Current Activity

CISA Releases Capacity Enhancement Guides to Enhance Mobile Device Cybersecurity for Consumers and Organizations

5 days 21 hours ago
Original release date: November 24, 2021

CISA has released actionable Capacity Enhancement Guides (CEGs) to help users and organizations improve mobile device cybersecurity.

CISA encourages users and administrators to review the guidance and apply the recommendations.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

VMware Releases Security Updates

5 days 21 hours ago
Original release date: November 24, 2021

VMware has released security updates to address multiple vulnerabilities in vCenter Server and Cloud Foundation. A remote attacker can exploit this vulnerability to obtain access to sensitive information.

CISA encourages users and administrators to review VMware Security Advisory VMSA-2021-0027 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Reminder for Critical Infrastructure to Stay Vigilant Against Threats During Holidays and Weekends

1 week ago
Original release date: November 22, 2021

As Americans prepare to hit the highways and airports this Thanksgiving holiday, CISA and the Federal Bureau of Investigation (FBI) are reminding critical infrastructure partners that malicious cyber actors aren’t making the same holiday plans as you. Recent history tells us that this could be a time when these persistent cyber actors halfway across the world are looking for ways—big and small—to disrupt the critical networks and systems belonging to organizations, businesses, and critical infrastructure. 

There are actions that executives, leaders, and workers in any organization can take proactively to protect themselves against cyberattacks, including possible ransomware attacks, during the upcoming holiday season—a time during which offices are often closed, and employees are home with their friends and families. Although neither CISA nor the FBI currently have identified any specific threats, recent 2021 trends show malicious cyber actors launching serious and impactful ransomware attacks during holidays and weekends, including Independence Day and Mother’s Day weekends.

CISA and the FBI strongly urge all entities–especially critical infrastructure partners–to examine their current cybersecurity posture and implement best practices and mitigations to manage the risk posed by cyber threats. Specifically, CISA and the FBI urge users and organizations to take the following actions to protect themselves from becoming the next victim:

  • Identify IT security employees for weekends and holidays who would be available to surge during these times in the event of an incident or ransomware attack. 
  • Implement multi-factor authentication for remote access and administrative accounts.
  • Mandate strong passwords and ensure they are not reused across multiple accounts. 
  • If you use remote desktop protocol (RDP) or any other potentially risky service, ensure it is secure and monitored. 
  • Remind employees not to click on suspicious links, and conduct exercises to raise awareness. 

Additionally, CISA and the FBI recommend maintaining vigilance against the multiple techniques cybercriminals use to gain access to networks, including:

Finally—to reduce the risk of severe business/functional degradation should your organization fall victim to a ransomware attack—review and, if needed, update your incident response and communication plans. These plans should list actions to take—and contacts to reach out to—should your organization be impacted by a ransomware incident. Note: for assistance, review available incident response guidance, such as the Ransomware Response Checklist in the CISA-MS-ISAC Joint Ransomware Guide, the Public Power Cyber Incident Response Playbook, and the new Federal Government Cybersecurity Incident and Vulnerability Response Playbooks.

CISA and the FBI urge users and organizations to take these actions immediately to protect themselves against this threat. For a comprehensive overview, see the joint Cybersecurity Advisory Ransomware Awareness for Holidays and Weekends. For more information and resources on protecting against and responding to ransomware, visit StopRansomware.gov, a centralized, whole-of-government webpage providing ransomware resources and alerts.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Updated: APT Exploitation of ManageEngine ADSelfService Plus Vulnerability

1 week 3 days ago
Original release date: November 19, 2021 | Last revised: November 24, 2021

The Federal Bureau of Investigation (FBI), CISA, and Coast Guard Cyber Command (CGCYBER) have updated the Joint Cybersecurity Advisory (CSA) published on September 16, 2021, which details the active exploitation of an authentication bypass vulnerability (CVE-2021-40539) in Zoho ManageEngine ADSelfService Plus—a self-service password management and single sign-on solution.

The update provides details on a suite of tools APT actors are using to enable this campaign: 

  • Dropper: a dropper trojan that drops Godzilla webshell on a system 
  • Godzilla: a Chinese language web shell 
  • NGLite: a backdoor trojan written in Go 
  • KdcSponge: a tool that targets undocumented APIs in Microsoft’s implementation of Kerberos for credential exfiltration  

Note: FBI, CISA, and CGCYBER cannot confirm the CVE-2021-40539 is the only vulnerability APT actors are leveraging as part of this activity, so it is key that network defenders focus on detecting the tools listed above in addition to initial access vector.

