Current Activity

CISA, in partnership with UK National Cyber Security Centre (NCSC) and other U.S. and international partners released the joint advisory, SVR Cyber Actors Adapt Tactics for Initial Cloud Access. This advisory provides recent tactics, techniques, and procedures (TTPs) used by Russian Foreign Intelligence Service (SVR) cyber actors—also known as APT29, the Dukes, CozyBear, and NOBELIUM/Midnight Blizzard—to gain initial access into a cloud environment.

The authoring agencies encourage network defenders and organizations review the joint advisory for recommended mitigations. For more information on APT29, see joint CSA Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally or visit CISA’s Russia Cyber Threat Overview and Advisories page. For more guidance on cloud security best practices, see CISA’s Secure Cloud Business Applications (SCuBA) Project.

Today, CISA, the Environmental Protection Agency (EPA), and the Federal Bureau of Investigation (FBI) updated the joint fact sheet Top Cyber Actions for Securing Water Systems. This update includes additional resources—from American Water Works Association, the WaterISAC, and MS-ISAC—to support water systems in defending against from malicious cyber activity. 

The fact sheet outlines the following practical actions Water and Wastewater Systems (WWS) Sector entities can take to better protect water systems from malicious cyber activity and provides actionable guidance to implement concurrently:

• Reduce Exposure to the Public-Facing Internet
• Conduct Regular Cybersecurity Assessments
• Change Default Passwords Immediately
• Conduct an Inventory of Operational Technology/Information Technology Assets
• Develop and Exercise Cybersecurity Incident Response and Recovery Plans
• Backup OT/IT Systems
• Reduce Exposure to Vulnerabilities
• Conduct Cybersecurity Awareness Training

CISA, EPA, and FBI urge all WWS Sector and critical infrastructure organizations to review the fact sheet and implement the actions to improve resilience to cyber threat activity. Organizations can visit cisa.gov/water for additional sector tools, information, and resources.

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2024-1709 ConnectWise ScreenConnect Authentication Bypass Vulnerability
  • CISA urges organizations to review the ConnectWise Security Bulletin and apply the necessary updates: ConnectWise ScreenConnect 23.9.8 security fix  

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

CISA released one Industrial Control Systems (ICS) advisory on February 22, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-24-053-01 Delta Electronics CNCSoft-B DOPSoft

CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations.

Today, CISA, the Environmental Protection Agency (EPA), and the Federal Bureau of Investigation (FBI) released the joint fact sheet Top Cyber Actions for Securing Water Systems. This fact sheet outlines the following practical actions Water and Wastewater Systems (WWS) Sector entities can take to better protect water systems from malicious cyber activity and provides actionable guidance to implement concurrently:

• Reduce Exposure to the Public-Facing Internet
• Conduct Regular Cybersecurity Assessments
• Change Default Passwords Immediately
• Conduct an Inventory of Operational Technology/Information Technology Assets
• Develop and Exercise Cybersecurity Incident Response and Recovery Plans
• Backup OT/IT Systems
• Reduce Exposure to Vulnerabilities
• Conduct Cybersecurity Awareness Training

CISA, EPA, and FBI urge all WWS Sector and critical infrastructure organizations to review the fact sheet and implement the actions to improve resilience to cyber threat activity. Organizations can visit cisa.gov/water for additional sector tools, information, and resources.

Mozilla released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the following Mozilla Security Advisories and apply the necessary updates:

• MFSA 2024-05 for Firefox
• MFSA 2024-06 for Firefox ESR
• MFSA 2024-07 for Thunderbird

CISA released three Industrial Control Systems (ICS) advisories on February 20, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-24-051-01 Commend WS203VICM
• ICSA-24-051-02 Ethercat Zeek Plugin
• ICSA-24-051-03 Mitsubishi Electric Electrical Discharge Machines

CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations.

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2020-3259 Cisco ASA and FTD Information Disclosure Vulnerability
• CVE-2024-21410 Microsoft Exchange Server Privilege Escalation Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. 

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Today, CISA and the Multi-State Information Sharing & Analysis Center (MS-ISAC) released a joint Cybersecurity Advisory (CSA), Threat Actor Leverages Compromised Account of Former Employee to Access State Government Organization to provide network defenders with the tactics, techniques, and procedures (TTPs) utilized by a threat actor and methods to protect against similar exploitation.

Following an incident response assessment of a state government organization’s network environment, analysis confirmed compromise through network administrator credentials of a former employee. This allowed the threat actor to successfully authenticate to an internal virtual private network (VPN) access point.

