate systems to enable vulnerability reporting  and triage of identified vulnerabilities, providing government-wide cost savings that CISA estimates at over $10 million.

For more details, see the blog post by CISA’s Executive Assistant Director for Cybersecurity, Eric Goldstein.

 

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

07/21/2021 06:37 AM EDT

Original release date: July 21, 2021

Apple has released security updates to address vulnerabilities in Safari 14.1.2 and iOS 14.7.

CISA encourages users and administrators to review the Apple security updates page and apply the necessary updates when available.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

 

07/21/2021 06:39 AM EDT

Original release date: July 21, 2021

Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates:

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

07/21/2021 06:35 AM EDT

Original release date: July 21, 2021

Google has released Chrome version 92.0.4515.107 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

07/21/2021 01:07 PM EDT
Original release date: July 21, 2021

The Homeland Security Systems Engineering and Development Institute, sponsored by the Department of Homeland Security and operated by MITRE, has released the 2021 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses list. The Top 25 uses data from the National Vulnerability Database (NVD) to compile the most frequent and critical errors that can lead to serious vulnerabilities in software. An attacker can often exploit these vulnerabilities to take control of an affected system, obtain sensitive information, or cause a denial-of-service condition.

CISA encourages users and administrators to review the Top 25 list and evaluate recommended mitigations to determine those most suitable to adopt.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

07/22/2021 10:01 AM EDT
Original release date: July 22, 2021

Cisco has released security updates to address multiple vulnerabilities in Intersight Virtual Appliance. An attacker could exploit these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

CISA encourages users and administrators to review Cisco Advisory cisco-sa-ucsi2-iptaclbp-L8Dzs8m8 and apply the necessary updates.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

07/22/2021 10:00 AM EDT

Original release date: July 22, 2021

Drupal has released security updates to address a critical third-party-library vulnerability that could affect Drupal 7,  8.9, 9.1, and 9.2. An attacker could exploit this vulnerability to take control of an affected system.

CISA encourages users and administrators to review the Drupal security advisory and apply the necessary updates.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

07/20/2021 07:12 AM EDT

Original release date: July 20, 2021

Protecting our Nation’s critical infrastructure is the responsibility of federal and state, local, tribal, and territorial (SLTT) governments and owners and operators of that infrastructure. The cybersecurity threats posed to the industrial control systems (ICS) that control and operate critical infrastructure are among the most significant and growing issues confronting our Nation.

To raise awareness of the risks to—and improve the cyber protection of—critical infrastructure, CISA and the Federal Bureau of Investigation (FBI) have released a Joint Cybersecurity Advisory as well as updates to five alerts and advisories. These alerts and advisories contain information on historical cyber-intrusion campaigns that have targeted ICS:

CISA urges critical infrastructure owners and operators to review the publications listed above and apply the mitigations in Joint CISA-FBI CSA AA21-201A: Gas Pipeline Intrusion Campaign, 2011-2013. CISA also encourages owners and operators to review AR-17-20045: Enhanced Analysis of Malicious Cyber Activity. These products contain threat actor tactics, techniques, and procedures (TTPs); technical indicators; and forensic analysis that critical infrastructure owners and operators can use to reduce their organizations’ exposure to cyber threats. Note: although these publications detail historical activity, the TTPs remain relevant to help network defenders protect against intrusions.

CISA encourages critical infrastructure owners and operators to report cyber incidents to CISA. Note: for information on the U.S. Department of State’s reward program for identifying persons who participate in the malicious cyber activities against U.S. critical infrastructure, see the U.S. Department of State press release.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

07/20/2021 06:50 AM EDT

Original release date: July 20, 2021

Oracle has released its Critical Patch Update for July 2021 to address 327 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the Oracle July 2021 Critical Patch Update and apply the necessary updates.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

07/20/2021 06:49 AM EDT

Original release date: July 20, 2021

Citrix has released security updates to address multiple vulnerabilities in Application Delivery Controller, Gateway, and SD-WAN WANOP Edition. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review Citrix Security Update CTX319135 and apply the necessary updates.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

07/14/2021 09:33 AM EDT

Original release date: July 14, 2021 | Last revised: July 19, 2021

Fortinet has released security advisory FG-IR-21-067 to address a use-after-free vulnerability in the FortiManager fgfmsd daemon. A use-after-free condition occurs when a program marks a section of memory as free but then subsequently tries to use that memory, which could result in a program crash. The use of previously freed memory in FortiManager fgfmsd daemon may allow a remote, unauthenticated attacker to execute arbitrary code as root. This occurs via sending a specifically crafted request to the fgfm port of the targeted device.

Note that FortiAnalyzer is only vulnerable where it supports FortiManager features that have been enabled, on specific hardware, with a very specific upgrade path.

CISA encourages users and administrators to review Fortinet security advisory FG-IR-21-067 and apply the necessary updates.

 

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

07/19/2021 07:23 AM EDT

Original release date: July 19, 2021

CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have observed increasingly sophisticated Chinese state-sponsored activity targeting U.S. political, economic, military, educational, and critical infrastructure personnel and organizations. In response:

CISA also encourages users and administrators to review the blog post, Safeguarding Critical Infrastructure against Threats from the People’s Republic of China, by CISA Executive Assistant Director Eric Goldstein and the China Cyber Threat Overview and Advisories webpage.

 


Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

07/13/2021 11:39 AM EDT

Original release date: July 13, 2021

CISA has created a webpage to provide information and guidance for the recent ransomware attack against Kaseya customers that include managed service providers (MSPs) and customers of those MSPs.

CISA encourages affected organizations to review Kaseya Ransomware Attack: Guidance for Affected MSPs and their Customers for more information.

 

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

07/15/2021 07:20 AM EDT

Original release date: July 15, 2021

The U.S. Government launched a new website to help public and private organizations defend against the rise in ransomware cases. StopRansomware.gov is a whole-of-government approach that gives one central location for ransomware resources and alerts. We encourage organizations to use this new website to understand the threat of ransomware, mitigate risk, and in the event of an attack, know what steps to take next.

The StopRansomware.gov webpage is an interagency resource that provides our partners and stakeholders with ransomware protection, detection, and response guidance that they can use on a single website. This includes ransomware alerts, reports, and resources from CISA, the FBI, and other federal partners.

We look forward to growing the information and resources on StopRansomware.gov and plan to partner with additional Federal Agencies who are working to curb the rise in ransomware.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

07/15/2021 02:52 PM EDT

Original release date: July 15, 2021

CISA is aware of threat actors actively targeting a known, previously patched, vulnerability in SonicWall Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life (EOL) 8.x firmware. Threat actors can exploit this vulnerability to initiate a targeted ransomware attack.

CISA encourages users and administrators to review the SonicWall security advisory and upgrade to the newest firmware or disconnect EOL appliances as soon as possible. Review the CISA Bad Practices webpage to learn more about bad cybersecurity practices, such as using EOL software, that are especially dangerous for organizations supporting designated Critical Infrastructure or National Critical Functions. 

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

07/16/2021 06:29 AM EDT

Original release date: July 16, 2021

Google has released Chrome version 91.0.4472.164 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. One of these vulnerabilities—CVE-2021-30563—has been detected in exploits in the wild.

CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates.

 

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

You are subscribed to National Cyber Awareness System Current Activity for Cybersecurity and Infrastructure Security Agency. This information has recently been updated, and is now available.

Cisco Releases Security Updates
07/16/2021 06:33 AM EDT

Original release date: July 16, 2021

Cisco has released security updates to address a vulnerability in Adaptive Security Appliance Software Release 9.16.1 and Firepower Threat Defense Software Release 7.0.0. A remote attacker could exploit this vulnerability to cause a denial of service condition.

CISA encourages users and administrators to review Cisco Advisory cisco-sa-asa-ftd-ipsec-dos-TFKQbgWC and apply the necessary updates.

 

 

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

07/08/2021 07:40 AM EDT

Original release date: July 8, 2021

Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

CISA encourages users and administrators to review the following Cisco advisories and apply the necessary updates:

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

 

07/08/2021 12:48 PM EDT

Original release date: July 8, 2021

CISA has released an analysis and infographic detailing the findings from the Risk and Vulnerability Assessments (RVAs) conducted in Fiscal Year (FY) 2020 across multiple sectors.

The analysis details a sample attack path a cyber threat actor could take to compromise an organization with weaknesses that are representative of those CISA observed in FY20 RVAs. The infographic provides a high-level snapshot of five potential attack paths and breaks out the most successful techniques for each tactic that the RVAs documented. Both the analysis and the infographic map threat actor behavior to the MITRE ATT&CK® framework.

CISA encourages network defenders to review the analysis and infographic and apply the recommended mitigations to protect against the observed tactics and techniques. For information on CISA RVAs and additional services, visit the CISA Cyber Resource Hub.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

 

07/07/2021 06:35 AM EDT

Original release date: July 7, 2021 | Last revised: July 8, 2021

CISA has published a new Malware Analysis Report (MAR) on DarkSide Ransomware and updated Alert AA21-131A: DarkSide Ransomware: Best Practices for Preventing Business Disruption from Ransomware Attacks, originally released May 11, 2021. This update adds indicators of compromise associated with a DarkSide ransomware variant that executes a dynamic-link library used to delete Volume Shadow copies available on the system.

