US CERT Current Activity
Moby and Open Container Initiative Release Critical Updates for Multiple Vulnerabilities Affecting Docker-related Components
Feb 1, 2024
Moby and the Open Container Initiative (OCI) have released updates for multiple vulnerabilities (CVE-2024-23651, CVE-2024-23652, CVE-2024-23653, CVE-2024-21626) affecting Docker-related components, including Moby BuildKit and OCI runc. A cyber threat actor could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the advisories from Moby BuildKit (CVE-2024-23651, CVE-2024-23652, CVE-2024-23653) and OCI runc (CVE-2024-21626), as well as the Snyk blog post about these vulnerabilities and apply the necessary updates.
CISA Releases Two Industrial Control Systems Advisories
Feb 1, 2024
CISA released two Industrial Control Systems (ICS) advisories on February 1, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-032-01 Gessler GmbH WEB-MASTER ICSA-24-032-03 AVEVA Edge products (formerly known as InduSoft Web Studio) CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations.
CISA Adds One Known Exploited Vulnerability to Catalog
Jan 31, 2024
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-21893 Ivanti Connect Secure, Policy Secure, and Neurons Server-Side Request Forgery (SSRF) Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
CISA and FBI Release Secure by Design Alert Urging Manufacturers to Eliminate Defects in SOHO Routers
Jan 31, 2024
Today, CISA and the Federal Bureau of Investigation (FBI) published guidance on Security Design Improvements for SOHO Device Manufacturers as a part of the new Secure by Design (SbD) Alert series that focuses on how manufacturers should shift the burden of security away from customers by integrating security into product design and development. This third publication in CISA’s SbD Alert series examines how manufacturers can eliminate the path threat actors—particularly the People’s Republic of China (PRC)-sponsored Volt Typhoon group—are taking to compromise small office/home office (SOHO) routers. Specifically, CISA and FBI urge manufacturers to: Eliminate exploitable defects—during the product design and development phases—in SOHO router web management interfaces (WMIs). Adjust default device configurations in a way that: Automates update capabilities. Locates the WMI on LAN side ports. Requires a manual override to remove security settings. CISA and FBI also urge manufacturers to protect against Volt Typhoon activity and other cyber threats by disclosing vulnerabilities via the Common Vulnerabilities and Exposures (CVE) program as well as by supplying accurate Common Weakness Enumeration (CWE) classification for these vulnerabilities. The Alert also urges manufacturers to implement incentive structures that prioritize security during product design and development. CISA and FBI urge SOHO device manufacturers to read and implement Security Design Improvements for SOHO Device Manufacturers, which aligns to principles one through three of the joint guidance, Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Secure by Design Software: Take ownership of customer security outcomes. Embrace Radical Transparency and Accountability. Build organizational structure and leadership to achieve these goals. By implementing these principles in their design, development, and delivery processes, manufactures can prevent exploitation of SOHO routers. To learn more, visit Secure by Design.
CISA Adds One Known Exploited Vulnerability to Catalog
Jan 31, 2024
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2022-48618 Apple Multiple Products Improper Authentication Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
New Mitigations to Defend Against Exploitation of Ivanti Connect Secure and Policy Secure Gateways
Jan 30, 2024
CISA is releasing this alert to provide cyber defenders with new mitigations to defend against threat actors exploiting Ivanti Connect Secure and Policy Secure Gateways vulnerabilities in Ivanti devices (CVE-2023-46805 and CVE-2024-21887). Threat actors are continuing to leverage vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways to capture credentials and/or drop webshells that enable further compromise of enterprise networks. Some threat actors have recently developed workarounds to current mitigations and detection methods and have been able to exploit weaknesses, move laterally, and escalate privileges without detection. CISA is aware of instances in which sophisticated threat actors have subverted the external integrity checker tool (ICT), further minimizing traces of their intrusion. If an organization has been running Ivanti Connect Secure (9.x and 22.x) and Policy Secure gateways over the last several weeks and/or continues to run these products, CISA recommends continuous threat hunting on any systems connected to—or recently connected to—the Ivanti device. Additionally, organizations should monitor authentication, account usage, and identity management services that could be exposed and isolate the system(s) from any enterprise resources as much as possible. After applying patches, when these become available, CISA recommends that organizations continue to hunt their network in order to detect any compromise that may have occurred before patches were implemented. This guidance supplements CISA’s previous guidance for mitigation and detection, which remains applicable. For previous guidance, see CISA Issues Emergency Directive on Ivanti Vulnerabilities and Ivanti Releases Security Update for Connect Secure and Policy Secure Gateways.