CISA encourages organizations to review the November 19 update and apply the recommended mitigations. CISA also recommends reviewing the relevant blog posts from Palo Alto Networks, Microsoft, and IBM Security Intelligence

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

NSA and CISA Release Guidance on Securing 5G Cloud Infrastructures

1 week 3 days ago
Original release date: November 19, 2021

CISA has announced the joint National Security Agency (NSA) and CISA publication of the second of a four-part series, Security Guidance for 5G Cloud Infrastructures. Part II: Securely Isolate Network Resources examines threats to 5G container-centric or hybrid container/virtual network, also known as Pods. The guidance provides several aspects of pod security including limiting permissions on deployed containers, avoiding resource contention and denial-of-service attacks, and implementing real-time threat detection.

This series is being published under the Enduring Security Framework (ESF), a public-private cross-sector working group led by NSA and CISA.

CISA encourages 5G providers, integrators, and network operators to review the guidance and consider the recommendations.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Drupal Releases Security Updates

1 week 4 days ago
Original release date: November 18, 2021

Drupal has released security updates to address vulnerabilities that could affect versions 8.9, 9.1, and 9.2. An attacker could exploit these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review Drupal Security Advisory SA-CORE-2021-011 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

NCSC Releases 2021 Annual Review

1 week 4 days ago
Original release date: November 18, 2021

The United Kingdom (UK) National Cyber Security Centre (NCSC) has released its Annual Review 2021, which focuses on its response to evolving and challenging cyber threats.

The publication contains highlights of NCSC’s collaboration with trusted cybersecurity partners, including CISA. Examples include:

CISA encourages users to review NCSC’s Annual Review 2021 and learn more about their key developments and highlights between September 1, 2020 and August 31, 2021.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

CISA Adds Four Known Exploited Vulnerabilities to Catalog

1 week 5 days ago
Original release date: November 17, 2021 | Last revised: November 18, 2021

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, which require remediation from federal civilian executive branch (FCEB) agencies by December 1, 2021. CISA has evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise. 

CVE Number CVE Title Remediation Due Date CVE-2021-22204 Exiftool Remote Code Execution vulnerability 12/01/2021 CVE-2021-40449 Microsoft Win32k Elevation of Privilege     12/01/2021 CVE-2021-42292 Microsoft Excel Security Feature Bypass     12/01/2021 CVE-2021-42321 Microsoft Exchange Server Remote Code Execution     12/01/2021

 

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise. BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the meet the specified criteria.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities

1 week 6 days ago
Original release date: November 17, 2021

CISA, the Federal Bureau of Investigation (FBI), the Australian Cyber Security Centre (ACSC), and the United Kingdom’s National Cyber Security Centre (NCSC)  have released a joint Cybersecurity Advisory highlighting ongoing malicious cyber activity by an advanced persistent threat (APT) group that FBI, CISA, ACSC, and NCSC assess is associated with the government of Iran.  FBI and CISA have observed this Iranian government-sponsored APT exploit Fortinet and Microsoft Exchange ProxyShell vulnerabilities to gain initial access to systems in advance of follow-on operations, which include deploying ransomware.

Joint Cybersecurity Advisory AA21-321A provides observed tactics and techniques, as well as indicators of compromise that FBI, CISA, ACSC, and NCSC assess are likely associated with this Iranian government-sponsored APT activity. FBI, CISA, ACSC, and NCSC urge critical infrastructure organizations to apply the recommendations listed in the advisory to mitigate risk of compromise from Iranian government-sponsored cyber actors. 

CISA also recommends reviewing its Iran Cyber Threat Overview and other Iran-related Advisories.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Google Releases Security Updates for Chrome

1 week 6 days ago
Original release date: November 16, 2021

Google has released Chrome version 96.0.4664.45 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. 

CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates as soon as possible.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

New Federal Government Cybersecurity Incident and Vulnerability Response Playbooks

2 weeks ago
Original release date: November 16, 2021

The White House, via Executive Order (EO) 14028: Improving the Nation’s Cybersecurity, tasked CISA, as the operational lead for federal cybersecurity, to “develop a standard set of operational procedures (i.e., playbook) to be used in planning and conducting cybersecurity vulnerability and incident response activity” for federal civilian agency information systems. In response, today, CISA published the Federal Government Cybersecurity Incident and Vulnerability Response Playbooks. The playbooks provide federal civilian executive branch (FCEB) agencies with operational procedures for planning and conducting cybersecurity incident and vulnerability response activities. The playbooks provide illustrated decision trees and detail each step for both incident and vulnerability response.  
 
FCEB agencies should use the playbooks to shape their overall defensive cyber operations. The playbooks apply to information systems used or operated by an FCEB agency, a contractor of the agency, or another organization on behalf of the agency. CISA encourages agencies to review the playbooks and CISA’s webpage on EO 14028 for more information.  
 
Although CISA created the playbooks for FCEB agencies, we encourage critical infrastructure entities; state, local, territorial, and tribal government organizations; and private sector organizations to review them to benchmark their own vulnerability and incident response practices.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

VMware Releases Security Update for Tanzu Application Service for VMs

2 weeks 3 days ago
Original release date: November 12, 2021

VMware has released a security update to address a vulnerability in Tanzu Application Service for VMs. A remote attacker could exploit this vulnerability to cause a denial-of-service condition.

CISA encourages users and administrators to review VMware Security Advisory VMSA-2021-0026 and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

CISA Releases Advisory on Vulnerabilities in Multiple Data Distribution Service Implementations 

2 weeks 3 days ago
Original release date: November 12, 2021

CISA has released an Industrial Control Systems Advisory (ICSA) related to a public report detailing vulnerabilities found in multiple open-source and proprietary Object Management Group (OMG) Data-Distribution Service (DDS) implementations. Successful exploitation of these vulnerabilities could result in denial-of-service or buffer-overflow conditions, which may lead to remote code execution or information exposure.

CISA encourages users and administrators to review ICSA-21-315-02: Multiple Data Distribution Service (DDS) Implementations and apply the necessary updates as quickly as possible.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Palo Alto Networks Release Security Updates for PAN-OS

2 weeks 3 days ago
Original release date: November 12, 2021

Palo Alto Networks has released security updates to address a vulnerability affecting PAN-OS firewall configurations with GlobalProtect portal and gateway interfaces. These updates address a vulnerability that only affects old versions of PAN-OS (8.1.16 and earlier). An unauthenticated attacker with network access could exploit this vulnerability to take control of an affected system.

CISA encourages users and administrators to review Palo Alto Security Advisory for CVE-2021-3064 and apply the necessary updates or workarounds.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

VMware Releases Security Advisory

2 weeks 4 days ago
Original release date: November 11, 2021

VMware has released a security advisory to address a privilege escalation vulnerability in vCenter Server and Cloud Foundation. An attacker could exploit this vulnerability to take control of an affected system.

CISA encourages users and administrators to review VMware Security Advisory VMSA-2021-0025 and apply the necessary workaround.  

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Apple Releases Security Update for iCloud for Windows 13

2 weeks 4 days ago
Original release date: November 11, 2021

Apple has released a security update to address multiple vulnerabilities in iCloud for Windows 13. An attacker could exploit these vulnerabilities to take control of an affected system.  

CISA encourages users and administrators to review the Apple security page and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Microsoft Releases November 2021 Security Updates

2 weeks 6 days ago
Original release date: November 9, 2021

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review Microsoft’s November 2021 Security Update Summary and Deployment Information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Samba Releases Security Updates

2 weeks 6 days ago
Original release date: November 9, 2021

The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the following Samba security announcements and apply the necessary updates and workarounds.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Citrix Releases Security Updates

2 weeks 6 days ago
Original release date: November 9, 2021

Citrix has released security updates to address vulnerabilities affecting multiple versions of Citrix Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP. An attacker could exploit these vulnerabilities to cause a denial-of-service condition.

CISA encourages users and administrators to review Citrix Security Bulletin CTX330728 and apply the necessary updates as soon as possible.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Adobe Releases Security Updates for Multiple Products

2 weeks 6 days ago
Original release date: November 9, 2021

Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA
Checked
45 minutes 42 seconds ago
A regularly updated summary of the most frequent, high-impact security incidents currently being reported to the US-CERT.
Subscribe to Current Activity feed