CISA encourages users and administrators to review the following resources for more information:

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

 

07/06/2021 07:53 PM EDT

Original release date: July 6, 2021

Microsoft has released out-of-band security updates to address a remote code execution (RCE) vulnerability—known as PrintNightmare (CVE-2021-34527)—in the Windows Print spooler service. According to the CERT Coordination Center (CERT/CC), “The Microsoft Windows Print Spooler service fails to restrict access to functionality that allows users to add printers and related drivers, which can allow a remote authenticated attacker to execute arbitrary code with SYSTEM privileges on a vulnerable system.”

The updates are cumulative and contain all previous fixes as well as protections for CVE-2021-1675. The updates do not include Windows 10 version 1607, Windows Server 2012, or Windows Server 2016—Microsoft states updates for these versions are forthcoming. Note: According to CERT/CC, “the Microsoft update for CVE-2021-34527 only appears to address the Remote Code Execution (RCE via SMB and RPC) variants of the PrintNightmare, and not the Local Privilege Escalation (LPE) variant.” See CERT/CC Vulnerability Note VU #383432 for workarounds for the LPE variant.

CISA encourages users and administrators to review the Microsoft Security Updates as well as CERT/CC Vulnerability Note VU #383432 and apply the necessary updates or workarounds. For additional background, see CISA’s initial Current Activity on PrintNightmare.

 

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

07/06/2021 07:14 AM EDT

Original release date: July 6, 2021

CISA has released an Industrial Controls Systems (ICS) Medical Advisory detailing multiple vulnerabilities in multiple Philips Clinical Collaboration Platform Portal (officially registered as Vue PACS) products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the ICS medical advisory ICSMA-21-187-01 Philips Vue PACS and to apply the necessary updates or workarounds .

 

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

07/02/2021 04:44 PM EDT

Original release date: July 2, 2021

CISA is taking action to understand and address the recent supply-chain ransomware attack against Kaseya VSA and the multiple managed service providers (MSPs) that employ VSA software. CISA encourages organizations to review the Kaseya advisory and immediately follow their guidance to shutdown VSA servers. 

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

 

07/01/2021 07:16 AM EDT

Original release date: July 1, 2021

The National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and the UK’s National Cyber Security Centre (NCSC) have released Joint Cybersecurity Advisory (CSA): Russian GRU Conducting Global Brute Force Campaign to Compromise Enterprise and Cloud Environments.

The CSA provides details on the campaign, which is being conducted by the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS). The campaign uses a Kubernetes® cluster in brute force access attempts against the enterprise and cloud environments of government and private sector targets worldwide. After obtaining credentials via brute force, the GTsSS uses a variety of known vulnerabilities for further network access via remote code execution and lateral movement.

CISA strongly encourages users and administrators to review the Joint CSA for GTSS tactics, techniques, and procedures, as well as mitigation strategies.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

07/04/2021 12:29 PM EDT

Original release date: July 4, 2021

CISA and the Federal Bureau of Investigation (FBI) continue to respond to the recent supply-chain ransomware attack leveraging a vulnerability in Kaseya VSA software against multiple managed service providers (MSPs) and their customers. CISA and FBI strongly urge affected MSPs and their customers to follow the guidance below.

CISA and FBI recommend affected MSPs:

  • Contact Kaseya at support@kaseya.com with the subject “Compromise Detection Tool Request” to obtain and run Kaseya's Compromise Detection Tool available to Kaseya VSA customers. The tool is designed to help MSPs assess the status of their systems and their customers' systems.
  • Enable and enforce multi-factor authentication (MFA) on every single account that is under the control of the organization, and—to the maximum extent possible—enable and enforce MFA for customer-facing services.
  • Implement allowlisting to limit communication with remote monitoring and management (RMM) capabilities to known IP address pairs, and/or
  • Place administrative interfaces of RMM behind a virtual private network (VPN) or a firewall on a dedicated administrative network.

CISA and FBI recommend MSP customers affected by this attack take immediate action to implement the following cybersecurity best practices. Note: these actions are especially important for MSP customer who do not currently have their RMM service running due to the Kaseya attack.

CISA and FBI recommend affected MSP customers:

  • Ensure backups are up to date and stored in an easily retrievable location that is air-gapped from the organizational network;
  • Revert to a manual patch management process that follows vendor remediation guidance, including the installation of new patches as soon as they become available;
  • Implement:
    • Multi-factor authentication; and
    • Principle of least privilege on key network resources admin accounts.

Resources:

CISA and FBI provide these resources for the reader’s awareness.  CISA and FBI do not endorse any non-governmental entities nor guarantee the accuracy of the linked resources.

 

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

06/29/2021 06:27 AM EDT

Original release date: June 29, 2021

In a blog post by Executive Assistant Director (EAD) Eric Goldstein, CISA announced  the creation of a catalog to document bad cybersecurity practices that are exceptionally risky for any organization and especially dangerous for those supporting designated Critical Infrastructure or National Critical Functions.

While extensive guidance on cybersecurity “best practices” exists, additional perspective is needed. Ending the most egregious risks requires organizations to make a concerted effort to stop bad practices.

CISA encourages cybersecurity leaders and professionals to review EAD Goldstein’s blog post and the new Bad Practices webpage and to monitor the webpage for updates. CISA also encourages all organizations to engage in the necessary actions and critical conversations to address bad practices.

 

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

 

06/30/2021 05:32 PM EDT

Original release date: June 30, 2021

The CERT Coordination Center (CERT/CC) has released a VulNote for a critical remote code execution vulnerability in the Windows Print spooler service, noting: “while Microsoft has released an update for CVE-2021-1675, it is important to realize that this update does not address the public exploits that also identify as CVE-2021-1675.” An attacker can exploit this vulnerability—nicknamed PrintNightmare—to take control of an affected system.

CISA encourages administrators to disable the Windows Print spooler service in Domain Controllers and systems that do not print. Additionally, administrators should employ the following best practice from Microsoft’s how-to guides, published January 11, 2021: “Due to the possibility for exposure, domain controllers and Active Directory admin systems need to have the Print spooler service disabled. The recommended way to do this is using a Group Policy Object.” 

 

 

 

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

Chemical Security Quarterly  -  June 2021

CISA's New Chemical Security Associate Director

The Cybersecurity and Infrastructure Security Agency (CISA) has selected Kelly Murray to serve as the new Associate Director for Chemical Security. In this role, Kelly will oversee the Chemical Facility Anti-Terrorism Standards (CFATS) program, proposed Ammonium Nitrate Security Program, and voluntary chemical security initiatives. Kelly has been with CISA’s Chemical Security team since 2008, where she rose through the ranks, having served previously as a Section Chief and Branch Chief, and most recently as the Acting Deputy Associate Director for Chemical Security.

Kelly brings a wealth of knowledge and experience in chemical security to the position. Over the last 13 years, she has been integral not only to developing and implementing the CFATS program, but also to growing the extensive stakeholder relationships across CISA’s critical infrastructure partners.

Prior to joining the Department of Homeland Security, Kelly was a government consultant who worked with the Federal Emergency Management Agency on disaster recovery and reconstitution efforts after Hurricane Katrina. She also worked with the Department of Defense on exercises, mobility and logistics, and war plans.

Kelly earned a bachelor’s degree from Indiana University in mathematics with minors in Information Technology, Economics, and Spanish, and recently graduated from the Federal Executive Institute.

As Kelly assumes the Associate Director role, Todd Klessman will resume his role as the Deputy Associate Director for Chemical Security. If you have any questions, feel free to reach out to CFATS@hq.dhs.gov.

 
 

2021 Chemical Security Seminars

CISA's Chemical Security Seminars will take place December 1, 8, and 15 virtually on Microsoft Teams Live. Read more about this year's seminars below.

 

Transportation Worker Identification Credential Recommendations

CISA shared best practices concerning the use of Transportation Worker Identification Credentials (TWIC®). Read more about the best practices below.

 
 

CFATS Information Collection Requests

CISA recently published two notices in the Federal Register requesting approval to continue collection of information pertaining to the CFATS regulation. Read more about the notices below.


2021 Chemical Security Seminars

The Chemical Security Seminars, hosted by the Cybersecurity and Infrastructure Security Agency (CISA) in collaboration with the Chemical Sector Coordinating Council (SCC), will take place virtually via Microsoft Teams Live on December 1, 8, and 15 from 11:00am-3:00pm ET (8:00am-12:00pm PT). The Chemical Security Seminars are the signature industry event for representatives across the chemical and interconnected sectors—including energy, communications, transportation, and water—to learn, share perspectives, and engage in dialogue on chemical security. Event registration will be available in the weeks ahead.


Transportation Worker Identification Credential (TWIC®) Recommendations

CISA is committed to working with our stakeholders to protect the nation’s highest-risk chemical infrastructure. As part of our ongoing collaboration with the Transportation Security Administration (TSA), CISA shared best practices concerning the use of Transportation Worker Identification Credentials (TWIC®) with high-risk chemical facilities under the CFATS program that use visual verification to fulfill Risk-Based Performance Standard (RBPS) 12(iv) – Screening for Terrorist Ties. While facilities are authorized under the Protecting and Securing Chemical Facilities from Terrorist Attacks Act of 2014 (6 U.S.C. §§ 621-29) to visually verify TWIC® cards to comply with RBPS 12(iv), TSA and CISA strongly recommend electronic inspection of TWIC® cards. CISA is also aware that other facilities that are not currently high-risk under the CFATS program may also visually verify TWIC® cards.