CISA Releases Eight Industrial Control Systems Advisories
Jan 30, 2024
CISA released eight Industrial Control Systems (ICS) advisories on January 30, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-030-01 Emerson Rosemount GC370XA, GC700XA, GC1500XA ICSA-24-030-02 Mitsubishi Electric FA Engineering Software Products ICSA-24-030-03 Mitsubishi Electric MELSEC WS Series Ethernet Interface Module ICSA-24-030-04 Hitron Systems Security Camera DVR ICSA-24-030-05 Rockwell Automation ControlLogix and GuardLogix ICSA-24-030-06 Rockwell Automation FactoryTalk Service Platform ICSA-24-030-07 Rockwell Automation LP30/40/50 and BM40 Operator Interface ICSA-23-208-03 Mitsubishi Electric CNC Series (Update E) CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations.
Juniper Networks Releases Security Bulletin for J-Web in Junos OS SRX Series and EX Series
Jan 29, 2024
Juniper Networks released a security bulletin to address multiple vulnerabilities for J-Web in Junos OS SRX Series and EX Series. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Juniper Bulletin JSA76390 and apply the necessary updates.
Guidance: Assembling a Group of Products for SBOM
Jan 26, 2024
Today, CISA published Guidance on Assembling a Group of Products created by the Software Bill of Materials (SBOM) Tooling & Implementation Working Group, one of the five SBOM community-driven workstreams facilitated by CISA. CISA’s community-driven working groups publish documents and reports to advance and refine SBOM and ultimately promote adoption. Specifically, software producers often need to assemble and test products together before releasing them to customers. These products may contain components that experience version changes over time, therefore creating a need to be tracked. This document serves as a guide for creating the build for SBOM assembled products. For more information on all things SBOM, please visit CISA’s Software Bill of Materials website.
CISA Releases Two Industrial Control Systems Advisories
Jan 25, 2024
CISA released two Industrial Control Systems (ICS) advisories on January 25, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-025-01 Opteev MachineSense FeverWarn ICSA-24-025-02 SystemK NVR 504/508/516 CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations.
Cisco Releases Security Advisory for Multiple Unified Communications and Contact Center Solutions Products
Jan 25, 2024
Cisco released a security advisory to address a vulnerability (CVE-2024-20253) affecting multiple Unified Communications Products. A cyber threat actor could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review the Cisco Unified Communications Products Remote Code Execution Vulnerability advisory and apply the necessary updates.
