US CERT Current Activity
CISA Adds Two Known Exploited Vulnerabilities to Catalog
Feb 15, 2024
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2020-3259 Cisco ASA and FTD Information Disclosure Vulnerability CVE-2024-21410 Microsoft Exchange Server Privilege Escalation Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
CISA and MS-ISAC Release Advisory on Compromised Account Used to Access State Government Organization
Feb 15, 2024
Today, CISA and the Multi-State Information Sharing & Analysis Center (MS-ISAC) released a joint Cybersecurity Advisory (CSA), Threat Actor Leverages Compromised Account of Former Employee to Access State Government Organization to provide network defenders with the tactics, techniques, and procedures (TTPs) utilized by a threat actor and methods to protect against similar exploitation. Following an incident response assessment of a state government organization’s network environment, analysis confirmed compromise through network administrator credentials of a former employee. This allowed the threat actor to successfully authenticate to an internal virtual private network (VPN) access point. CISA and MS-ISAC encourage network defenders and organizations review the TTPs and implement the mitigations provided in the joint CSA. For more information, visit CISA’s Cross-Sector Cybersecurity Performance Goals.
Adobe Releases Security Updates for Multiple Products
Feb 13, 2024
Adobe has released security updates to address vulnerabilities in Adobe software. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates. Adobe Commerce and Magento Adobe Substance 3D Painter Adobe Acrobat and Reader Adobe FrameMaker Publishing Server Adobe Audition Adobe Substance 3D Designer
CISA Adds Two Known Exploited Vulnerabilities to Catalog
Feb 13, 2024
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-21412 Microsoft Windows Internet Shortcut Files Security Feature Bypass Vulnerability CVE-2024-21351 Microsoft Windows SmartScreen Security Feature Bypass Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
Microsoft Releases Security Updates for Multiple Products
Feb 13, 2024
Microsoft has released security updates to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s February Security Update Guide and apply the necessary updates.
CISA Releases One Industrial Control Systems Advisory
Feb 13, 2024
CISA released one Industrial Control Systems (ICS) advisory on February 13, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-044-01 Mitsubishi Electric MELSEC iQ-R Series Safety CPU CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations.
ISC Releases Security Advisories for BIND 9
Feb 13, 2024
The Internet Systems Consortium (ISC) released security advisories to address vulnerabilities affecting multiple versions of ISC’s Berkeley Internet Name Domain (BIND) 9. A cyber threat actor could exploit one of these vulnerabilities to cause a denial-of-service condition. CISA encourages users and administrators to review the following advisories and apply the necessary updates: CVE-2023-50868 CVE-2023-50387 CVE-2023-6516 CVE-2023-5680 CVE-2023-5679 CVE-2023-5517 CVE-2023-4408
CISA Adds One Known Exploited Vulnerability to Catalog
Feb 12, 2024
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-43770 Roundcube Webmail Persistent Cross-Site Scripting (XSS) Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
Priorities of the Joint Cyber Defense Collaborative for 2024
Feb 12, 2024
Today, CISA—on behalf of the collective group of industry and government partners that comprise the Joint Cyber Defense Collaborative (JCDC)—released JCDC’s 2024 Priorities. Similar to the 2023 JCDC Planning Agenda, JCDC’s 2024 Priorities will help focus the collective group on developing high-impact and collaborative solutions to the most pressing cybersecurity challenges. Resulting from the trusted partnerships the collaborative has fostered, the focused goals of the 2024 priorities are to: Defend against Advanced Persistent Threat (APT) operations. Raise critical infrastructure’s cybersecurity baseline. Anticipate emerging technology and risks. CISA encourages organizations to review JCDC’s 2024 Priorities and the related blog post by CISA Associate Director Clayton Romans. Visit CISA.gov/JCDC for more information on the work the collaborative is doing to secure cyberspace.
Fortinet Releases Security Advisories for FortiOS and FortiClientEMS
Feb 9, 2024
Fortinet released security updates to address critical remote code execution vulnerabilities in FortiOS (CVE-2024-21762, CVE-2024-23313) as well as an access control vulnerability in FortiClientEMS (CVE-2024-45581). A cyber threat actor could exploit these vulnerabilities to take control of an affected system. Note: According to Fortinet, CVE-2024-21762 is potentially being exploited in the wild. CISA encourages users and administrators to review the following advisories and apply necessary updates: FG-IR-24-015 FortiOS FG-IR-24-029 FortiOS FG-IR-23-357 FortiClientEMS
JetBrains Releases Security Advisory for TeamCity On-Premises
Feb 9, 2024
JetBrains released a security advisory to address a vulnerability (CVE-2024-23917) in TeamCity On-Premises. A cyber threat actor could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review the Critical Security Issue Affecting TeamCity On-Premises-CVE-2024-23917 and apply the necessary update or workarounds.