To ensure that TWIC® cards are valid and up to date, TSA and CISA recommend that facilities:

  • Use the TWIC® Advanced Digital Visual Inspection Solution for Revocation (TWIC® ADVISR™) for Android™ and iOS devices. This mobile application is not a TWIC® card reader, but rather a downloadable application that uses the TWIC® Canceled Card List (CCL)to determine if a TWIC® card presented to the user is active or canceled.
  • If not using TWIC® ADVISR™, facilities can visually check that the TWIC® has not been cancelled against the CCL by visiting the Canceled Card Lists webpage and verifying that the Credential Identification Number (CIN) displayed on the back lower-left corner of the TWIC® is NOT listed on the CCL. The CCL list is updated every 24 hours. For more information on the CCL, please visit the TSA TWIC webpage.

CFATS Information Collection Requests

CISA has recently published two notices in the Federal Register requesting approval to continue collection of information pertaining to the CFATS regulation, as well as proposing several minor updates to reflect passage of the Cybersecurity and Infrastructure Security Act of 2018, 6 U.S.C. §§ 651-74, and a clearer description of the scope of each Information Collection Request (ICR). CISA is not proposing changes to the scope of what information is collected in either ICR.

  • On June 29, CISA published a corrective notice in the Federal Register (86 FR 34267) that corrected the instructions on how to submit comments, the length of time the comment period would be open, the number of comments received for the 60-day Federal Register notice, and the phone number for the point of contact to the 30-day notice (86 FR 32953) regarding Information Collection Request (ICR) 1670-0014. The 30-day notice solicited public comment on a revised ICR 1670-0014 that supports several efforts under the CFATS program, such as redeterminations, compliance assistance, and verifying information submitted on Top-Screens (i.e., sale of a facility or removal of COI), among others. The comment period closes on July 29, 2021, which is earlier than the previously published incorrect date of August 23, 2021.
  • On June 23, CISA issued a 60-day notice in the Federal Register (86 FR 32960) soliciting public comments on revised ICR 1670-0029, which supports CISA’s ability to collect information about certain individuals with, or seeking access to, restricted areas or critical assets at high risk chemical facilities for vetting against the Terrorism Screening Database (TSDB).

Visit the CFATS rulemaking webpage to view rules and Federal Register notices regarding CFATS and eCFR.gov to view all final rulemakings. If you have any questions, feel free to email CFATS@hq.dhs.gov.

Cyber Alert: Darkside Ransomware

CISA and the Federal Bureau of Investigation (FBI) released Cyber Alert (AA21-131A) DarkSide Ransomware: Best Practices for Preventing Business Disruption from Ransomware Attacks urging critical infrastructure asset owners and operators to adopt a heightened state of awareness and implement the recommendations listed in this advisory to help protect them against malicious activity.


New CISA Infrastructure Security Twitter Account

CISA’s Infrastructure Security Division is now on Twitter! Follow our new account at twitter.com/CISAInfraSec. We’ll be posting about new releases, reports, and updates related to infrastructure security.

 

CFATS Program Statistics

To date, CISA has received over 101,000 Top -Screen submissions from over 42,000 facilities. Of these, CFATS covers 3,298 facilities. Additionally, the program has completed 4,385 Authorization Inspections, 7,424 Compliance Inspections, and 9,246 Compliance Assistance Visits.

View monthly statistics on the CFATS Monthly Statistics webpage.

Practicing Good Cyber Hygiene

When it comes to cyber hygiene at CFATS regulated facilities, CISA wants to ensure facilities are meeting the RBPS standards. Among other things, cyber systems at chemical facilities control sensitive processes, grant authorized access, and enable business operations. Cyber hygiene requires facilities to think proactively about their cyber security posture so they can be able to resist cyber threats and mitigate online security issues. Good cyber hygiene habits help organizations to maintain strong and secure networks and stay safe online. It also enables them to make good decisions about their smart devices whether they are at home or work. 

In 2020, it was reported that 79% of organizations were hurt by their lack of cyber hygiene preparedness. Here are a few tips to help regulated facilities secure their critical business, physical security, and control systems:

  • Conduct regular cybersecurity awareness training with employees and contractors who work with cyber assets.
  • Implement password management protocols to enforce password structures, change all default passwords (where possible), and implement physical controls for cyber systems where changing default passwords is not technically feasible.
  • Maintain account access control utilizing the least privilege concept, maintain access control lists, and ensure that accounts with access to critical/sensitive data or processes are modified, deleted, or deactivated immediately when the user leaves or no longer requires access.
  • Require multifactor authentication to access critical business systems.
  • Double-check identity when accessing common cloud services.
  • Define allowable remote access, such as use of Virtual Private Networks (VPN) and firewalls as well as rules of behavior for remote access issues.
  • Regularly patch and update software for known vulnerabilities. Microsoft offers Patch Tuesday where they regularly release software patches for their software products.
  • Integrate backup power for all critical cyber systems should an emergency or incident occur.
  • Use network segmentation.
  • Inventory hardware and software on your network.
  • Secure company-issued and employee-owned devices- routers, phones, computers, and printers.

If a cybersecurity incident occurs at your facility, report it to CISA Central at central@cisa.gov.


Reminder: Complete Your Annual Audit

Under 6 C.F.R. § 27.225(e), facilities are required to conduct an annual audit of their approved security plan. The first audit should be completed within 12 months after Site Security Plan (SSP)/Alternative Security Plan (ASP) approval and subsequent audits should be completed annually thereafter. Periodically assessing the security measures in a facility’s security plan is a critical component in maintaining an effective security plan. A facility’s annual audit is a great time to:

  • Ensure the plan continues to meet its goals and is effective
  • Confirm that all the information is up to date
  • Identify any security gaps and corresponding mitigation measures
  • Review the implementation of planned measures
  • Review roles and responsibilities

Additionally, RBPS 18 – Records requires that facilities maintain documentation of the annual audit, including:

  • Date of the audit
  • Results of the audit
  • Name(s) of individuals who conducted the audit
  • Letter (or similar document) certified by the facility with the date that the audit was conducted

Download the RBPS 18 Sample Record (i.e., Record of SSP/ASP Audit) from the RBPS 18 – Records webpage.


 

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

06/30/2021 12:45 PM EDT

Original release date: June 30, 2021

CISA has released a new module in its Cyber Security Evaluation Tool (CSET): the Ransomware Readiness Assessment (RRA). CSET is a desktop software tool that guides network defenders through a step-by-step process to evaluate their cybersecurity practices on their networks. CSET—applicable to both information technology (IT) and industrial control system (ICS) networks—enables users to perform a comprehensive evaluation of their cybersecurity posture using many recognized government and industry standards and recommendations.

The RRA is a self-assessment based on a tiered set of practices to help organizations better assess how well they are equipped to defend and recover from a ransomware incident. CISA has tailored the RRA to varying levels of ransomware threat readiness to make it useful to all organizations regardless of their current cybersecurity maturity. The RRA:

  • Helps organizations evaluate their cybersecurity posture, with respect to ransomware, against recognized standards and best practice recommendations in a systematic, disciplined, and repeatable manner.
  • Guides asset owners and operators through a systematic process to evaluate their operational technology (OT) and information technology (IT) network security practices against the ransomware threat.
  • Provides an analysis dashboard with graphs and tables that present the assessment results in both summary and detailed form.

CISA strongly encourages all organizations to take the CSET Ransomware Readiness Assessment, available at https://github.com/cisagov/cset/.

Privacy & Use policy.

 

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

06/18/2021 07:05 AM EDT

Original release date: June 18, 2021

Google has released Chrome version 91.0.4472.114 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. One of these vulnerabilities—CVE-2021-30554—has been detected in exploits in the wild.

CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

 

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

06/15/2021 06:43 AM EDT

Original release date: June 15, 2021

Apple has released security updates to address vulnerabilities in iOS 12.5.4. An attacker could exploit these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the Apple security update and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

 

 

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

05/14/2021 10:00 AM EDT

Original release date: May 14, 2021

CISA has released an analysis report, AR21-134A Eviction Guidance for Networks Affected by the SolarWinds and Active Directory/M365 Compromise. The report provides detailed steps for affected organizations to evict the adversary from compromised on-premises and cloud environments.

Additionally, CISA has publicly issued Emergency Directive (ED) 21-01 Supplemental Direction Version 4: Mitigate SolarWinds Orion Code Compromise to all federal agencies that have—or had—networks that used affected versions of SolarWinds Orion and have evidence of follow-on threat actor activity.

Although the guidance in AR21-134A and ED 21-01 Supplemental Direction V.4 is tailored to federal agencies, CISA encourages critical infrastructure entities; state, local, territorial, and tribal government organizations; and private sector organizations to review and apply it, as appropriate.

Review the following resources for additional information:

Note: the U.S. Government attributes this activity to the Russian Foreign Intelligence Service (SVR). Additional information may be found in a statement from the White House and in the three Joint Cybersecurity Advisories summarized in the CISA Fact Sheet: Russian SVR Activities Related to SolarWinds Compromise.

This product is provided subject to this Notification and this Privacy & Use policy.

 

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

05/19/2021 12:41 PM EDT
Original release date: May 20, 2021

Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

CISA encourages users and administrators to review the following Cisco advisories and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy

 

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

05/19/2021 05:48 PM EDT

Original release date: May 19, 2021

CISA and the Federal Bureau of Investigation (FBI) have updated Joint Cybersecurity Advisory AA21-131A: DarkSide Ransomware: Best Practices for Preventing Disruption from Ransomware Attacks, originally released May 11, 2021. This update provides a downloadable STIX file of indicators of compromise (IOCs) to help network defenders find and mitigate activity associated with DarkSide ransomware. These IOCs were shared with critical infrastructure partners and network defenders on May 10, 2021.

CISA encourages users and administrators to review AA21-131A for more information.

 

This product is provided subject to this Notification and this Privacy & Use policy.

