Current Activity

CISA Releases Seventeen Industrial Control Systems Advisories

3 months 2 weeks ago

CISA released seventeen Industrial Control Systems (ICS) advisories on December 14, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations.

CISA

Fortinet Releases Security Updates for Multiple Products

3 months 2 weeks ago

Fortinet has released security updates to address vulnerabilities in multiple Fortinet products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the following advisories and apply necessary updates:

CISA

CISA and Partners Release Advisory on Russian SVR-affiliated Cyber Actors Exploiting CVE-2023-42793

3 months 2 weeks ago

Today, CISA—along with the U.S. Federal Bureau of Investigation (FBI), National Security Agency (NSA), Polish Military Counterintelligence Service (SKW), CERT Polska (CERT.PL), and the UK’s National Cyber Security Centre (NCSC)—released a joint Cybersecurity Advisory (CSA), Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally.

Since September 2023, Russian Foreign Intelligence Service (SVR)-affiliated cyber actors (also known as Advanced Persistent Threat 29 (APT 29), the Dukes, CozyBear, and NOBELIUM/Midnight Blizzard) have been targeting servers hosting JetBrains TeamCity software that ultimately enabled them to bypass authorization and conduct arbitrary code execution on the compromised server. The joint CSA provides information on the SVR’s most recent compromise, actionable indicators of compromise (IOCs), and SIGMA and YARA rules.

The authoring agencies encourage network defenders and organizations review the joint CSA for recommended mitigations and rules. For more information on affiliated advanced persistent threats, see CISA’s Advanced Persistent Threats and Nation-State Actors and Russia Cyber Threat Overview and Advisories webpages. For more guidance to protect against the most common and impactful threats, visit CISA’s Cross-Sector Cybersecurity Performance Goals.

CISA

Adobe Releases Security Updates for Multiple Products

3 months 2 weeks ago

Adobe has released security updates to address multiple vulnerabilities in Adobe software. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates:

CISA

The Apache Software Foundation Updates Struts 2

3 months 2 weeks ago

The Apache Software Foundation has released security updates to address a vulnerability (CVE-2023-50164) in Struts 2. A remote attacker could exploit this vulnerability to take control of an affected system.

Users and administrators are encouraged to review the Apache Security Bulletin and upgrade to Struts 2.5.33 or Struts 6.3.0.2 or greater.

CISA

Apple Releases Security Updates for Multiple Products

3 months 2 weeks ago

Apple has released security updates for Safari, iOS and iPadOS, Sonoma, Ventura, and Monterey to address multiple vulnerabilities. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the following advisories and apply necessary updates:

CISA

CISA Releases SCuBA Google Workspace Secure Configuration Baselines for Public Comment

3 months 2 weeks ago

Today, CISA released the draft Secure Cloud Business Applications (SCuBA) Google Workspace (GWS) Secure Configuration Baselines and the associated assessment tool ScubaGoggles for public comment. The draft baselines offer minimum viable security configurations for nine GWS services: Groups for Business, Google Calendar, Google Common Controls, Google Classroom, Google Meet, Gmail, Google Chat, Google Drive and Docs, and Google Sites. The ScubaGoggles tool assesses GWS tenants' compliance against the baselines.   

Federal agencies and other organizations are invited to adopt the draft baselines in their GWS environments, tailor them to reflect their own unique needs and risk tolerances, and then share their experiences with CISA during the public comment period, which closes Jan. 12, 2024. Comments will ensure that the final published baselines are clear, feasible, and effective.  

The draft SCuBA GWS Secure Configuration Baselines is the latest offering from CISA’s SCuBA project, dedicated to securing data stored in the cloud through additional configurations, settings, and security products. These baselines are created in accordance with Executive Order 14028 to provide enhanced visibility into cloud security.  

Comment on SCuBA GWS Secure Configuration Baselines by Jan. 12, 2024. For more information, read CISA Seeks Public Comment on Newly Developed Secure Configuration Baselines for Google Workspace and visit CISA’s SCuBA project page.  

CISA

CISA Releases Two Industrial Control Systems Advisories

3 months 2 weeks ago

CISA released two Industrial Control Systems (ICS) advisories on December 12, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations.

CISA

CISA Adds One Known Exploited Vulnerability to Catalog

3 months 2 weeks ago

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

  • CVE-2023-6448 Unitronics Vision PLC and HMI Insecure Default Password 

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

CISA

Atlassian Releases Security Advisories for Multiple Products

3 months 2 weeks ago

Atlassian has released security updates to address vulnerabilities affecting multiple Atlassian products. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the following advisories and apply the necessary updates or mitigations.

CISA
Checked
1 hour 11 minutes ago
Subscribe to Current Activity feed