Feed aggregator
Cisco Releases Security Updates for Multiple Products
Mar 28, 2024
Cisco released security updates to address vulnerabilities in Cisco IOS, IOS XE, and AP software. A cyber threat actor could exploit some of these vulnerabilities to cause a denial-of-service. CISA encourages users and administrators to review the following advisories and apply the necessary updates: Cisco Event Response: March 2024 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication Cisco Access Point Software Secure Boot Bypass Vulnerability Cisco Access Point Software Denial of Service Vulnerability
Apple Released Security Updates for Safari and macOS
Mar 27, 2024
Apple released security updates to address a vulnerability (CVE-2024-1580) in Safari and macOS. A cyber threat actor could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review the following advisories and apply the necessary updates: Safari 17.4.1 macOS Sonoma 14.4.1 macOS Ventura 13.6.6
CISA Releases Four Industrial Control Systems Advisories
Mar 26, 2024
CISA released four Industrial Control Systems (ICS) advisories on March 26, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-086-01 Automation-Direct C-MORE EA9 HMI ICSA-24-086-02 Rockwell Automation PowerFlex 527 ICSA-24-086-03 Rockwell Automation Arena Simulation ICSA-24-086-04 Rockwell Automation FactoryTalk View ME CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations.
CISA Adds One Known Exploited Vulnerability to Catalog
Mar 26, 2024
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-24955 Microsoft SharePoint Server Code Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
CISA Adds Three Known Exploited Vulnerabilities to Catalog
Mar 25, 2024
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-48788 Fortinet FortiClient EMS SQL Injection Vulnerability CVE-2021-44529 Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) Code Injection Vulnerability CVE-2019-7256 Nice Linear eMerge E3-Series OS Command Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
CISA and FBI Release Secure by Design Alert to Urge Manufacturers to Eliminate SQL Injection Vulnerabilities
Mar 25, 2024
Today, CISA and the Federal Bureau of Investigation (FBI) released a joint Secure by Design Alert, Eliminating SQL Injection Vulnerabilities in Software. This Alert was crafted in response to a recent, well-publicized exploitation of SQL injection (SQLi) defects in a managed file transfer application that impacted thousands of organizations. Additionally, the Alert highlights the prevalence of this class of vulnerability. Despite widespread knowledge and documentation of SQLi vulnerabilities over the past two decades, along with the availability of effective mitigations, software manufacturers continue to develop products with this defect, which puts many customers at risk. CISA and the FBI urge senior executives at technology manufacturing companies to mount a formal review of their code to determine its susceptibility to SQLi compromises. If found vulnerable, senior executives should ensure their organizations’ software developers begin immediate implementation of mitigations to eliminate this entire class of defect from all current and future software products. For more information on recommended principles and best practices to achieve this goal, visit CISA’s Secure by Design page. To catch up on the publications in this series, visit Secure by Design Alerts.
Ivanti Releases Security Updates for Neurons for ITSM and Standalone Sentry
Mar 21, 2024
Ivanti has released security advisories to address vulnerabilities in Ivanti Neurons for ITSM and Standalone Sentry. A cyber threat actor could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Ivanti advisories and apply the necessary updates: CVE-2023-46808 (Authenticated Remote File Write) for Ivanti Neurons for ITSM CVE-2023-41724 (Remote Code Execution) for Ivanti Standalone Sentry
CISA Releases One Industrial Control Systems Advisory
Mar 21, 2024
CISA released one Industrial Control Systems (ICS) advisory on March 21, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-081-01 Advantech WebAccess/SCADA CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations.
CISA, FBI, and MS-ISAC Release Update to Joint Guidance on Distributed Denial-of-Service Techniques
Mar 21, 2024
Today, CISA, the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released an updated joint guide, Understanding and Responding to Distributed Denial-Of-Service Attacks, to address the specific needs and challenges faced by organizations in defending against DDoS attacks. The guidance now includes detailed insight into three different types of DDoS techniques: Volumetric, attacks aiming to consume available bandwidth. Protocol, attacks which exploit vulnerabilities in network protocols. Application, attacks targeting vulnerabilities in specific applications or running services. CISA, FBI, and MS-ISAC urge network defenders and leaders of critical infrastructure organizations to read the guidance provided to defend against this threat. For more actionable recommendations, best practices, and operational insights designed to address common challenges, visit CISA’s Capacity Enhancement Guides for Federal Agencies page.
CISA and Partners Release Joint Fact Sheet for Leaders on PRC-sponsored Volt Typhoon Cyber Activity
Mar 19, 2024
Today, CISA, the National Security Agency (NSA), Federal Bureau of Investigation (FBI), and other U.S. and international partners are issuing a joint fact sheet, People’s Republic of China State-Sponsored Cyber Activity: Actions for Critical Infrastructure Leaders. Partners of this publication include: U.S. Department of Energy (DOE) U.S. Environmental Protection Agency (EPA) U.S. Transportation Security Administration (TSA) U.S. Department of Treasury Australian Signals Directorate’s (ASD’s) Australian Cyber Security Centre (ACSC) Canadian Centre for Cyber Security (CCCS) a part of the Communications Security Establishment (CSE) United Kingdom’s National Cyber Security Centre (NCSC-UK) New Zealand’s National Cyber Security Centre (NCSC-NZ) The U.S. authoring agencies assess that the PRC-sponsored advanced persistent threat group known as “Volt Typhoon” are seeking to pre-position themselves—using living off the land (LOTL) techniques—on IT networks for disruptive or destructive cyber activity against U.S. critical infrastructure in the event of a major crisis or conflict with the United States. The fact sheet warns critical infrastructure leaders of the urgent risk posed by Volt Typhoon and provides guidance on specific actions to prioritize the protection of their organization from this threat activity. CISA and its partners strongly urge critical infrastructure organizations leaders to read the guidance provided in the joint fact sheet to defend against this threat. For more information on Volt Typhoon related activity, see PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure alongside supplemental Joint Guidance: Identifying and Mitigating Living off the Land Techniques. To learn more about secure by design principles and practices, visit Secure by Design.
