US CERT Current Activity
CISA Announces Vulnerability Disclosure Policy (VDP) Platform
Jul 30, 2021
Original release date: July 30, 2021CISA has announced the establishment of its Vulnerability Disclosure Policy (VDP) Platform for the federal civilian enterprise, which will allow the Federal Civilian Executive Branch to coordinate with the civilian security research community in a streamlined fashion. The VDP Platform provides a single, centrally managed website that agencies can leverage as the primary point of entry for intaking, triaging, and routing vulnerabilities disclosed by researchers. It enables researchers and members of the general public to find vulnerabilities in agency websites and submit reports for analysis. This new platform allows agencies to gain greater insights into potential vulnerabilities, which will improve their cybersecurity posture. This approach also means agencies no longer need to develop separate systems to enable vulnerability reporting and triage of identified vulnerabilities, providing government-wide cost savings that CISA estimates at over $10 million. For more details, see the blog post by CISA’s Executive Assistant Director for Cybersecurity, Eric Goldstein. This product is provided subject to this Notification and this Privacy & Use policy.
NSA Releases Guidance on Securing Wireless Devices While in Public
Jul 30, 2021
Original release date: July 30, 2021The National Security Agency (NSA) has released an information sheet with guidance on securing wireless devices while in public for National Security System, Department of Defense, and Defense Industrial Base teleworkers, as well as the general public. This information sheet provides information on malicious techniques used by cyber actors to target wireless devices and ways to protect against it. CISA encourages organization leaders, administrators, and users to review NSA’s guidance on Securing Wireless Devices in Public Settings and CISA’s Security Tip on Privacy and Mobile Device Apps for information on protecting devices and data. This product is provided subject to this Notification and this Privacy & Use policy.
Top Routinely Exploited Vulnerabilities
Jul 28, 2021
Original release date: July 28, 2021CISA, the Australian Cyber Security Centre (ACSC), the United Kingdom’s National Cyber Security Centre (NCSC), and the U.S. Federal Bureau of Investigation (FBI) have released the Joint Cybersecurity Advisory Top Routinely Exploited Vulnerabilities, which details the top vulnerabilities routinely exploited by malicious actors in 2020 and those being widely exploited thus far in 2021. CISA encourages users and administrators to review the Joint Cybersecurity Advisory for information on assessing and remediating vulnerabilities as quickly as possible to reduce the risk of exploitation. This product is provided subject to this Notification and this Privacy & Use policy.
CISA Releases Security Advisory for Geutebruck Devices
Jul 27, 2021
Original release date: July 27, 2021CISA has released an Industrial Control Systems (ICS) advisory detailing multiple vulnerabilities in multiple Geutebruck G-CAM E2 series devices and Encoder G-Code versions. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the ICS Advisory ICSA-21-208-03 Geutebruck G-Cam E2 and G-Code and apply the necessary updates and workarounds This product is provided subject to this Notification and this Privacy & Use policy.
Apple Releases Security Updates
Jul 27, 2021
Original release date: July 27, 2021Apple has released security updates to address a vulnerability in multiple products. An attacker could exploit this vulnerability to take control of an affected device. CISA encourages users and administrators to review the security update page for the following products and apply the necessary updates: MacOS Big Sur 11.5.1 iOS 14.7.1 and iPadOS 14.7.1 This product is provided subject to this Notification and this Privacy & Use policy.
Microsoft Releases Guidance for Mitigating PetitPotam NTLM Relay Attacks
Jul 27, 2021
Original release date: July 27, 2021On July 23, Microsoft released KB5005413: Mitigating NTLM Relay Attacks on Active Directory Certificate Services (AD CS) to address a NTLM Relay Attack named PetitPotam. CISA encourages users and administrators to review KB5005413 and apply the necessary mitigations. This product is provided subject to this Notification and this Privacy & Use policy.