 

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

05/13/2021 05:27 PM EDT

Original release date: May 13, 2021

WordPress versions between 3.7 and 5.7.1 are affected by a security vulnerability. An attacker could exploit this vulnerability to take control of an affected system.

CISA encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 5.7.2.

This product is provided subject to this Notification and this Privacy & Use policy.

 

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

05/11/2021 07:53 PM EDT

Original release date: May 11, 2021

Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review Adobe’s Security Bulletins and apply the necessary updates. 

This product is provided subject to this Notification and this Privacy & Use policy.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

05/11/2021 07:43 PM EDT

Original release date: May 11, 2021

Citrix has released security updates to address a vulnerability in Citrix Workspace App for Windows. An attacker could exploit this vulnerability to take control of an affected system.

CISA encourages users and administrators to review Citrix Security Update CTX307794 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

 

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

 

05/11/2021 07:49 PM EDT

Original release date: May 11, 2021

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker can exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review Microsoft’s May 2021 Security Update Summary and Deployment Information and apply the necessary updates.  

This product is provided subject to this Notification and this Privacy & Use policy.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

05/11/2021 07:34 PM EDT

Original release date: May 11, 2021

Juniper Networks has released security updates to address multiple vulnerabilities in various Juniper products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review Juniper's 2021-05 Out-of-Cycle Security Bulletin and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

05/11/2021 01:42 PM EDT

Original release date: May 11, 2021

CISA and the Federal Bureau of Investigation (FBI) have released a Joint Cybersecurity Advisory (CSA) on a ransomware-as-a-service (RaaS) variant—referred to as DarkSide—recently used in a ransomware attack against a critical infrastructure (CI) company. 

Cybercriminal groups use DarkSide to gain access to a victim’s network to encrypt and exfiltrate data. These groups then threaten to expose data if the victim does not pay the ransom. Groups leveraging DarkSide have recently been targeting organizations across various CI sectors including manufacturing, legal, insurance, healthcare, and energy. 

Prevention is the most effective defense against ransomware. It is critical to follow best practices to protect against ransomware attacks, which can be devastating to an individual or organization and recovery may be a difficult process. In addition to the Joint CSA, CISA and FBI urge CI asset owners and operators to review the following resources for best practices on strengthening cybersecurity posture:

Victims of ransomware should report it immediately to CISA, a local FBI Field Office, or a Secret Service Field Office.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

05/11/2021 10:27 AM EDT

Original release date: May 11, 2021

Google has released Chrome version 90.0.4430.212 for Windows, Mac, and Linux.   This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates.

 

This product is provided subject to this Notification and this Privacy & Use policy.

 

 

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

05/04/2021 11:02 AM EDT

Original release date: May 4, 2021

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected device.

CISA encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

05/06/2021 09:04 AM EDT

Original release date: May 6, 2021

CISA is aware of a recent, successful cyberattack against an organization using a new ransomware variant, known as FiveHands, that has been used to successfully conduct a cyberattack against an organization.  

CISA has released AR21-126A: FiveHands Ransomware and MAR-10324784-1.v1: FiveHands Ransomware to provide analysis of the threat actor’s tactics, techniques, and procedures as well as indicators of compromise (IOCs).  These reports also provide CISA’s recommended mitigations for strengthening networks to protect against, detect, and respond to potential FiveHands ransomware attacks.

CISA encourages organizations to review AR21-126A and MAR-10324784.r1.v1 for more information.

This product is provided subject to this Notification and this Privacy & Use policy.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

05/06/2021 09:55 AM EDT

Original release date: May 6, 2021

Mozilla has released security updates to address vulnerabilities in Firefox. An attacker could exploit these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the Mozilla Security Advisory for Firefox 88.0.1 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

05/06/2021 09:53 AM EDT

Original release date: May 6, 2021

VMware has released a security update to address a vulnerability in VMware vRealize Business for Cloud. A remote attacker could exploit this vulnerability to take control of an affected system.

CISA encourages users and administrators to review VMware Security Advisory VMSA-2021-0007 and apply the necessary update.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

05/06/2021 04:04 PM EDT

Original release date: May 6, 2021

Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

CISA encourages users and administrators to review the following Cisco advisories and apply the necessary updates:

•    Cisco SD-WAN vManage Software Vulnerabilities cisco-sa-sd-wan-vmanage-4TbynnhZ
•    Cisco HyperFlex HX Command Injection Vulnerabilities cisco-sa-hyperflex-rce-TjjNrkpR
•    Cisco SD-WAN Software vDaemon Denial of Service Vulnerability cisco-sa-sdwan-dos-Ckn5cVqW
•    Cisco SD-WAN vEdge Software Buffer Overflow Vulnerabilities cisco-sa-sdwan-buffover-MWGucjtO
•    Cisco SD-WAN vManage Software Authentication Bypass Vulnerability cisco-sa-sdw-auth-bypass-65aYqcS2
•    Cisco Small Business 100, 300, and 500 Series Wireless Access Points Vulnerabilities cisco-sa-sb-wap-multi-ZAfKGXhF
•    Cisco Enterprise NFV Infrastructure Software Command Injection Vulnerability cisco-sa-nfvis-cmdinj-DkFjqg2j
•    Cisco Unified Communications Manager IM & Presence Service SQL Injection Vulnerabilities cisco-sa-imp-inj-ereCOKjR
•    Cisco AnyConnect Secure Mobility Client for Windows DLL and Executable Hijacking Vulnerabilities cisco-sa-anyconnect-code-exec-jR3tWTA6

This product is provided subject to this Notification and this Privacy & Use policy.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

05/07/2021 11:46 AM EDT

Original release date: May 7, 2021

Exim has released a security update to address multiple vulnerabilities in Exim versions prior to 4.94.2. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the Exim 4.94.2 update page and apply the necessary update. CISA also encourages users and administrators to review Center for Internet Security Advisory 2021-064 for more information.  

This product is provided subject to this Notification and this Privacy & Use policy.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

 

05/03/2021 12:19 PM EDT
Original release date: May 3, 2021

Ivanti has released a security update to address vulnerabilities affecting Pulse Connect Secure (PCS) software outlined in CVE-2021-22893. An attacker could exploit these vulnerabilities to gain system access and take control of an affected system. In response, CISA released AA21-110A: Exploitation of Pulse Connect Secure Vulnerabilities on April 20 and added detection information on April 30.  

CISA strongly encourages customers using Ivanti Pulse Connect Secure appliances to review the blog post and apply the necessary updates. For additional information, CISA recommends reviewing the following resources and tools below.  

This product is provided subject to this Notification and this Privacy & Use policy.

 

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

04/30/2021 10:07 AM EDT

Original release date: April 30, 2021

CISA has updated Alert AA21-110A: Exploitation of Pulse Connect Secure Vulnerabilities, originally released April 20. This update adds a new Detection section providing information on Impossible Travel and Transport Layer Security (TLS) Fingerprinting that may be useful in identifying malicious activity.

CISA encourages users and administrators to review the following resources for more information:

This product is provided subject to this Notification and this Privacy & Use policy.

 

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

04/20/2021 01:22 PM EDT

Original release date: April 20, 2021

Oracle has released its Critical Patch Update for April 2021 to address 384 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the Oracle April 2021 Critical Patch Update and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

 

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

 

04/20/2021 09:59 AM EDT

Original release date: April 20, 2021

Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker can exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the Mozilla Security Advisories for Firefox 88, Firefox ESR 78.10, and Thunderbird 78.10, and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure TomorrowYou are

04/20/2021 10:00 AM EDT

Original release date: April 20, 2021

VMware has released a security update to address a vulnerability affecting NSX-T. An attacker can exploit this vulnerability to take control of an affected system

CISA encourages users and administrators to review VMSA-2021-0006 and apply the necessary update and workaround.

This product is provided subject to this Notification and this Privacy & Use policy.

 

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

 

04/02/2021 09:35 AM EDT

Original release date: April 2, 2021

The Federal Bureau of Investigation (FBI) and CISA have released a Joint Cybersecurity Advisory (CSA) to warn users and administrators of the likelihood that advanced persistent threat (APT) actors are actively exploiting known Fortinet FortiOS vulnerabilities CVE-2018-13379, CVE-2020-12812, and CVE-2019-5591. APT actors may use these vulnerabilities or other common exploitation techniques to gain initial access to multiple government, commercial, and technology services. Gaining initial access pre-positions the APT actors to conduct future attacks.

CISA encourages users and administrators to review Joint CSA AA21-092A: APT Actors Exploit Vulnerabilities to Gain Initial Access for Future Attacks and implement the recommended mitigations.

This product is provided subject to this Notification and this Privacy & Use policy.

 

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

 

03/26/2021 04:40 PM EDT

Original release date: March 26, 2021

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected device. 

CISA encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates. 

•    watchOS 7.3.3
•    iOS 12.5.2 
•    iOS 14.4.2 and iPadOS 14.4.2 

This product is provided subject to this Notification and this Privacy & Use policy.

 

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

03/15/2021 11:31 AM EDT

Original release date: March 15, 2021

Google has released Chrome version 89.0.4389.90 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

03/13/2021 11:07 AM EST

Original release date: March 13, 2021

CISA has added seven Malware Analysis Reports (MARs) to Alert AA21-062A: Mitigate Microsoft Exchange Server Vulnerabilities. Each MAR identifies a webshell associated with exploitation of the vulnerabilities in Microsoft Exchange Server products. After successful exploiting a Microsoft Exchange Server vulnerability for initial accesses, a malicious cyber actors can upload a webshell to enable remote administration of the affected system.

