US CERT Current Activity
CISA Adds One Known Exploited Vulnerability to Catalog
Sep 28, 2023
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-14667 Red Hat JBoss RichFaces Framework Expression Language Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view other newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column—which will sort by descending dates. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
CISA Releases Three Industrial Control Systems Advisories
Sep 28, 2023
CISA released three Industrial Control Systems (ICS) advisories on September 28, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-271-01 Rockwell Automation PanelView 800 ICSA-23-271-02 DEXMA DexGate ICSA-23-143-02 Hitachi Energy’s RTU500 Series Product (UPDATE A) CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations.
Mozilla Releases Security Advisories for Thunderbird and Firefox
Sep 27, 2023
Mozilla has released security updates to address vulnerabilities for Thunderbird 115.3, Firefox ESR 115.3, and Firefox 118. A cyber threat actor could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Mozilla security advisories for Thunderbird 115.3, Firefox ESR 115.3 and Firefox 118 for more information and apply the necessary updates.
NSA, FBI, CISA, and Japanese Partners Release Advisory on PRC-Linked Cyber Actors
Sep 27, 2023
Today, the U.S. National Security Agency (NSA), Federal Bureau of Investigation (FBI), and Cybersecurity and Infrastructure Security Agency (CISA), along with the Japan National Police Agency (NPA) and the Japan National Center of Incident Readiness and Strategy for Cybersecurity (NISC) released joint Cybersecurity Advisory (CSA) People's Republic of China-Linked Cyber Actors Hide in Router Firmware. The CSA details activity by cyber actors, known as BlackTech, linked to the People’s Republic of China (PRC). The advisory provides BlackTech tactics, techniques, and procedures (TTPs) and urges multinational corporations to review all subsidiary connections, verify access, and consider implementing zero trust models to limit the extent of a potential BlackTech compromise. BlackTech has demonstrated capabilities in modifying router firmware without detection and exploiting routers’ domain-trust relationships to pivot from international subsidiaries to headquarters in Japan and the United States, which are the primary targets. CISA strongly recommends organizations review the advisory and implement the detection and mitigation techniques described to protect devices and networks. For additional guidance, see People’s Republic of China State-Sponsored Cyber Actors Exploit Network Providers and Devices and visit CISA’s China Cyber Threat Overview and Advisories page.
CISA Releases Six Industrial Control Systems Advisories
Sep 26, 2023
CISA released six Industrial Control Systems (ICS) advisories on September 26, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-269-01 Suprema BioStar 2 ICSA-23-269-02 Hitachi Energy Asset Suite 9 ICSA-23-269-03 Mitsubishi Electric FA Engineering Software ICSA-23-269-04 Advantech EKI-1524-CE series ICSA-23-269-05 Baker Hughes Bently Nevada 3500 ICSA-23-024-02 SOCOMEC MODULYS GP (UPDATE A) CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations.
CISA Adds Three Known Exploited Vulnerabilities to Catalog
Sep 25, 2023
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-41991 Apple Multiple Products Improper Certificate Validation Vulnerability CVE-2023-41992 Apple Multiple Products Kernel Privilege Escalation Vulnerability CVE-2023-41993 Apple Multiple Products WebKit Code Execution Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view other newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column—which will sort by descending dates. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
Apple Releases Security Updates for Multiple Products
Sep 22, 2023
Apple has released security updates to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected device. CISA encourages users and administrators to review the following advisories and apply the necessary updates. iOS 17.0.1 and iPadOS 17.0.1 iOS 16.7 and iPadOS 16.7 watchOS 10.0.1 watchOS 9.6.3 Safari 16.6.1 macOS Ventura 13.6 macOS Monterey 12.7
CISA Adds One Known Exploited Vulnerability to Catalog
Sep 21, 2023
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-41179 Trend Micro Apex One and Worry-Free Business Security Remote Code Execution Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view other newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column—which will sort by descending dates. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
Atlassian Releases September Security Bulletin
Sep 21, 2023
Atlassian has released its security bulletin for September 2023 to address vulnerabilities in multiple products. A malicious cyber actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Atlassian’s September 2023 Security Bulletin and apply the necessary updates.
Drupal Releases Security Advisory to Address Vulnerability in Drupal Core
Sep 21, 2023
Drupal has released a security advisory to address a vulnerability affecting multiple Drupal versions. A malicious cyber actor could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review Drupal security advisory SA-CORE- 2023-006 for more information and apply the necessary updates.
CISA Releases Six Industrial Control Systems Advisories
Sep 21, 2023
CISA released six Industrial Control Systems (ICS) advisories on September 21, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-264-01 Real Time Automation 460 Series ICSA-23-264-02 Siemens Spectrum Power 7 ICSA-23-264-03 Delta Electronics DIAScreen ICSA-23-264-04 Rockwell Automation Select Logix Communication Modules ICSA-23-264-05 Rockwell Automation Connected Components Workbench ICSA-23-264-06 Rockwell Automation FactoryTalk View Machine Edition CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations.