CISA and MS-ISAC encourage network defenders and organizations review the TTPs and implement the mitigations provided in the joint CSA. For more information, visit CISA’s Cross-Sector Cybersecurity Performance Goals.

CISA released seventeen Industrial Control Systems (ICS) advisories on February 15, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-24-046-01 Siemens SCALANCE W1750D
• ICSA-24-046-02 Siemens SIDIS Prime
• ICSA-24-046-03 Siemens SIMATIC RTLS Gateways
• ICSA-24-046-04 Siemens CP343-1 Devices
• ICSA-24-046-05 Siemens Location Intelligence
• ICSA-24-046-06 Siemens Unicam FX
• ICSA-24-046-07 Siemens Tecnomatix Plant Simulation
• ICSA-24-046-08 Siemens RUGGEDCOM APE1808
• ICSA-24-046-09 Siemens SCALANCE SC-600 Family
• ICSA-24-046-10 Siemens Simcenter Femap
• ICSA-24-046-11 Siemens SCALANCE XCM-/XRM-300
• ICSA-24-046-12 Siemens SIMATIC WinCC, OpenPCS
• ICSA-24-046-13 Siemens Parasolid
• ICSA-23-046-14 Siemens Polarion ALM
• ICSA-24-046-15 Siemens SINEC NMS
• ICSA-24-046-16 Rockwell Automation FactoryTalk Service Platform
• ICSA-23-306-02 Mitsubishi Electric MELSEC iQ-F/iQ-R Series CPU Module (Update A)

CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations.

Adobe has released security updates to address vulnerabilities in Adobe software. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. 

CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates. 

• Adobe Commerce and Magento
• Adobe Substance 3D Painter
• Adobe Acrobat and Reader
• Adobe FrameMaker Publishing Server
• Adobe Audition 
• Adobe Substance 3D Designer

Microsoft has released security updates to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review Microsoft’s February Security Update Guide and apply the necessary updates.

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2024-21412 Microsoft Windows Internet Shortcut Files Security Feature Bypass Vulnerability
• CVE-2024-21351 Microsoft Windows SmartScreen Security Feature Bypass Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. 

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

The Internet Systems Consortium (ISC) released security advisories to address vulnerabilities affecting multiple versions of ISC’s Berkeley Internet Name Domain (BIND) 9. A cyber threat actor could exploit one of these vulnerabilities to cause a denial-of-service condition.

CISA encourages users and administrators to review the following advisories and apply the necessary updates:

• CVE-2023-50868
• CVE-2023-50387
• CVE-2023-6516
• CVE-2023-5680
• CVE-2023-5679
• CVE-2023-5517
• CVE-2023-4408

CISA released one Industrial Control Systems (ICS) advisory on February 13, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-24-044-01 Mitsubishi Electric MELSEC iQ-R Series Safety CPU and SIL2 Process CPU 

CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations.

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2023-43770 Roundcube Webmail Persistent Cross-Site Scripting (XSS) Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Today, CISA—on behalf of the collective group of industry and government partners that comprise the Joint Cyber Defense Collaborative (JCDC)—released JCDC’s 2024 Priorities. Similar to the 2023 JCDC Planning Agenda, JCDC’s 2024 Priorities will help focus the collective group on developing high-impact and collaborative solutions to the most pressing cybersecurity challenges.

Resulting from the trusted partnerships the collaborative has fostered, the focused goals of the 2024 priorities are to:

• Defend against Advanced Persistent Threat (APT) operations.
• Raise critical infrastructure’s cybersecurity baseline.
• Anticipate emerging technology and risks.

CISA encourages organizations to review JCDC’s 2024 Priorities and the related blog post by CISA Associate Director Clayton Romans. Visit CISA.gov/JCDC for more information on the work the collaborative is doing to secure cyberspace.

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2024-21762 Fortinet FortiOS Out-of-Bound Write Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Fortinet released security updates to address critical remote code execution vulnerabilities in FortiOS (CVE-2024-21762, CVE-2024-23313). A cyber threat actor could exploit these vulnerabilities to take control of an affected system. Note: According to Fortinet, CVE-2024-21762 is potentially being exploited in the wild. 

CISA encourages users and administrators to review the following advisories and apply necessary updates:

• FG-IR-24-015 FortiOS
• FG-IR-24-029 FortiOS

JetBrains released a security advisory to address a vulnerability (CVE-2024-23917) in TeamCity On-Premises. A cyber threat actor could exploit this vulnerability to take control of an affected system.

CISA encourages users and administrators to review the Critical Security Issue Affecting TeamCity On-Premises-CVE-2024-23917 and apply the necessary update or workarounds.