CISA Adds One Known Exploited Vulnerability to Catalog
Jan 24, 2024
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-22527 Atlassian Confluence Data Center and Server Template Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
Mozilla Releases Security Updates for Thunderbird and Firefox
Jan 24, 2024
Mozilla has released security updates to address vulnerabilities in Thunderbird and Firefox. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories and apply the necessary updates: Thunderbird 115.7 Firefox ESR 115.7 Firefox 122
CISA Joins ACSC-led Guidance on How to Use AI Systems Securely
Jan 23, 2024
CISA has collaborated with the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) on Engaging with Artificial Intelligence—joint guidance, led by ACSC, on how to use AI systems securely. The following organizations also collaborated with ACSC on the guidance: Federal Bureau of Investigation (FBI) National Security Agency (NSA) United Kingdom (UK) National Cyber Security Centre (NCSC-UK) Canadian Centre for Cyber Security (CCCS) New Zealand National Cyber Security Centre (NCSC-NZ) and CERT NZ Germany Federal Office for Information Security (BSI) Israel National Cyber Directorate (INCD) Japan National Center of Incident Readiness and Strategy for Cybersecurity (NISC) and the Secretariat of Science, Technology and Innovation Policy, Cabinet Office Norway National Cyber Security Centre (NCSC-NO) Singapore Cyber Security Agency (CSA) Sweden National Cybersecurity Center The guidance provides AI systems users with an overview of AI-related threats as well as steps that can help them manage AI-related risks while engaging with AI systems. The guidance covers the following AI-related threats: Data poisoning Input manipulation Generative AI hallucinations Privacy and intellectual property threats Model stealing and training data exfiltration Re-identification of anonymized data Note: This guidance is primarily for users of AI systems. CISA encourages developers of AI systems to review the recently published Guidelines for Secure AI System Development. To learn more about how CISA and our partners are addressing both the cybersecurity opportunities and risks associated with AI technologies, visit CISA.gov/AI.
Apple Releases Security Updates for Multiple Products
Jan 23, 2024
Apple has released security updates for iOS and iPadOS, macOS, watchOS, and tvOS. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Apple security release and apply the necessary updates: iOS 17.3 and iPadOS 17.3 iOS 16.7.5 and iPadOS 16.7.5 iOS 15.8.1 and iPadOS 15.8.1 macOS Sonoma 14.3 macOS Ventura 13.6.4 macOS Monterey 12.7.3 watchOS 10.3 tvOS 17.3
CISA Releases Six Industrial Control Systems Advisories
Jan 23, 2024
CISA released six Industrial Control Systems (ICS) advisories on January 23, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-023-01 APsystems Energy Communication Unit (ECU-C) Power Control Software ICSA-24-023-02 Crestron AM-300 ICSA-24-023-03 Voltronic Power ViewPower Pro ICSA-23-023-04 Westermo Lynx 206-F2G ICSA-24-023-05 Lantronix XPort ICSMA-24-023-01 Orthanc Osimis DICOM Web Viewer CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations.
CISA Adds One Known Exploited Vulnerability to Catalog
Jan 23, 2024
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-23222 Apple Multiple Products Type Confusion Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
CISA Adds One Known Exploited Vulnerability to Catalog
Jan 22, 2024
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-34048 VMware vCenter Server Out-of-Bounds Write Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
CISA Issues Emergency Directive on Ivanti Vulnerabilities
Jan 19, 2024
CISA has issued Emergency Directive (ED) 24-01 Mitigate Ivanti Connect Secure and Ivanti Policy Secure Vulnerabilities in response to active vulnerabilities in the following Ivanti products: Ivanti Connect Secure and Ivanti Policy Secure. ED 24-01 directs all Federal Civilian Executive Branch (FCEB) agencies running Ivanti Connect Secure and Ivanti Policy Secure to: Implement the mitigations as detailed in the ED. Report indications of compromise to CISA. Remove compromised products from agency networks and follow the ED’s comprehensive instructions for restoring and bringing the products back into service. Apply the updates to the products within 48 hours of Ivanti releasing the updates. Provide CISA with a report that includes: A complete inventory of all instances of Ivanti Connect Secure and Ivanti Policy Secure products on agency networks. Details on actions taken and results. Although this directive is only for FCEB agencies, CISA strongly encourages all organizations to address the vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure. For additional details, see CISA’s Alert, Ivanti Releases Security Update for Connect Secure and Policy Secure Gateways, which CISA will update with further mitigations and patches as these become available.
Oracle Releases Critical Patch Update Advisory for January 2024
Jan 18, 2024
Oracle released its Critical Patch Update Advisory for January 2024 to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Oracle’s January 2024 Critical Patch Update Advisory and apply the necessary updates.