US CERT Current Activity
WordPress Releases Security Update
May 13, 2021
Original release date: May 13, 2021WordPress versions between 3.7 and 5.7.1 are affected by a security vulnerability. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 5.7.2. This product is provided subject to this Notification and this Privacy & Use policy.
Adobe Releases Security Updates for Multiple Products
May 11, 2021
Original release date: May 11, 2021Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Adobe’s Security Bulletins and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Microsoft Releases May 2021 Security Updates
May 11, 2021
Original release date: May 11, 2021Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s May 2021 Security Update Summary and Deployment Information and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Citrix Releases Security Updates for Workspace App for Windows
May 11, 2021
Original release date: May 11, 2021Citrix has released security updates to address a vulnerability in Citrix Workspace App for Windows. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review Citrix Security Update CTX307794 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Juniper Networks Releases Security Updates
May 11, 2021
Original release date: May 11, 2021Juniper Networks has released security updates to address multiple vulnerabilities in various Juniper products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Juniper's 2021-05 Out-of-Cycle Security Bulletin and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Joint CISA-FBI Cybersecurity Advisory on DarkSide Ransomware
May 11, 2021
Original release date: May 11, 2021CISA and the Federal Bureau of Investigation (FBI) have released a Joint Cybersecurity Advisory (CSA) on a ransomware-as-a-service (RaaS) variant—referred to as DarkSide—recently used in a ransomware attack against a critical infrastructure (CI) company. Cybercriminal groups use DarkSide to gain access to a victim’s network to encrypt and exfiltrate data. These groups then threaten to expose data if the victim does not pay the ransom. Groups leveraging DarkSide have recently been targeting organizations across various CI sectors including manufacturing, legal, insurance, healthcare, and energy. Prevention is the most effective defense against ransomware. It is critical to follow best practices to protect against ransomware attacks, which can be devastating to an individual or organization and recovery may be a difficult process. In addition to the Joint CSA, CISA and FBI urge CI asset owners and operators to review the following resources for best practices on strengthening cybersecurity posture: CISA and Multi-State Information Sharing and Analysis Center: Joint Ransomware Guide CISA webpage: Ransomware Guidance and Resources CISA Insights: Ransomware Outbreak CISA Pipeline Cybersecurity Initiative CISA Pipeline Cybersecurity Resources Library Victims of ransomware should report it immediately to CISA, a local FBI Field Office, or a Secret Service Field Office. This product is provided subject to this Notification and this Privacy & Use policy.
Google Releases Security Updates for Chrome
May 11, 2021
Original release date: May 11, 2021Google has released Chrome version 90.0.4430.212 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Exim Releases Security Update
May 7, 2021
Original release date: May 7, 2021Exim has released a security update to address multiple vulnerabilities in Exim versions prior to 4.94.2. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Exim 4.94.2 update page and apply the necessary update. CISA also encourages users and administrators to review Center for Internet Security Advisory 2021-064 for more information. This product is provided subject to this Notification and this Privacy & Use policy.
Joint NCSC-CISA-FBI-NSA Cybersecurity Advisory on Russian SVR Activity
May 7, 2021
Original release date: May 7, 2021CISA has joined with the United Kingdom's National Cyber Security Centre (NCSC), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA), in releasing a Joint Cybersecurity Advisory on Russian Foreign Intelligence Service (SVR) tactics, techniques, and procedures. Further TTPs associated with SVR cyber actors provides additional details on SVR activity including exploitation activity following their initial compromise of SolarWinds Orion software supply chain. CISA has also released Fact Sheet: Russian SVR Activities Related to SolarWinds Compromise that provides summaries of three key joint publications that focus on SVR activities related to the SolarWinds Orion supply chain compromise. CISA strongly encourages users and administrators to review the joint advisory as well as the other two advisories summarized on the fact sheet for mitigation strategies to aid organizations in securing their networks against Russian SVR activity. This product is provided subject to this Notification and this Privacy & Use policy.
Cisco Releases Security Updates for Multiple Products
May 6, 2021
Original release date: May 6, 2021Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. CISA encourages users and administrators to review the following Cisco advisories and apply the necessary updates: • Cisco SD-WAN vManage Software Vulnerabilities cisco-sa-sd-wan-vmanage-4TbynnhZ • Cisco HyperFlex HX Command Injection Vulnerabilities cisco-sa-hyperflex-rce-TjjNrkpR • Cisco SD-WAN Software vDaemon Denial of Service Vulnerability cisco-sa-sdwan-dos-Ckn5cVqW • Cisco SD-WAN vEdge Software Buffer Overflow Vulnerabilities cisco-sa-sdwan-buffover-MWGucjtO • Cisco SD-WAN vManage Software Authentication Bypass Vulnerability cisco-sa-sdw-auth-bypass-65aYqcS2 • Cisco Small Business 100, 300, and 500 Series Wireless Access Points Vulnerabilities cisco-sa-sb-wap-multi-ZAfKGXhF • Cisco Enterprise NFV Infrastructure Software Command Injection Vulnerability cisco-sa-nfvis-cmdinj-DkFjqg2j • Cisco Unified Communications Manager IM & Presence Service SQL Injection Vulnerabilities cisco-sa-imp-inj-ereCOKjR • Cisco AnyConnect Secure Mobility Client for Windows DLL and Executable Hijacking Vulnerabilities cisco-sa-anyconnect-code-exec-jR3tWTA6 This product is provided subject to this Notification and this Privacy & Use policy.
