Current Activity

Google Releases Security Updates for Chrome

2 days 22 hours ago
Original release date: June 10, 2021

Google has released Chrome version 91.0.4472.101 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. One of these vulnerabilities—CVE-2021-30551—has been detected in exploits in the wild.

CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

CISA Addresses the Rise in Ransomware Targeting Operational Technology Assets

3 days 21 hours ago
Original release date: June 9, 2021

CISA has published the Rising Ransomware Threat to OT Assets fact sheet in response to the recent increase in ransomware attacks targeting operational technology (OT) assets and control systems. The guidance:

  • provides steps to prepare for, mitigate against, and respond to attacks;
  • details how the dependencies between an entity’s IT and OT systems can provide a path for attackers; and
  • explains how to reduce the risk of severe business degradation if affected by ransomware.

CISA encourages critical infrastructure (CI) owners and operators to review the Rising Ransomware Threat to OT Assets fact sheet as well as CISA’s Ransomware webpage to help them in reducing their CI entity’s vulnerability to ransomware.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

SAP Releases June 2021 Security Updates

4 days 11 hours ago
Original release date: June 8, 2021

SAP has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the SAP Security Notes for June 2021 and apply the necessary updates. 

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Adobe Releases Security Updates for Multiple Products

4 days 13 hours ago
Original release date: June 8, 2021

Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system. 

CISA encourages users and administrators to review Adobe’s Security Bulletins and apply the necessary updates. 

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Microsoft Releases June 2021 Security Updates

4 days 13 hours ago
Original release date: June 8, 2021

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker can exploit some of these vulnerabilities to take control of an affected system. 

CISA encourages users and administrators to review Microsoft’s June 2021 Security Update Summary and Deployment Information and apply the necessary updates. 

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Unpatched VMware vCenter Software

1 week 1 day ago
Original release date: June 4, 2021

CISA is aware of the likelihood that cyber threat actors are attempting to exploit CVE-2021-21985, a remote code execution vulnerability in VMware vCenter Server and VMware Cloud Foundation. Although patches were made available on May 25, 2021, unpatched systems remain an attractive target and attackers can exploit this vulnerability to take control of an unpatched system.

CISA encourages users and administrators to review VMware’s VMSA-2021-010, blogpost, and FAQ for more information about the vulnerability and apply the necessary updates as soon as possible, even if out-of-cycle work is required. If an organization cannot immediately apply the updates, then apply the workarounds in the interim.   

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Cisco Releases Security Updates for Multiple Products

1 week 2 days ago
Original release date: June 3, 2021

Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

CISA encourages users and administrators to review the following Cisco advisories and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

CISA Releases Best Practices for Mapping to MITRE ATT&CK®

1 week 3 days ago
Original release date: June 2, 2021

As part of an effort to encourage a common language in threat actor analysis, CISA has released Best Practices for MITRE ATT&CK® Mapping. The guide shows analysts—through instructions and examples—how to map adversary behavior to the MITRE ATT&CK framework. CISA created this guide in partnership with the Homeland Security Systems Engineering and Development Institute™ (HSSEDI), a DHS-owned R&D center operated by MITRE, which worked with the MITRE ATT&CK team.

CISA and other organizations in the cybersecurity community use MITRE ATT&CK to identify and analyze threat actor behavior. This analysis enables them to produce a set of mappings to develop adversary profiles; conduct activity trend analyses; and detect, respond to, and mitigate threats. An increase in the number of organizations integrating the ATT&CK framework in their analysis will have a positive impact on the efficiency and efficacy of information sharing within the community.

CISA, HSSEDI, and MITRE ATT&CK encourage users and administrators to review both the guide—as well as CISA Executive Assistant Director Eric Goldstein's blog post on the guide—to strengthen the security posture of their organization and improve information sharing.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Mozilla Releases Security Updates for Firefox

1 week 3 days ago
Original release date: June 2, 2021

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the Mozilla Security Advisory for Firefox 89 and Firefox ESR 78.11 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Cisco Releases Security Updates for Multiple Products

1 week 3 days ago
Original release date: June 2, 2021

Cisco has released security updates to address a vulnerability in multiple Cisco products. An attacker could exploit this vulnerability to take control of an affected system.

CISA encourages users and administrators to review the following Cisco advisory and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Joint CISA-FBI Cybersecurity Advisory on Sophisticated Spearphishing Campaign

2 weeks 1 day ago
Original release date: May 28, 2021

CISA and the Federal Bureau of Investigation (FBI) are responding to an ongoing spearphishing campaign targeting government organizations, intergovernmental organizations, and non-governmental organizations. A sophisticated cyber threat actor leveraged a compromised end-user account from Constant Contact—a legitimate email marketing software company—to spoof a U.S. government organization and distribute links to malicious URLs.

