Current Activity

CISA Releases Four Industrial Control Systems Advisories

1 day ago

CISA released four Industrial Control Systems (ICS) advisories on April 16, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations.

CISA

Joint Guidance on Deploying AI Systems Securely

2 days ago

Today, the National Security Agency’s Artificial Intelligence Security Center (NSA AISC) published the joint Cybersecurity Information Sheet Deploying AI Systems Securely in collaboration with CISA, the Federal Bureau of Investigation (FBI), the Australian Signals Directorate’s Australian Cyber Security Centre (ASD ACSC), the Canadian Centre for Cyber Security (CCCS), the New Zealand National Cyber Security Centre (NCSC-NZ), and the United Kingdom’s National Cyber Security Centre (NCSC-UK).

The guidance provides best practices for deploying and operating externally developed artificial intelligence (AI) systems and aims to:

  • Improve the confidentiality, integrity, and availability of AI systems. 
  • Ensure there are appropriate mitigations for known vulnerabilities in AI systems.
  • Provide methodologies and controls to protect, detect, and respond to malicious activity against AI systems and related data and services.

CISA encourages organizations deploying and operating externally developed AI systems to review and apply this guidance as applicable. CISA also encourages organizations to review previously published joint guidance on securing AI systems: Guidelines for secure AI system development and Engaging with Artificial Intelligence. For more CISA information and guidance on securing AI systems, see cisa.gov/ai.

 

CISA

CISA Adds One Known Exploited Vulnerability to Catalog

5 days ago

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

  • CVE-2024-3400 Palo Alto Networks PAN-OS Command Injection Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

CISA

Palo Alto Networks Releases Guidance for Vulnerability in PAN-OS, CVE-2024-3400

5 days ago

Palo Alto Networks has released workaround guidance for a command injection vulnerability (CVE-2024-3400) affecting PAN-OS versions 10.2, 11.0, and 11.1. Palo Alto Networks has reported active exploitation of this vulnerability in the wild. 

CISA encourages users and administrators to review the Palo Alto Networks Security Advisory, apply the current mitigations, and update the affected software when Palo Alto Networks makes the fixes available. 

CISA has also added this vulnerability to its Known Exploited Vulnerabilities Catalog.

Additional resources:

CISA

CISA Adds Two Known Exploited Vulnerabilities to Catalog

6 days ago

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

  • CVE-2024-3272 D-Link Multiple NAS Devices Use of Hard-Coded Credentials Vulnerability
  • CVE-2024-3273 D-Link Multiple NAS Devices Command Injection Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. 

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

CISA

CISA Issues Emergency Directive 24-02: Mitigating the Significant Risk from Nation-State Compromise of Microsoft Corporate Email System

6 days ago

Today, CISA publicly issued Emergency Directive (ED) 24-02 to address the recent campaign by Russian state-sponsored cyber actor Midnight Blizzard to exfiltrate email correspondence of Federal Civilian Executive Branch (FCEB) agencies through a successful compromise of Microsoft corporate email accounts. This Directive https://www.cisa.gov/news-events/directives/ed-24-02-mitigating-significant-risk-nation-state-compromise-microsoft-corporate-email-system requires agencies to analyze the content of exfiltrated emails, reset compromised credentials, and take additional steps to secure privileged Microsoft Azure accounts.

While ED 24-02 requirements only apply to FCEB agencies, other organizations may also have been impacted by the exfiltration of Microsoft corporate email and are encouraged to contact their respective Microsoft account team for any additional questions or follow up. FCEB agencies and state and local government should utilize the distro MBFedResponse@Microsoft.com for any escalations and assistance with Microsoft. Regardless of direct impact, all organizations are strongly encouraged to apply stringent security measures, including strong passwords, multifactor authentication (MFA) and prohibited sharing of unprotected sensitive information via unsecure channels.