ISC Releases Security Advisories for BIND 9
Sep 21, 2023
The Internet Systems Consortium (ISC) has released security advisories to address vulnerabilities affecting ISC’s Berkeley Internet Name Domain (BIND) 9. A malicious cyber actor could exploit these vulnerabilities to cause denial-of-service conditions. CISA encourages users and administrators to review the following ISC advisories and apply necessary updates or workarounds: CVE-2023-4236: named may terminate unexpectedly under high DNS-over-TLS query load CVE-2023-3341: A stack exhaustion flaw in control channel code may cause named to terminate unexpectedly
FBI and CISA Release Advisory on Snatch Ransomware
Sep 20, 2023
Today, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released joint Cybersecurity Advisory (CSA) #StopRansomware: Snatch Ransomware, which provides indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) associated with the Snatch ransomware variant. FBI investigations identified these IOCs and TTPs as recently as June 1, 2023. Snatch threat actors operate a ransomware-as-a-service (RaaS) model and change their tactics according to current cybercriminal trends and successes of other ransomware operations. FBI and CISA encourage organizations review the joint CSA for recommended steps and best practices to reduce the likelihood and impact of Snatch ransomware incidents. For general ransomware guidance, visit StopRansomware.gov, which provides resources, including the updated Joint #StopRansomware Guide. To report incidents and anomalous activity, contact a local FBI field office or CISA, either through the agency’s Incident Reporting System or the 24/7 Operations Center at report@cisa.gov or (888) 282-0870.
CISA Releases Four Industrial Control Systems Advisories
Sep 19, 2023
CISA released four Industrial Control Systems (ICS) advisories on September 19, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-262-01 Siemens SIMATIC PCS neo Administration Console ICSA-23-262-03 Omron Engineering Software Zip-Slip ICSA-23-262-04 Omron Engineering Software ICSA-23-262-05 Omron CJ/CS/CP Series CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations.
CISA Adds One Known Exploited Vulnerability to Catalog
Sep 19, 2023
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-28434 MinIO Security Feature Bypass Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view other newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column—which will sort by descending dates. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
CISA Adds Eight Known Exploited Vulnerabilities to Catalog
Sep 18, 2023
CISA has added eight new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2022-22265 Samsung Mobile Devices Use-After-Free Vulnerability CVE-2014-8361 Realtek SDK Improper Input Validation Vulnerability CVE-2017-6884 Zyxel EMG2926 Routers Command Injection Vulnerability CVE-2021-3129 Laravel Ignition File Upload Vulnerability CVE-2022-31459 Owl Labs Meeting Owl Inadequate Encryption Strength Vulnerability CVE-2022-31461 Owl Labs Meeting Owl Missing Authentication for Critical Function Vulnerability CVE-2022-31462 Owl Labs Meeting Owl Use of Hard-coded Credentials Vulnerability CVE-2022-31463 Owl Labs Meeting Owl Improper Authentication Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view other newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column—which will sort by descending dates. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
CISA Releases Continuous Diagnostics and Mitigation Program: Identity, Credential, and Access Management (ICAM) Reference Architecture
Sep 15, 2023
Today, CISA released the Continuous Diagnostics and Mitigation Program: Identity, Credential, and Access Management (ICAM) Reference Architecture to help federal civilian departments and agencies integrate their identity and access management (IDAM) capabilities into their ICAM architectures. Prior to this release, there was no singular, authoritative, and recognized reference for architecting an ICAM capability across an enterprise. This publication provides: a description of the federal ICAM practice area, including how ICAM services and components implement ICAM use cases, a description of related CDM capabilities, an introduction to federation services, and a high-level notional physical implementation. In addition, it explores zero trust architecture and illustrates how ICAM and CDM help enable it. CISA encourages federal departments and agencies to use this publication to create their most robust and effective ICAM capability. CISA’s Continuous Diagnostics and Mitigation Program web page offers additional resources.
Fortinet Releases Security Updates for Multiple Products
Sep 15, 2023
Fortinet has released security updates to address vulnerabilities (CVE-2023-29183 and CVE-2023-34984) affecting FortiOS, FortiProxy, and FortiWeb. A cyber threat actor can exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Fortinet security advisories (FG-IR-23-106 and FG-IR-23-068) and apply the necessary updates.
CISA Releases Seven Industrial Control Systems Advisories
Sep 14, 2023
CISA released seven Industrial Control Systems (ICS) advisories on September 14, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-257-01 Siemens SIMATIC, SIPLUS Products ICSA-23-257-02 Siemens Parasolid ICSA-23-257-03 Siemens QMS Automotive ICSA-23-257-04 Siemens RUGGEDCOM APE1808 Product ICSA-23-257-05 Siemens SIMATIC IPCs ICSA-23-257-06 Siemens WIBU Systems CodeMeter ICSA-23-257-07 Rockwell Automation Pavilion8 CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations.
CISA Adds One Known Vulnerability to Catalog
Sep 14, 2023
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-26369 Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view other newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column—which will sort by descending dates. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