In response, CISA and FBI have released Joint Cybersecurity Advisory AA21-148A: Sophisticated Spearphishing Campaign Targets Government Organizations, IGOs, and NGOs and Malware Analysis Report MAR-10339794-1.v1, providing tactics, techniques, and procedures (TTPs); downloadable indicators of compromise (IOCs); and recommended mitigations.

CISA strongly encourages organizations to review AA21-148A and  MAR-10339794-1.v1 and apply the necessary mitigations.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

FBI Update on Exploitation of Fortinet FortiOS Vulnerabilities

2 weeks 1 day ago
Original release date: May 28, 2021

The Federal Bureau of Investigation (FBI) has released an FBI FLASH, APT Actors Exploiting Fortinet Vulnerabilities to Gain Access for Malicious Activity, which describes advanced persistent threat (APT) actors exploiting known Fortinet FortiOS vulnerabilities. APT actors may exploit these vulnerabilities to gain initial access to multiple government, commercial, and technology services to conduct future attacks. This is a follow up to the FBI-CISA Joint Cybersecurity Advisory AA21-092A: APT Actors Exploit Vulnerabilities to Gain Initial Access for Future Attack, originally published April 2, and provides indicators of compromise (IOCs) and additional recommended mitigations.

CISA encourages users and administrators to review the IOCs and updated mitigations in FBI FLASH MI-000148-MW and refer back to AA21-092A for additional information.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Microsoft Announces New Campaign from NOBELIUM

2 weeks 2 days ago
Original release date: May 27, 2021

The Microsoft Threat Intelligence Center (MSTIC) has released information on the uncovering of a widespread malicious email campaign undertaken by the activity group that Microsoft tracks as NOBELIUM. NOBELIUM was initially identified in November 2020, during an intrusion at a major cybersecurity organization. Microsoft security researchers identify NOBELIUM as the actor responsible for the 2020 compromise of the SolarWinds Orion platform, and subsequent activity targeting other Microsoft customer networks and cloud assets.

CISA encourages users and administrators to review MSTIC’s blog post New sophisticated email-based attack from NOBELIUM and apply the necessary mitigations.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Updates to Alert on Pulse Connect Secure

2 weeks 2 days ago
Original release date: May 27, 2021

CISA has updated Alert AA21-110A: Exploitation of Pulse Connect Secure Vulnerabilities to include new threat actor techniques, tactics, and procedures (TTPs), indicators of compromise (IOCs), and updated mitigations.  

CISA encourages users and administrators to review AA21-110A and the following resources for more information:
•    Re-Checking Your Pulse
•    Ivanti KB44755 - Pulse Connect Secure (PCS) Integrity Assurance
•    Ivanti Security Advisory SA44784
•    Emergency Directive 21-03: Mitigate Pulse Connect Secure Product Vulnerabilities

 

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Drupal Releases Security Updates

2 weeks 2 days ago
Original release date: May 27, 2021

Drupal has released security updates to address a vulnerability affecting Drupal 8.9, 9.0, and 9.1. An attacker could exploit this vulnerability to take control of an affected system.

CISA encourages users and administrators to review Drupal Advisory SA-CORE-2021-003 and apply the necessary updates or mitigations.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

VMware Releases Security Updates

2 weeks 3 days ago
Original release date: May 26, 2021

VMware has released security updates to address multiple vulnerabilities in vCenter Server and Cloud Foundation. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review VMware Security Advisory VMSA-2021-0010 and apply the necessary updates and workarounds.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Apple Releases Security Updates

2 weeks 4 days ago
Original release date: May 25, 2021

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected device.

CISA encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Cisco Releases Security Updates for Multiple Products  

3 weeks 2 days ago
Original release date: May 20, 2021

Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

CISA encourages users and administrators to review the following Cisco advisories and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Update to CISA-FBI Joint Cybersecurity Advisory on DarkSide Ransomware

3 weeks 3 days ago
Original release date: May 19, 2021

CISA and the Federal Bureau of Investigation (FBI) have updated Joint Cybersecurity Advisory AA21-131A: DarkSide Ransomware: Best Practices for Preventing Disruption from Ransomware Attacks, originally released May 11, 2021. This update provides a downloadable STIX file of indicators of compromise (IOCs) to help network defenders find and mitigate activity associated with DarkSide ransomware. These IOCs were shared with critical infrastructure partners and network defenders on May 10, 2021.

CISA encourages users and administrators to review AA21-131A for more information.

 

This product is provided subject to this Notification and this Privacy & Use policy.

CISA
Checked
2 hours 49 minutes ago
A regularly updated summary of the most frequent, high-impact security incidents currently being reported to the US-CERT.
Subscribe to Current Activity feed