Cisco Releases Security Updates
Jul 22, 2021
Original release date: July 22, 2021Cisco has released security updates to address multiple vulnerabilities in Intersight Virtual Appliance. An attacker could exploit these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. CISA encourages users and administrators to review Cisco Advisory cisco-sa-ucsi2-iptaclbp-L8Dzs8m8 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Drupal Releases Security Updates
Jul 22, 2021
Original release date: July 22, 2021Drupal has released security updates to address a critical third-party-library vulnerability that could affect Drupal 7, 8.9, 9.1, and 9.2. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review the Drupal security advisory and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
2021 CWE Top 25 Most Dangerous Software Weaknesses
Jul 21, 2021
Original release date: July 21, 2021The Homeland Security Systems Engineering and Development Institute, sponsored by the Department of Homeland Security and operated by MITRE, has released the 2021 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses list. The Top 25 uses data from the National Vulnerability Database (NVD) to compile the most frequent and critical errors that can lead to serious vulnerabilities in software. An attacker can often exploit these vulnerabilities to take control of an affected system, obtain sensitive information, or cause a denial-of-service condition. CISA encourages users and administrators to review the Top 25 list and evaluate recommended mitigations to determine those most suitable to adopt. This product is provided subject to this Notification and this Privacy & Use policy.
Malware Targeting Pulse Secure Devices
Jul 21, 2021
Original release date: July 21, 2021As part of CISA’s ongoing response to Pulse Secure compromises, CISA has analyzed 13 malware samples related to exploited Pulse Secure devices. CISA encourages users and administrators to review the following 13 malware analysis reports (MARs) for threat actor techniques, tactics, and procedures (TTPs) and indicators of compromise (IOCs) and to review CISA’s Alert Exploitation of Pulse Connect Secure Vulnerabilities for more information. MARS: MAR-10333209-1.v1: Pulse Connect Secure MAR-10333243-1.v1: Pulse Connect Secure MAR-10334057-1.v1: Pulse Connect Secure MAR-10334057-2.v1: Pulse Connect Secure MAR-10334587-1.v1: Pulse Connect Secure MAR-10334587-2.v1: Pulse Connect Secure MAR-10335467-1.v1: Pulse Connect Secure MAR-10336161-1.v1: Pulse Connect Secure MAR-10336935-1.v1: Pulse Connect Secure MAR-10337580-1.v1: Pulse Connect Secure MAR-10337580-2.v1: Pulse Connect Secure MAR-10338401-1.v1: Pulse Connect Secure MAR-10338868-1.v1: Pulse Connect Secure This product is provided subject to this Notification and this Privacy & Use policy.
Adobe Releases Security Updates for Multiple Products
Jul 21, 2021
Original release date: July 21, 2021Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates: APSB21-63 Photoshop APSB21-62 Audition APSB21-59 Character Animator APSB21-58 Prelude APSB21-56 Premiere Pro APSB21-54 After Effects APSB21-43 Media Encoder This product is provided subject to this Notification and this Privacy & Use policy.
Apple Releases Security Updates
Jul 21, 2021
Original release date: July 21, 2021Apple has released security updates to address vulnerabilities in Safari 14.1.2 and iOS 14.7. CISA encourages users and administrators to review the Apple security updates page and apply the necessary updates when available. This product is provided subject to this Notification and this Privacy & Use policy.