Mozilla Releases Security Updates for Firefox
May 6, 2021
Original release date: May 6, 2021Mozilla has released security updates to address vulnerabilities in Firefox. An attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Mozilla Security Advisory for Firefox 88.0.1 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
VMware Releases Security Update
May 6, 2021
Original release date: May 6, 2021VMware has released a security update to address a vulnerability in VMware vRealize Business for Cloud. A remote attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory VMSA-2021-0007 and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.
CISA Releases Analysis Reports on New FiveHands Ransomware
May 6, 2021
Original release date: May 6, 2021CISA is aware of a recent, successful cyberattack against an organization using a new ransomware variant, known as FiveHands, that has been used to successfully conduct a cyberattack against an organization. CISA has released AR21-126A: FiveHands Ransomware and MAR-10324784-1.v1: FiveHands Ransomware to provide analysis of the threat actor’s tactics, techniques, and procedures as well as indicators of compromise (IOCs). These reports also provide CISA’s recommended mitigations for strengthening networks to protect against, detect, and respond to potential FiveHands ransomware attacks. CISA encourages organizations to review AR21-126A and MAR-10324784.r1.v1 for more information. This product is provided subject to this Notification and this Privacy & Use policy.
Apple Releases Security Updates
May 4, 2021
Original release date: May 4, 2021Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected device. CISA encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates. macOS Big Sur 11.3.1 iOS 14.5.1 and iPadOS 14.5.1 iOS 12.5.3 watchOS 7.4.1 This product is provided subject to this Notification and this Privacy & Use policy.
Ivanti Releases Pulse Secure Security Update
May 3, 2021
Original release date: May 3, 2021Ivanti has released a security update to address vulnerabilities affecting Pulse Connect Secure (PCS) software outlined in CVE-2021-22893. An attacker could exploit these vulnerabilities to gain system access and take control of an affected system. In response, CISA released AA21-110A: Exploitation of Pulse Connect Secure Vulnerabilities on April 20 and added detection information on April 30. CISA strongly encourages customers using Ivanti Pulse Connect Secure appliances to review the blog post and apply the necessary updates. For additional information, CISA recommends reviewing the following resources and tools below. CISA Alert AA21-110A: Exploitation of Pulse Connect Secure Vulnerabilities Pulse Security Integrity Checker Tool This product is provided subject to this Notification and this Privacy & Use policy.
Codecov Releases New Detections for Supply Chain Compromise
Apr 30, 2021
Original release date: April 30, 2021CISA is aware of a compromise of the Codecov software supply chain in which a malicious threat actor made unauthorized alterations of Codecov’s Bash Uploader script, beginning on January 31, 2021. Upon discovering the compromise on April 1, 2021, Codecov immediately remediated the affected script. On April 15, 2021, Codecov notified customers of the compromise and on April 29, 2021, Codecov released an update containing new detections—including indicators of compromise (IOCs) and a non-exhaustive data set of likely compromised environment variables—to assist organizations in determining whether they have been affected. CISA urges all Codecov users to review the Codecov update and: Search for the IOCs provided. Log in to Codecov to see any additional information specific to their organization and repositories. Affected users should immediately implement the guidance in the Recommended Actions for Affected Users and FAQ sections of Codecov’s update. CISA recommends giving special attention to Codecov’s guidance on changing (“re-rolling”) potentially affected credentials, tokens, and keys. CISA also recommends revoking and reissuing any potentially affected certificates. This product is provided subject to this Notification and this Privacy & Use policy.
Samba Releases Security Updates
Apr 30, 2021
Original release date: April 30, 2021The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Samba Security Announcements for CVE-2021-20254 and apply the necessary updates and workarounds. This product is provided subject to this Notification and this Privacy & Use policy.
CISA Updates Alert on Pulse Connect Secure
Apr 30, 2021
Original release date: April 30, 2021CISA has updated Alert AA21-110A: Exploitation of Pulse Connect Secure Vulnerabilities, originally released April 20. This update adds a new Detection section providing information on Impossible Travel and Transport Layer Security (TLS) Fingerprinting that may be useful in identifying malicious activity. CISA encourages users and administrators to review the following resources for more information: AA21-110A: Exploitation of Pulse Connect Secure Vulnerabilities Emergency Directive 21-03: Mitigate Pulse Connect Secure Product Vulnerabilities This product is provided subject to this Notification and this Privacy & Use policy.
CISA Releases ICS Advisory on Real-Time Operating System Vulnerabilities
Apr 29, 2021
Original release date: April 29, 2021CISA has released Industrial Control Systems Advisory ICSA-21-119-04 Multiple RTOS to provide notice of multiple vulnerabilities found in real-time operating systems (RTOS) and supporting libraries. Successful exploitation of these vulnerabilities could result in unexpected behavior such as a crash or a remote code injection/execution. CISA encourages users and administrators to review the ICS Advisory for mitigation recommendations and available updates. This product is provided subject to this Notification and this Privacy & Use policy.
Cisco Releases Security Updates for Multiple Products
Apr 29, 2021
Original release date: April 29, 2021Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit one of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. CISA encourages users and administrators to review the following Cisco advisories and apply the necessary updates: Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Buffer Overflow Denial of Service Vulnerability cisco-sa-memc-dos-fncTyYKG Cisco Firepower Threat Defense Software SSL Decryption Policy Denial of Service Vulnerability isco-sa-ftd-ssl-decrypt-dos-DdyLuK6c Cisco Firepower Threat Defense Software Command Injection Vulnerability cisco-sa-ftd-cmdinj-vWY5wqZT Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services VPN Denial of Service Vulnerabilities cisco-sa-asa-ftd-vpn-dos-fpBcpEcD Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software SIP Denial of Service Vulnerability cisco-sa-asa-ftd-sipdos-GGwmMerC This product is provided subject to this Notification and this Privacy & Use policy.