In addition to the MARs, CISA added information on ransomware activity associated with exploitation of the Exchange Server products, including DearCry ransomware.

CISA encourages users and administrators to review the following resources for more information.

This product is provided subject to this Notification and this Privacy & Use policy.

 

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

 

03/08/2021 07:31 PM EST

Original release date: March 8, 2021

CISA has published a Remediating Microsoft Exchange Vulnerabilities web page that strongly urges all organizations to immediately address the recent Microsoft Exchange Server product vulnerabilities. As exploitation of these vulnerabilities is widespread and indiscriminate, CISA strongly advises organizations follow the guidance laid out in the web page. The guidance provides specific steps for both leaders and IT security staff and is applicable for all sizes of organizations across all sectors.

This product is provided subject to this Notification and this Privacy & Use policy.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

 

03/09/2021 09:54 AM EST
Original release date: March 9, 2021

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

03/09/2021 02:15 PM EST

Original release date: March 9, 2021

Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

 

03/09/2021 05:38 PM EST

Original release date: March 9, 2021

SAP has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. 

CISA encourages users and administrators to review the SAP Security Notes for March 2021 and apply the necessary updates. 

This product is provided subject to this Notification and this Privacy & Use policy.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

03/09/2021 09:48 AM EST

Original release date: March 9, 2021

Since December 2020, CISA has been responding to a significant cybersecurity incident involving an advanced persistent threat (APT) actor targeting networks of multiple U.S. government agencies, critical infrastructure entities, and private sector organizations. The APT actor added malicious code to multiple versions of the SolarWinds Orion platform and leveraged it—as well as other techniques, including—for initial access to enterprise networks. After gaining persistent, invasive access to select organizations’ enterprise networks, the APT actor targeted their federated identity solutions and their Active Directory/M365 environments. CISA has published two new resources on the follow-on activity from this compromise:

CISA encourages affected organizations to review and apply the necessary guidance in the Remediating Networks Affected by the SolarWinds and Active Directory/M365 Compromise web page and CISA Insights. For general information on CISA’s response to SolarWinds Orion compromise activity, refer to www.cisa.gov/supply-chain-compromise.

 

This product is provided subject to this Notification and this Privacy & Use policy.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

 

03/10/2021 09:31 AM EST

Original release date: March 10, 2021

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker can exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review Microsoft’s March 2021 Security Update Summary
and Deployment Information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

03/10/2021 01:51 PM EST

Original release date: March 10, 2021

F5 has released a security advisory to address remote code execution (RCE) vulnerabilities—CVE-2021-22986, CVE-2021-22987—impacting BIG-IP and BIG-IQ devices. An attacker could exploit these vulnerabilities to take control of an affected system.

CISA encourages users and administrators review the F5 advisory and install updated software as soon as possible.

This product is provided subject to this Notification and this Privacy & Use policy.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

03/10/2021 02:51 PM EST

Original release date: March 10, 2021

CISA and the Federal Bureau of Investigation (FBI) have released a Joint Cybersecurity Advisory (CSA) to address recently disclosed vulnerabilities in Microsoft Exchange Server. CISA and FBI assess that adversaries could exploit these vulnerabilities to compromise networks, steal information, encrypt data for ransom, or even execute a destructive attack.

The CSA places the malicious cyber actor activity observed in the current Microsoft Exchange Server compromise into the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework.

CISA recommends organizations to review Joint CSA: AA-21-069 Compromise of Microsoft Exchange Server as well as the CISA Remediating Microsoft Exchange Vulnerabilities web page for guidance on detecting, protecting against, and remediating this malicious activity.

 

This product is provided subject to this Notification and this Privacy & Use policy.

 

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

 

02/18/2021 10:29 AM EST

Original release date: February 18, 2021

Cisco has released security updates to address a vulnerability in Cisco AnyConnect Secure Mobility Client. An attacker could exploit this vulnerability to take control of an affected system.

CISA encourages users and administrators to review Cisco Security Advisory cisco-sa-anyconnect-dll-hijac-JrcTOQMC and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

02/03/2021 08:10 AM EST

Original release date: February 3, 2021

Google has released Chrome version 88.0.4324.146 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that that an attacker could exploit to take control of an affected system.

CISA encourages users and administrators to review the Chrome Release and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

02/02/2021 11:00 AM EST

Original release date: February 2, 2021 | Last revised: February 3, 2021

CISA is aware of a vulnerability in SonicWall Secure Mobile Access (SMA) 100 series products. SMA 100 series products provide an organization’s employees with remote access to internal resources. SonicWall security and engineering teams have confirmed a zero-day vulnerability that was reported by a third-party threat research team on Sunday, January 31, 2021. This vulnerability impacts only SMA 100 series devices with firmware version 10.x, and SonicWall has released a patch that should be applied immediately to avoid potential exploitation.  

CISA encourages users and administrators to review the SonicWall security advisory and apply the necessary update as soon as possible. CISA also encourages users and administrators to monitor the SonicWall advisory for updates as new information becomes available.

As a risk-reduction measure, CISA recommends organizations implement multi-factor authentication on all virtual private network connections.  

This product is provided subject to this Notification and this Privacy & Use policy.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

02/04/2021 07:29 AM EST

Original release date: February 4, 2021

Cisco has released security updates to address vulnerabilities in Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the following Cisco Advisories and apply the necessary updates. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

This product is provided subject to this Notification and this Privacy & Use policy.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

02/05/2021 09:01 AM EST
Original release date: February 5, 2021

The National Cyber Investigative Joint Task Force (NCIJTF) has released a joint-sealed ransomware factsheet to address current ransomware threats and provide information on prevention and mitigation techniques. The Ransomware Factsheet was developed by an interagency group of subject matter experts from more than 15 government agencies to increase awareness of the ransomware threats to police and fire departments; state, local, tribal, and territorial governments; and critical infrastructure entities.

To reduce the risk of public and private sector organizations falling victim to common infection vectors like those outlined in the NCIJTF factsheet, CISA launched the Reduce the Risk of Ransomware Campaign in January to provide informational resources to support organizations’ cybersecurity and data protection posture against ransomware.

CISA encourages users and administrators to review the NCIJTF Ransomware Factsheet and CISA’s Ransomware webpage for additional resources to combat ransomware attacks.

This product is provided subject to this Notification and this Privacy & Use policy.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

02/05/2021 09:36 AM EST

Original release date: February 5, 2021

Google has released Chrome Version 88.0.4324.150 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take control of an affected system.

CISA encourages users and administrators to review the Chrome Release and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

 

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

02/02/2021 11:00 AM EST

Original release date: February 2, 2021

CISA is aware of a vulnerability in SonicWall Secure Mobile Access (SMA) 100 series products. SMA 100 series products provide an organization’s employees with remote access to internal resources. SonicWall security and engineering teams have confirmed a zero-day vulnerability that was reported by a third-party threat research team on Sunday, January 31, 2021. This vulnerability impacts only SMA 100 series devices with firmware version 10.x, and SonicWall is working on a patch that is expected to be released by end of day Tuesday, February 2, 2021.  

Earlier reports about other zero-day vulnerabilities remain unconfirmed and are still under investigation.

CISA encourages users and administrators to review the SonicWall security advisory and apply the necessary mitigations and patches when they become available. CISA also encourages users and administrators to monitor the SonicWall advisory for updates as new information becomes available.

As a risk-reduction measure, CISA recommends organizations implement multi-factor authentication on all virtual private network connections.  

This product is provided subject to this Notification and this Privacy & Use policy.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

02/02/2021 07:31 AM EST

Original release date: February 2, 2021

Apple has released security updates to address vulnerabilities in macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the Apple security update and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

02/02/2021 07:30 AM EST

Original release date: February 2, 2021

Sudo has released an advisory addressing a heap-based buffer overflow vulnerability—CVE-2021-3156—affecting sudo legacy versions 1.8.2 through 1.8.31p2 and stable versions 1.9.0 through 1.9.5p1. Sudo is a utility included in many Unix- and Linux-based operating systems that allows a user to run programs with the security privileges of another user. An attacker could exploit this vulnerability to take control of an affected system.

CISA encourages users and administrators to update to sudo version 1.9.5p2, refer to vendors for available patches, and review the following resources for additional information.

This product is provided subject to this Notification and this Privacy & Use policy.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

01/12/2021 10:04 AM EST

Original release date: January 12, 2021

SAP has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the SAP Security Notes for January 2021 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

1/12/2021 10:22 AM EST

Original release date: January 12, 2021

The National Security Agency (NSA) Cybersecurity Directorate has released its 2020 Year in Review, outlining key milestones and mission outcomes achieved during NSA Cybersecurity’s first full year of existence. Highlights include NSA Cybersecurity’s contributions to the 2020 elections, Operation Warp Speed, and the Department of Defense’s pandemic-influenced transition to telework.

For further details on those and other accomplishments, CISA encourages users and administrators to read the NSA Cybersecurity 2020 Year in Review.

This product is provided subject to this Notification and this Privacy & Use policy.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

01/12/2021 10:07 AM EST

Original release date: January 12, 2021

Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

01/12/2021 10:15 AM EST

Original release date: January 12, 2021

Mozilla has released a security update to address a vulnerability in Thunderbird. An attacker could exploit this vulnerability to take control of an affected system.  