CISA

CISA Releases Nine Industrial Control Systems Advisories

6 days ago

CISA released nine Industrial Control Systems (ICS) advisories on April 11, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations.

CISA

Compromise of Sisense Customer Data

6 days ago

CISA is collaborating with private industry partners to respond to a recent compromise discovered by independent security researchers impacting Sisense, a company that provides data analytics services.

CISA urges Sisense customers to:

  • Reset credentials and secrets potentially exposed to, or used to access, Sisense services. 
  • Investigate—and report to CISA—any suspicious activity involving credentials potentially exposed to, or used to access, Sisense services.

CISA is taking an active role in collaborating with private industry partners to respond to this incident, especially as it relates to impacted critical infrastructure sector organizations. We will provide updates as more information becomes available.
 

CISA

Adobe Releases Security Updates for Multiple Products 

1 week 1 day ago

Adobe has released security updates to address multiple vulnerabilities in Adobe software. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.

Users and administrators are encouraged to review the following Adobe Security Bulletins and apply the necessary updates:  

CISA

Fortinet Releases Security Updates for Multiple Products

1 week 1 day ago

Fortinet released security updates to address vulnerabilities in multiple products, including OS and FortiProxy. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. 

CISA encourages users and administrators to review the following advisories and apply necessary updates: 

CISA

CISA Releases Two Industrial Control Systems Advisories

1 week 6 days ago

CISA released two Industrial Control Systems (ICS) advisories on April 4, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations.

CISA

CISA Adds Two Known Exploited Vulnerabilities to Catalog

1 week 6 days ago

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. 

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

CISA

Ivanti Releases Security Update for Ivanti Connect Secure and Policy Secure Gateways

1 week 6 days ago

Ivanti has released security updates to address vulnerabilities in all supported versions (9.x and 22.x) of Ivanti Connect Secure and Policy Secure gateways. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. 

Users and administrators are encouraged to review the following Ivanti advisory and apply the necessary updates: 

CISA

CISA Publishes New Webpage Dedicated to Providing Resources for High-Risk Communities

2 weeks 1 day ago

Today, CISA published a new dedicated High-Risk Communities webpage comprised of cybersecurity resources to support civil society communities at heighted risk of digital security threats, including cyber hygiene guidance, a repository of local cyber volunteer programs, and free or discounted tools and services.

Despite their vulnerability to advanced cyber threats, many civil society organizations operate on lean budgets and cannot significantly invest in cybersecurity. CISA’s High-Risk Communities webpage provides resources specifically for civil society organizations, such as:

  • Project Upskill, a suite of cyber hygiene guides designed to arm individuals of high-risk organizations with simple steps to meaningfully improve their cyber hygiene.
  • Cybersecurity Resources for High-Risk Communities, which offers a wide selection of free or steeply discounted tools and services.
  • Cyber Volunteer Resource Center, a repository of cyber volunteer programs across the country that provide free, hands-on cybersecurity support to under-resourced organizations.

For more information on the initiative, read Associate Director Clayton Roman’s blog post, JCDC Working and Collaborating to Build Cyber Defense for Civil Society and High-Risk Communities. Visit Joint Cyber Defense Collaborative to learn more about the planning effort that aided in developing these valuable resources.
 

CISA

Reported Supply Chain Compromise Affecting XZ Utils Data Compression Library, CVE-2024-3094

2 weeks 5 days ago

CISA and the open source community are responding to reports of malicious code being embedded in XZ Utils versions 5.6.0 and 5.6.1. This activity was assigned CVE-2024-3094. XZ Utils is data compression software and may be present in Linux distributions. The malicious code may allow unauthorized access to affected systems. 

CISA recommends developers and users to downgrade XZ Utils to an uncompromised version—such as XZ Utils 5.4.6 Stable—hunt for any malicious activity and report any positive findings to CISA. 

See the following advisory for more information: 

CISA
Checked
21 minutes 7 seconds ago
Subscribe to Current Activity feed