CISA Releases One Industrial Control Systems Advisory
Mar 19, 2024
CISA released one Industrial Control Systems (ICS) advisory on March 19, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-079-01 Franklin Fueling System EVO 550/5000 CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations.
Repository for Software Attestation and Artifacts Now Live
Mar 18, 2024
Software producers who partner with the federal government can now upload their Secure Software Development Attestation Forms to CISA's Repository for Software Attestation and Artifacts. Software producers that provide the government software can fill out the form to attest to implementation of specific security practices. CISA and the Office of Management and Budget (OMB) released the form on March 11, 2024, following extensive stakeholder and industry engagement. See the recent blog post from Federal CISO and Deputy National Cyber Director Chris DeRusha and CISA Executive Assistant Director for Cybersecurity Eric Goldstein for additional information.
Cisco Releases Security Updates for IOS XR Software
Mar 14, 2024
Cisco released security updates to address vulnerabilities in Cisco IOS XR software. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected device. CISA encourages users and administrators to review the following advisories and apply the necessary updates: Cisco IOS XR Software for ASR 9000 Series Aggregation Services Routers PPPoE Denial of Service Vulnerability Cisco IOS XR Software SSH Privilege Escalation Vulnerability Cisco IOS XR Software Layer 2 Services Denial of Service Vulnerability
CISA Releases Fifteen Industrial Control Systems Advisories
Mar 14, 2024
CISA released fifteen Industrial Control Systems (ICS) advisories on March 14, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-074-01 Siemens SENTRON 7KM PAC3x20 ICSA-24-074-02 Siemens Solid Edge ICSA-24-074-03 Siemens SINEMA Remote Connect Server ICSA-24-074-04 Siemens SINEMA Remote Connect Client ICSA-24-074-05 Siemens RUGGEDCOM APE1808 ICSA-24-074-06 Siemens SENTRON ICSA-24-074-07 Siemens SIMATIC ICSA-24-074-08 Siemens SCALANCE XB-200/XC-200/XP-200/XF-200BA/XR-300WG Family ICSA-24-074-09 Siemens Sinteso EN Cerberus PRO EN Fire Protection Systems ICSA-24-074-10 Siemens Siveillance Control ICSA-24-074-11 Siemens RUGGEDCOM APE1808 with Fortigate NGFW Devices ICSA-24-074-12 Delta Electronics DIAEnergie ICSA-24-074-13 Softing edgeConnector ICSA-24-074-14 Mitsubishi Electric MELSEC-Q/L Series ICSA-23-143-03 Mitsubishi Electric MELSEC Series CPU module (Update C) CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations.
Adobe Releases Security Updates for Multiple Products
Mar 12, 2024
Adobe released security updates to address multiple vulnerabilities in Adobe software. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates: Adobe Experience Manager Adobe Premiere Pro Adobe ColdFusion Adobe Bridge Adobe Lightroom Adobe Animate
Microsoft Releases Security Updates for Multiple Products
Mar 12, 2024
Microsoft has released security updates to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following and apply the necessary updates: Microsoft Security Update Guide for March
CISA Releases One Industrial Control Systems Advisory
Mar 12, 2024
CISA released one Industrial Control Systems (ICS) advisory on March 12, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-072-01 Schneider Electric EcoStruxure Power Design CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations.
Fortinet Releases Security Updates for Multiple Products
Mar 12, 2024
Fortinet released security updates to address vulnerabilities in multiple Fortinet products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories and apply necessary updates: FR-IR-23-390: FortiClientEMS - CSV injection in log download feature FR-IR-23-328: FortiOS, FortiProxy - Out-of-bounds Write in captive portal FR-IR-24-013: FortiOS, FortiProxy - Authorization bypass in SSLVPN bookmarks FR-IR-23-103: FortiWLM MEA for FortiManager - Improper access control in backup and restore features FR-IR-24-007: Pervasive SQL injection in DAS component
CISA Publishes SCuBA Hybrid Identity Solutions Guidance
Mar 12, 2024
CISA has published Secure Cloud Business Applications (SCuBA) Hybrid Identity Solutions Guidance (HISG) to help users better understand identity management capabilities and securely integrate their traditional on-premises enterprise networks with cloud-based solutions. This initial publication reflects feedback gathered during its 2023 draft public comment period. CISA encourages users to review and implement this solutions guidance as appropriate for their individual organizations. HISG is the latest resource released by CISA’s SCuBA project. In accordance with Executive Order 14028, CISA’s SCuBA project aims to develop consistent, effective, modern, and manageable security that will help secure organizations’ information assets stored within cloud environments. Visit CISA’s SCuBA project page for more information.
Apple Released Security Updates for Multiple Products
Mar 8, 2024
Apple released security updates to address vulnerabilities in Safari, macOS, watchOS, tvOS, and visionOS. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories and apply the necessary updates: Safari 17.4 macOS Sonoma 14.4 macOS Ventura 13.6.5 macOS Monterey 12.7.4 watchOS 10.4 tvOS 17.4 visionOS 1.1