CISA encourages users and administrators to review the Mozilla Security Advisory for Thunderbird 78.6.1 and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

01/12/2021 03:35 PM EST

Original release date: January 12, 2021

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker can exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review Microsoft’s January 2021 Security Update Summary and Deployment Information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

Attackers Exploit Poor Cyber Hygiene to Compromise Cloud Security Environments

Original release date: January 13, 2021

CISA is aware of several recent successful cyberattacks against various organizations’ cloud services. Threat actors used a variety of tactics and techniques, including phishing and brute force logins, to attempt to exploit weaknesses in cloud security practices.

In response, CISA has released Analysis Report AR21-013A: Strengthening Security Configurations to Defend Against Attackers Targeting Cloud Services which provides technical details and indicators of compromise to help detect and respond to potential attacks.

CISA encourages users and administrators to review AR21-013A and apply the recommendations to strengthen cloud environment configurations.

This product is provided subject to this Notification and this Privacy & Use policy.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

01/14/2021 08:25 AM EST

Original release date: January 14, 2021

Cisco has released security updates to address vulnerabilities in Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities see the Cisco Security Advisories page.

CISA encourages users and administrators to review the following Cisco Advisories and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

01/14/2021 08:23 AM EST

Original release date: January 14, 2021

Juniper Networks has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to cause take control of an affected system.

CISA encourages users and administrators to review the Juniper Networks security advisories page and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

01/14/2021 08:30 AM EST

Original release date: January 14, 2021

Microsoft has released a security advisory to address a remote code execution vulnerability, CVE-2021-1647, in Microsoft Defender. A remote attacker can exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild.

CISA encourages users and administrators to review Microsoft Advisory for CVE-2021-1647 and apply the necessary updates. 

This product is provided subject to this Notification and this Privacy & Use policy.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure TomorrowYou are

01/15/2021 10:43 AM EST

Original release date: January 15, 2021

The Apache Software Foundation has released a security advisory to address a vulnerability affecting multiple versions of Apache Tomcat. An attacker could exploit this vulnerability to obtain sensitive information.   

CISA encourages users and administrators to review the Apache security advisory for CVE-2021-24122 and upgrade to the appropriate version.  

This product is provided subject to this Notification and this Privacy & Use policy.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

01/15/2021 04:00 PM EST

Original release date: January 15, 2021

The National Security Agency (NSA) has released an information sheet with guidance on adopting encrypted Domain Name System (DNS) over Hypertext Transfer Protocol over Transport Layer Security (HTTPS), referred to as DNS over HTTPS (DoH). When configured appropriately, strong enterprise DNS controls can help prevent many initial access, command and control, and exfiltration techniques used by threat actors.

CISA encourages enterprise owners and administrators to review the NSA Info Sheet: Adopting Encrypted DNS in Enterprise Environments and consider implementing the recommendations to enhance DNS security.

This product is provided subject to this Notification and this Privacy & Use policy.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

01/21/2021 07:13 AM EST

Original release date: January 21, 2021

CISA and the CERT Coordination Center (CERT/CC) are aware of multiple vulnerabilities affecting Dnsmasq version 2.82 and prior. Dnsmasq is a widely-used, open-source software that provides Domain Name Service forwarding and caching and is common in Internet-of-Things (IoT) and other embedded devices. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and vendors of IoT and embedded devices that use Dnsmasq to review CERT/CC VU#434904 and CISA ICSA-21-019-01 21 for more information and to apply the necessary update. Refer to vendors for appropriate patches, when available.

This product is provided subject to this Notification and this Privacy & Use policy.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure TomorrowYou are s

01/21/2021 07:15 AM EST

Original release date: January 21, 2021

Drupal has released security updates to address a vulnerability affecting Drupal. An attacker could exploit this vulnerability to take control of an affected system.

CISA encourages users and administrators to review Drupal Advisory SA-CORE-2021-001 and apply the necessary updates or mitigations.

This product is provided subject to this Notification and this Privacy & Use policy.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

01/21/2021 07:10 AM EST

Original release date: January 21, 2021

Oracle has released its Critical Patch Update for January 2021 to address 329 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the Oracle January 2021 Critical Patch Update and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

01/21/2021 07:16 AM EST

Original release date: January 21, 2021

Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

CISA encourages users and administrators to review the following Cisco Advisories and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

01/21/2021 07:12 AM EST

Original release date: January 21, 2021

Google has released Chrome version 88.0.4324.96 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

CISA encourages users and administrators to review the Chrome Release and apply the necessary updates.

 

This product is provided subject to this Notification and this Privacy & Use policy.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

 

01/26/2021 05:17 PM EST

Original release date: January 26, 2021

The Federal Trade Commission (FTC) has released information on scammers attempting to impersonate the FTC. The scammers operate an FTC-spoofed website that claims to provide instant cash payments and tries to trick consumers into disclosing their financial information. The real FTC does not require such information and scammers can use this information to steal consumers’ money and identities.

CISA encourages consumers to review the FTC blog post and CISA’s Security Tips on Avoiding Social Engineering and Phishing Attacks and Preventing and Responding to Identity Theft.

This product is provided subject to this Notification and this Privacy & Use policy.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

01/27/2021 08:53 AM EST

Original release date: January 27, 2021

Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users to review the Apple security pages for the following products and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

01/27/2021 09:06 AM EST

Original release date: January 27, 2021

Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review Mozilla Security Advisories for Firefox 85, Firefox ESR 78.7, and Thunderbird 78.7 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

01/27/2021 07:43 AM EST

Original release date: January 27, 2021

CISA has released a malware analysis report on Supernova malware affecting unpatched SolarWinds Orion software. The report contains indicators of compromise (IOCs) and analyzes several malicious artifacts. Supernova is not part of the SolarWinds supply chain attack described in Alert AA20-352A.

CISA encourages users and administrators to review Malware Analysis Report MAR-10319053-1.v1 and the SolarWinds advisory for more information on Supernova.

This product is provided subject to this Notification and this Privacy & Use policy.

 

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

01/11/2021 01:16 PM EST
Original release date: January 11, 2021

Microsoft has released a security update to address multiple vulnerabilities in Edge (Chromium-based). An attacker could exploit some of these vulnerabilities to take control of an affected system.  

CISA encourages users and administrators to review the latest entry for Microsoft Security Advisory ADV200002 and apply the necessary updates. 

This product is provided subject to this Notification and this Privacy & Use policy.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

01/07/2021 11:13 AM EST

Original release date: January 7, 2021

Google has released Chrome version 87.0.4280.141 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

CISA encourages users and administrators to review the Chrome Release and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

 

01/07/2021 11:17 AM EST

Original release date: January 7, 2021

Mozilla has released security updates to address a vulnerability in Firefox, Firefox for Android, and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system.  

CISA encourages users and administrators to review the Mozilla Security Advisory and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

01/08/2021 10:09 AM EST

Original release date: January 8, 2021

The Multi-State Information Sharing and Analysis Center (MS-ISAC) has released an advisory on a vulnerability in Zyxel firewalls and AP controllers. A remote attacker could exploit this vulnerability to take control of an affected system.

CISA encourages users and administrators to review the MS-ISAC Advisory 2021-001 and Zyxel Security Advisory for CVE-2020-29583 and apply the necessary updates and mitigation recommendations.

This product is provided subject to this Notification and this Privacy & Use policy.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

01/08/2021 01:13 PM EST

Original release date: January 8, 2021

CISA has evidence of post-compromise advanced persistent threat (APT) activity in the cloud environment. Specifically, CISA has seen an APT actor using compromised applications in a victim’s Microsoft 365 (M365)/Azure environment and using additional credentials and Application Programming Interface (API) access to cloud resources of private and public sector organizations. This activity is in addition to what has been previously detailed in AA20-352A.

In response, CISA has released AA21-008A: Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments to describe this malicious APT activity and offer guidance on three open-source tools—including a CISA-developed tool, Sparrow, released on December 24. Network defenders can use these tools to help detect and remediate malicious APT actor activity as part of the ongoing supply chain compromise.

CISA strongly encourages users and administrators to review the Activity Alert for additional information and detection countermeasures.

This product is provided subject to this Notification and this Privacy & Use policy.

 

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

01/05/2021 05:18 PM EST

Original release date: January 5, 2021

The National Security Agency (NSA) has released a Cybersecurity Information (CSI) sheet on eliminating obsolete Transport Layer Security (TLS) configurations. The information sheet identifies strategies to detect obsolete cipher suites and key exchange mechanisms, discusses recommended TLS configurations, and provides remediation recommendations for organizations using obsolete TLS configurations.

CISA encourages administrators and users to review NSA's CSI sheet on Eliminating Obsolete TLS Protocol Configurations for more information.

This product is provided subject to this Notification and this Privacy & Use policy.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

01/06/2021 01:20 PM EST

Original release date: January 6, 2021

CISA has released Emergency Directive (ED) 21-01 Supplemental Guidance version 3: Mitigate SolarWinds Orion Code Compromise, providing guidance that supersedes Required Action 4 of ED 21-01 and Supplemental Guidance versions 1 and 2.

  • Federal agencies without evidence of adversary follow-on activity on their networks that accept the risk of running SolarWinds Orion in their enterprises should rebuild or upgrade, in compliance with hardening steps outlined in the Supplemental Guidance, to at least SolarWinds Orion Platform version 2020.2.1 HF2. The National Security Agency (NSA) examined this version and verified it eliminates the previously identified malicious code. This version also includes updates to fix un-related vulnerabilities, including vulnerabilities that SolarWinds has publicly disclosed.
  • Federal agencies with evidence of follow-on threat actor activity on their networks should keep their affected versions disconnected, conduct forensic analysis, and consult with CISA before rebuilding or reimaging affected platforms and host operating systems.