CISA Adds One Known Exploited Vulnerability to Catalog
Feb 9, 2024
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-21762 Fortinet FortiOS Out-of-Bound Write Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
CISA Partners With OpenSSF Securing Software Repositories Working Group to Release Principles for Package Repository Security
Feb 8, 2024
Today, CISA partnered with the Open Source Security Foundation (OpenSSF) Securing Software Repositories Working Group to publish the Principles for Package Repository Security framework. Recognizing the critical role package repositories play in securing open source software ecosystems, this framework lays out voluntary security maturity levels for package repositories. This publication supports Objective 1.2 of CISA's Open Source Software Security Roadmap, which states the goal of "working collaboratively [with relevant working groups] to develop security principles for package managers." CISA highly encourages package managers and open source community members to review the Principles for Package Repository Security as well as the related OpenSSF blog post, offer feedback, and develop roadmaps for security improvements in their ecosystems. For more information on CISA's efforts to help secure open source software, see CISA.gov/opensource.
Cisco Releases Security Advisory for Vulnerabilities in Cisco Expressway Series
Feb 8, 2024
Cisco released a security advisory to address vulnerabilities affecting Cisco Expressway Series. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Cisco Expressway Series advisory and apply the necessary updates.
CISA Releases Two Industrial Control Systems Advisories
Feb 8, 2024
CISA released two Industrial Control Systems (ICS) advisories on February 8, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-039-01 Qolsys IQ Panel 4, IQ4 HUB ICSA-23-082-06 ProPump and Controls Osprey Pump Controller (Update A) CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations.
CISA and Partners Release Advisory on PRC-sponsored Volt Typhoon Activity and Supplemental Living Off the Land Guidance
Feb 7, 2024
Today, CISA, the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) released a joint Cybersecurity Advisory (CSA), PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure alongside supplemental Joint Guidance: Identifying and Mitigating Living off the Land Techniques. The following federal agencies and international organizations are additional co-authors on the joint advisory and guidance: U.S. Department of Energy (DOE) U.S. Environmental Protection Agency (EPA) U.S. Transportation Security Administration (TSA) Australian Signals Directorate’s (ASD’s) Australian Cyber Security Centre (ACSC) Canadian Centre for Cyber Security (CCCS) a part of the Communications Security Establishment (CSE) United Kingdom National Cyber Security Centre (NCSC-UK) New Zealand National Cyber Security Centre (NCSC-NZ) Volt Typhoon actors are seeking to pre-position themselves—using living off the land (LOTL) techniques—on IT networks for disruptive or destructive cyber activity against U.S. critical infrastructure in the event of a major crisis or conflict with the United States. The advisory provides actionable information from U.S. incident response activity that can help all organizations: Recognize Volt Typhoon techniques, Assess whether Volt Typhoon techniques have compromised your organization, Secure your networks from these adversarial techniques by implementing recommended mitigations. To supplement the advisory, the Joint Guidance provides threat detection information and mitigations applicable to LOTL activity, regardless of threat actor. Additionally, CISA has published Secure by Design Alert: Security Design Improvements for SOHO Device Manufacturers, which provides technology manufactures guidance on protecting their products from Volt Typhoon compromises. CISA and its partners strongly urge critical infrastructure organizations and technology manufacturers to read the joint advisory and guidance to defend against this threat. For more information on People’s Republic of China (PRC) state-sponsored actors, visit People's Republic of China Cyber Threat. To learn more about secure by design principles and practices, visit Secure by Design.
VMware Releases Security Advisory for Aria Operations for Networks
Feb 7, 2024
VMware released a security advisory to address multiple vulnerabilities in Aria Operations for Networks. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review VMware security advisory VMSA-2024-0002 and apply the necessary updates.
CISA Releases Two Industrial Control Systems Advisories
Feb 6, 2024
CISA released two Industrial Control Systems (ICS) advisories on February 6, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-037-01 HID Global Encoders ICSA-24-037-02 HID Global Reader Configuration Cards CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations.
CISA Adds One Known Exploited Vulnerability to Catalog
Feb 6, 2024
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-4762 Google Chromium V8 Type Confusion Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
Juniper Networks Releases Security Bulletin for Juniper Secure Analytics
Feb 2, 2024
Juniper Networks released a security bulletin to address multiple vulnerabilities affecting Juniper Secure Analytics optional applications. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Juniper Security Bulletin JSA76718 and apply the necessary updates.