The updated supplemental guidance also includes forensic analysis and reporting requirements.

CISA has also updated AA20-352A: Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations, originally released December 17, 2020. This update includes new information on initial access vectors, updated mitigation recommendations, and new indicators of compromise (IOCs).

Although the Emergency Directive only applies to Federal Civilian Executive Branch agencies, CISA encourages state and local governments, critical infrastructure entities, and other private sector organizations to review CISA Emergency Directive 21-01 - Supplemental Guidance v.3 for recommendations on operating the SolarWinds Orion Platform. Review the following resources for additional information on the SolarWinds Orion compromise.

This product is provided subject to this Notification and this Privacy & Use policy.

 

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

12/24/2020 07:19 PM EST

Original release date: December 24, 2020

CISA has created a free tool for detecting unusual and potentially malicious activity that threatens users and applications in an Azure/Microsoft O365 environment. The tool is intended for use by incident responders and is narrowly focused on activity that is endemic to the recent identity- and authentication-based attacks seen in multiple sectors.

CISA strongly encourages users and administrators to visit the following GitHub page for additional information and detection countermeasures.

This product is provided subject to this Notification and this Privacy & Use policy.

 

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

12/23/2020 12:55 PM EST

Original release date: December 23, 2020

CISA is tracking a known compromise involving SolarWinds Orion products that are currently being exploited by a malicious actor. An advanced persistent threat (APT) actor is responsible for compromising the SolarWinds Orion software supply chain, as well as widespread abuse of commonly used authentication mechanisms. If left unchecked, this threat actor has the resources, patience, and expertise to resist eviction from compromised networks and continue to hold affected organizations at risk.

In response to this threat, CISA has issued CISA Insights: What Every Leader Needs to Know About the Ongoing APT Cyber Activity. This CISA Insights provides information to leaders on the known risk to organizations and actions that they can take to prioritize measures to identify and address these threats.

CISA has also created a new Supply Chain Compromise webpage to consolidate the many resources—including Emergency Directive (ED) 21-01 and Activity Alert AA20-352A: Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations—that we have released on this compromise. CISA will update the webpage to include partner resources that are of value to the cyber community.

To read the latest CISA Insights, visit CISA.gov/insights. For more information on the SolarWinds Orion software compromise, visit CISA.gov/supply-chain-compromise.

This product is provided subject to this Notification and this Privacy & Use policy.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

12/16/2020 01:42 PM EST
Original release date: December 16, 2020

Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system.  

CISA encourages users and administrators to review the Mozilla Security Advisories for Firefox 84, Firefox ESR 78.6, and Thunderbird 78.6 and apply the necessary updates.  

This product is provided subject to this Notification and this Privacy & Use policy.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

12/17/2020 09:54 PM EST
Original release date: December 17, 2020

The National Security Agency (NSA) has released a cybersecurity advisory on detecting abuse of authentication mechanisms. This advisory describes tactics, techniques, and procedures used by malicious cyber actors to access protected data in the cloud and provides guidance on defending against and detecting such activity.

CISA encourages users and administrators to review the NSA cybersecurity advisory and CISA Activity Alert AA20-352A and take the appropriate mitigation actions.

This product is provided subject to this Notification and this Privacy & Use policy.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

12/19/2020 02:29 PM EST
Original release date: December 19, 2020

CISA has updated AA20-352A: Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations, originally released December 17. This update states that CISA has evidence of, and is currently investigating, initial access vectors in addition to those attributed to the SolarWinds Orion supply chain compromise. This update also provides new mitigation guidance and revises the indicators of compromise table; it also includes a downloadable STIX file of the IOCs.

In addition, CISA has released supplemental guidance to Emergency Directive (ED) 21-01, providing new information on affected versions, new guidance for agencies using third-party service providers, and additional clarity on required actions.

CISA encourages users and administrators to review the following resources for additional information on the SolarWinds Orion compromise.

This product is provided subject to this Notification and this Privacy & Use policy.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

12/15/2020 11:54 AM EST

Original release date: December 15, 2020

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

Active Exploitation of SolarWinds Software

12/13/2020 10:23 PM EST

Original release date: December 13, 2020

The Cybersecurity and Infrastructure Security Agency (CISA) is aware of active exploitation of SolarWinds Orion Platform software versions 2019.4 through 2020.2.1, released between March 2020 and June 2020.

CISA encourages affected organizations to read the SolarWinds and FireEye advisories for more information and FireEye’s GitHub page for detection countermeasures:

This product is provided subject to this Notification and this Privacy & Use policy.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

12/11/2020 11:04 AM EST

Original release date: December 11, 2020

Cisco has released security updates to address vulnerabilities in Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Cisco Security Advisory cisco-sa-jabber-ZktzjpgO and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

Alert (AA20-345A)

Cyber Actors Target K-12 Distance Learning Education to Cause Disruptions and Steal Data

Original release date: December 10, 2020

Summary

This Joint Cybersecurity Advisory was coauthored by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC).

The FBI, CISA, and MS-ISAC assess malicious cyber actors are targeting kindergarten through twelfth grade (K-12) educational institutions, leading to ransomware attacks, the theft of data, and the disruption of distance learning services. Cyber actors likely view schools as targets of opportunity, and these types of attacks are expected to continue through the 2020/2021 academic year. These issues will be particularly challenging for K-12 schools that face resource limitations; therefore, educational leadership, information technology personnel, and security personnel will need to balance this risk when determining their cybersecurity investments.

Click here for a PDF version of this report.

Technical Details

As of December 2020, the FBI, CISA, and MS-ISAC continue to receive reports from K-12 educational institutions about the disruption of distance learning efforts by cyber actors.

Ransomware

The FBI, CISA, and MS-ISAC have received numerous reports of ransomware attacks against K-12 educational institutions. In these attacks, malicious cyber actors target school computer systems, slowing access, and—in some instances—rendering the systems inaccessible for basic functions, including distance learning. Adopting tactics previously leveraged against business and industry, ransomware actors have also stolen—and threatened to leak—confidential student data to the public unless institutions pay a ransom.

According to MS-ISAC data, the percentage of reported ransomware incidents against K-12 schools increased at the beginning of the 2020 school year. In August and September, 57% of ransomware incidents reported to the MS-ISAC involved K-12 schools, compared to 28% of all reported ransomware incidents from January through July.

The five most common ransomware variants identified in incidents targeting K-12 schools between January and September 2020—based on open source information as well as victim and third-party incident reports made to MS-ISAC—are Ryuk, Maze, Nefilim, AKO, and Sodinokibi/REvil.

Malware

Figure 1 identifies the top 10 malware strains that have affected state, local, tribal, and territorial (SLTT) educational institutions over the past year (up to and including September 2020). Note: These malware variants are purely opportunistic as they not only affect educational institutions but other organizations as well.

ZeuS and Shlayer are among the most prevalent malware affecting K-12 schools.

  • ZeuS is a Trojan with several variants that targets Microsoft Windows operating systems. Cyber actors use ZeuS to infect target machines and send stolen information to command-and-control servers.
  • Shlayer is a Trojan downloader and dropper for MacOS malware. It is primarily distributed through malicious websites, hijacked domains, and malicious advertising posing as a fake Adobe Flash updater. Note: Shlayer is the only malware of the top 10 that targets MacOS; the other 9 affect Microsoft Windows operating systems

Figure 1: Top 10 malware affecting SLTT educational institutions

 
Distributed Denial-of-Service Attacks

Cyber actors are causing disruptions to K-12 educational institutions—including third-party services supporting distance learning—with distributed denial-of-service (DDoS) attacks,  which temporarily limit or prevent users from conducting daily operations. The availability of DDoS-for-hire services provides opportunities for any motivated malicious cyber actor to conduct disruptive attacks regardless of experience level. Note: DDoS attacks overwhelm servers with a high level of internet traffic originating from many different sources, making it impossible to mitigate at a single source.

Video Conference Disruptions

Numerous reports received by the FBI, CISA, and MS-ISAC since March 2020 indicate uninvited users have disrupted live video-conferenced classroom sessions. These disruptions have included verbally harassing students and teachers, displaying pornography and/or violent images, and doxing meeting attendees (Note: doxing is the act of compiling or publishing personal information about an individual on the internet, typically with malicious intent). To enter classroom sessions, uninvited users have been observed:

  • Using student names to trick hosts into accepting them into class sessions, and
  • Accessing meetings from either publicly available links or links shared with outside users (e.g., students sharing links and/or passwords with friends).

Video conference sessions without proper control measures risk disruption or compromise of classroom conversations and exposure of sensitive information.

Additional Risks and Vulnerabilities

In addition to the recent reporting of distance learning disruptions received by the FBI, CISA, and MS-ISAC, malicious cyber actors are expected to continue seeking opportunities to exploit the evolving remote learning environment.

Social Engineering

Cyber actors could apply social engineering methods against students, parents, faculty, IT personnel, or other individuals involved in distance learning. Tactics, such as phishing, trick victims into revealing personal information (e.g., password or bank account information) or performing a task (e.g., clicking on a link). In such scenarios, a victim could receive what appears to be legitimate email that:

  • Requests personally identifiable information (PII) (e.g., full name, birthdate, student ID),
  • Directs the user to confirm a password or personal identification number (PIN),
  • Instructs the recipient to visit a website that is compromised by the cyber actor, or
  • Contains an attachment with malware.

Cyber actors also register web domains that are similar to legitimate websites in an attempt to capture individuals who mistype URLs or click on similar looking URLs. These types of attacks are referred to as domain spoofing or homograph attacks. For example, a user wanting to access www.cottoncandyschool.edu could mistakenly click on www.cottencandyschool.edu (changed “o” to an “e”) or www.cottoncandyschoo1.edu (changed letter “l” to a number “1”) (Note: this is a fictitious example to demonstrate how a user can mistakenly click and access a website without noticing subtle changes in website URLs). Victims believe they are on a legitimate website when, in reality, they are visiting a site controlled by a cyber actor.

Technology Vulnerabilities and Student Data

Whether as collateral for ransomware attacks or to sell on the dark web, cyber actors may seek to exploit the data-rich environment of student information in schools and education technology (edtech) services. The need for schools to rapidly transition to distance learning likely contributed to cybersecurity gaps, leaving schools vulnerable to attack. In addition, educational institutions that have outsourced their distance learning tools may have lost visibility into data security measures. Cyber actors could view the increased reliance on—and sharp usership growth in—these distance learning services and student data as lucrative targets.

Open/Exposed Ports

The FBI, CISA, and MS-ISAC frequently see malicious cyber actors exploiting exposed Remote Desktop Protocol (RDP) services to gain initial access to a network and, often, to manually deploy ransomware. For example, cyber actors will attack ports 445 (Server Message Block [SMB]) and 3389 (RDP) to gain network access. They are then positioned to move laterally throughout a network (often using SMB), escalate privileges, access and exfiltrate sensitive information, harvest credentials, or deploy a wide variety of malware. This popular attack vector allows cyber actors to maintain a low profile, as they are using a legitimate network service that provides them with the same functionality as any other remote user.

End-of-Life Software

End-of-Life (EOL) software is regularly exploited by cyber actors—often to gain initial access, deface websites, or further their reach in a network. Once a product reaches EOL, customers no longer receive security updates, technical support, or bug fixes. Unpatched and vulnerable servers are likely to be exploited by cyber actors, hindering an organization’s operational capacity.

Mitigations

Plans and Policies

The FBI and CISA encourage educational providers to maintain business continuity plans—the practice of executing essential functions through emergencies (e.g., cyberattacks)—to minimize service interruptions. Without planning, provision, and implementation of continuity principles, institutions may be unable to continue teaching and administrative operations. Evaluating continuity and capability will help identify potential operational gaps. Through identifying and addressing these gaps, institutions can establish a viable continuity program that will help keep them functioning during cyberattacks or other emergencies. The FBI and CISA suggest K-12 educational institutions review or establish patching plans, security policies, user agreements, and business continuity plans to ensure they address current threats posed by cyber actors.

Network Best Practices

  • Patch operating systems, software, and firmware as soon as manufacturers release updates.
  • Check configurations for every operating system version for educational institution-owned assets to prevent issues from arising that local users are unable to fix due to having local administration disabled.
  • Regularly change passwords to network systems and accounts and avoid reusing passwords for different accounts.
  • Use multi-factor authentication where possible.
  • Disable unused remote access/RDP ports and monitor remote access/RDP logs.
  • Implement application and remote access allow listing to only allow systems to execute programs known and permitted by the established security policy.
  • Audit user accounts with administrative privileges and configure access controls with least privilege in mind.
  • Audit logs to ensure new accounts are legitimate.
  • Scan for open or listening ports and mediate those that are not needed.
  • Identify critical assets such as student database servers and distance learning infrastructure; create backups of these systems and house the backups offline from the network.
  • Implement network segmentation. Sensitive data should not reside on the same server and network segment as the email environment.
  • Set antivirus and anti-malware solutions to automatically update; conduct regular scans.

User Awareness Best Practices

  • Focus on awareness and training. Because end users are targeted, make employees and students aware of the threats—such as ransomware and phishing scams—and how they are delivered. Additionally, provide users training on information security principles and techniques as well as overall emerging cybersecurity risks and vulnerabilities.
  • Ensure employees know who to contact when they see suspicious activity or when they believe they have been a victim of a cyberattack. This will ensure that the proper established mitigation strategy can be employed quickly and efficiently.
  • Monitor privacy settings and information available on social networking sites.

Ransomware Best Practices

The FBI and CISA do not recommend paying ransoms. Payment does not guarantee files will be recovered. It may also embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities. However, regardless of whether your organization decided to pay the ransom, the FBI urges you to report ransomware incidents to your local FBI field office. Doing so provides the FBI with the critical information they need to prevent future attacks by identifying and tracking ransomware attackers and holding them accountable under U.S. law.

In addition to implementing the above network best practices, the FBI and CISA also recommend the following:

  • Regularly back up data, air gap, and password protect backup copies offline.
  • Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, secure location.

Denial-of-Service Best Practices

  • Consider enrolling in a denial-of-service mitigation service that detects abnormal traffic flows and redirects traffic away from your network.
  • Create a partnership with your local internet service provider (ISP) prior to an event and work with your ISP to control network traffic attacking your network during an event.
  • Configure network firewalls to block unauthorized IP addresses and disable port forwarding.

Video-Conferencing Best Practices

  • Ensure participants use the most updated version of remote access/meeting applications.
  • Require passwords for session access.
  • Encourage students to avoid sharing passwords or meeting codes.
  • Establish a vetting process to identify participants as they arrive, such as a waiting room.
  • Establish policies to require participants to sign in using true names rather than aliases.
  • Ensure only the host controls screensharing privileges.
  • Implement a policy to prevent participants from entering rooms prior to host arrival and to prevent the host from exiting prior to the departure of all participants.

Edtech Implementation Considerations

  • When partnering with third-party and edtech services to support distance learning, educational institutions should consider the following:
  • The service provider’s cybersecurity policies and response plan in the event of a breach and their remediation practices:
    • How did the service provider resolve past cyber incidents? How did their cybersecurity practices change after these incidents?
  • The provider’s data security practices for their products and services (e.g., data encryption in transit and at rest, security audits, security training of staff, audit logs);
  • The provider’s data maintenance and storage practices (e.g., use of company servers, cloud storage, or third-party services);
  • Types of student data the provider collects and tracks (e.g., PII, academic, disciplinary, medical, biometric, IP addresses);
  • Entities to whom the provider will grant access to the student data (e.g., vendors);
  • How the provider will use student data (e.g., will they sell it to—or share it with—third parties for service enhancement, new product development, studies, marketing/advertising?);
  • The provider’s de-identification practices for student data; and
  • The provider’s policies on data retention and deletion.

Malware Defense

Table 1 identifies CISA-created Snort signatures, which have been successfully used to detect and defend against related attacks, for the malware variants listed below. Note: the listing is not fully comprehensive and should not be used at the exclusion of other detection methods.

Table 1: Malware signatures


Malware Signature
NanoCore  

Cerber

 
Kovter  
Dridex  

Contact Information

To report suspicious or criminal activity related to information found in this Joint Cybersecurity Advisory, contact your local FBI field office at www.fbi.gov/contact-us/field. When available, please include the following information regarding the incident: date, time, and location of the incident; type of activity; number of people affected; type of equipment used for the activity; the name of the submitting organization; and a designated point of contact.

To request incident response resources or technical assistance related to these threats, contact CISA at Central@cisa.gov.

Resources

MS-ISAC membership is open to employees or representatives from all public K-12 education entities in the United States. The MS-ISAC provides multiple cybersecurity services and benefits to help K-12 education entities increase their cybersecurity posture. To join, visit https://learn.cisecurity.org/ms-isac-registration.

Note: contact your local FBI field office (www.fbi.gov/contact-us/field) for additional FBI products on ransomware, edtech, and cybersecurity for educational institutions.

Revisions

Initial Version: December 10, 2020

 

 

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

 

12/10/2020 12:23 PM EST

Original release date: December 10, 2020

Adobe has released security updates to address a vulnerability in Acrobat and Reader. An attacker could exploit this vulnerability to obtain sensitive information.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Adobe Security Bulletin APSB20-75 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

 

12/09/2020 09:07 AM EST

Original release date: December 9, 2020

The Australian Cyber Security Centre (ACSC) has launched a new cyber security campaign encouraging all Australians to protect themselves against online threats. The initial focus of the campaign is ransomware threats, and the ACSC provides easy-to-follow security advice at cyber.gov.au to help Australians act now and stay secure.  

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the official ACSC campaign announcement for more information and to consult CISA’s ransomware page for additional guidance and resources.  

This product is provided subject to this Notification and this Privacy & Use policy.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

 

12/09/2020 09:12 AM EST

Original release date: December 9, 2020

The United Kingdom (UK) National Cyber Security Centre (NCSC) has launched a new cyber security campaign encouraging the public to adopt six behaviors to stay safe online.

The six Cyber Aware behaviors recommended by the NSCS are:

  1. Use a separate password for your email
  2. Create strong passwords using three random words
  3. Save your passwords in your browser
  4. Turn on multi-factor authentication
  5. Update your devices
  6. Back up your data

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the official NCSC website as well as CISA’s Tips page for more information and additional resources.
 

This product is provided subject to this Notification and this Privacy & Use policy.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

12/07/2020 07:41 AM EST

Original release date: December 7, 2020

Cisco has released a security advisory on an Arbitrary Code Execution vulnerability—CVE-2020-3556—affecting Cisco AnyConnect Secure Mobility Client devices. A remote attacker could exploit this vulnerability to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Cisco Security Advisory and apply the necessary updates or workarounds.

This product is provided subject to this Notification and this Privacy & Use policy.

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

12/08/2020 09:38 AM EST

Original release date: December 8, 2020

SAP has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. These include a missing authentication check vulnerability affecting SAP NetWeaver AS JAVA (P2P Cluster Communication).

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the