Google Releases Security Updates for Chrome
Jul 21, 2021
Original release date: July 21, 2021Google has released Chrome version 92.0.4515.107 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Significant Historical Cyber-Intrusion Campaigns Targeting ICS
Jul 20, 2021
Original release date: July 20, 2021Protecting our Nation’s critical infrastructure is the responsibility of federal and state, local, tribal, and territorial (SLTT) governments and owners and operators of that infrastructure. The cybersecurity threats posed to the industrial control systems (ICS) that control and operate critical infrastructure are among the most significant and growing issues confronting our Nation. To raise awareness of the risks to—and improve the cyber protection of—critical infrastructure, CISA and the Federal Bureau of Investigation (FBI) have released a Joint Cybersecurity Advisory as well as updates to five alerts and advisories. These alerts and advisories contain information on historical cyber-intrusion campaigns that have targeted ICS: Joint CISA-FBI Cybersecurity Advisory (CSA): AA21-201A: Gas Pipeline Intrusion Campaign, 2011-2013 Note: CISA released the initial version of this publication to affected stakeholders in 2012. ICS Joint Security Awareness Report: JSAR-12-241-01B: Shamoon/DistTrack Malware (Update B) ICS Advisory: ICSA-14-178-01: ICS Focused Malware – Havex ICS Alert: ICS-ALERT-14-281-01E: Ongoing Sophisticated Malware Campaign Compromising ICS (Update E) ICS Alert: IR-ALERT-H-16-056-01: Cyber-Attack Against Ukrainian Critical Infrastructure Technical Alert: TA17-163A: CrashOverride Malware CISA urges critical infrastructure owners and operators to review the publications listed above and apply the mitigations in Joint CISA-FBI CSA AA21-201A: Gas Pipeline Intrusion Campaign, 2011-2013. CISA also encourages owners and operators to review AR-17-20045: Enhanced Analysis of Malicious Cyber Activity. These products contain threat actor tactics, techniques, and procedures (TTPs); technical indicators; and forensic analysis that critical infrastructure owners and operators can use to reduce their organizations’ exposure to cyber threats. Note: although these publications detail historical activity, the TTPs remain relevant to help network defenders protect against intrusions. CISA encourages critical infrastructure owners and operators to report cyber incidents to CISA. Note: for information on the U.S. Department of State’s reward program for identifying persons who participate in the malicious cyber activities against U.S. critical infrastructure, see the U.S. Department of State press release. This product is provided subject to this Notification and this Privacy & Use policy.
Oracle Releases July 2021 Critical Patch Update
Jul 20, 2021
Original release date: July 20, 2021Oracle has released its Critical Patch Update for July 2021 to address 327 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Oracle July 2021 Critical Patch Update and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Citrix Releases Security Updates
Jul 20, 2021
Original release date: July 20, 2021Citrix has released security updates to address multiple vulnerabilities in Application Delivery Controller, Gateway, and SD-WAN WANOP Edition. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Citrix Security Update CTX319135 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
U.S. Government Releases Indictment and Several Advisories Detailing Chinese Cyber Threat Activity
Jul 19, 2021
Original release date: July 19, 2021CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have observed increasingly sophisticated Chinese state-sponsored activity targeting U.S. political, economic, military, educational, and critical infrastructure personnel and organizations. In response: The White House has released a statement attributing recent Microsoft Exchange server exploitation activity to the People’s Republic of China (PRC). The Department of Justice has indicted four Chinese cyber actors from the advanced persistent threat (APT) group APT40 for malicious cyber activities, carried out on orders from PRC Ministry of State Security (MSS) Hainan State Security Department (HSSD). These activities resulted in the theft of trade secrets, intellectual property, and other high-value information from companies and organizations in the United States and abroad, as well as from multiple foreign governments. CISA and FBI have released Joint Cybersecurity Advisory: TTPs of Indicted APT40 Actors Associated with China’s MSS Hainan State Security Department to help network defenders identify and remediate APT40 intrusions and established footholds. CISA, NSA and FBI have released Joint Cybersecurity Advisory: Chinese Observed TTPs, which describes Chinese cyber threat behavior and trends and provides mitigations to help protect the Federal Government; state, local, tribal, and territorial governments; critical infrastructure, defense industrial base, and private industry organizations. CISA, NSA and FBI have released CISA Insights: Chinese Cyber Threat Overview for Leaders to help leaders understand this threat and how to reduce their organization's risk of falling victim to cyber espionage and data theft. CISA also encourages users and administrators to review the blog post, Safeguarding Critical Infrastructure against Threats from the People’s Republic of China, by CISA Executive Assistant Director Eric Goldstein and the China Cyber Threat Overview and Advisories webpage. This product is provided subject to this Notification and this Privacy & Use policy.
Cisco Releases Security Updates
Jul 16, 2021
Original release date: July 16, 2021Cisco has released security updates to address a vulnerability in Adaptive Security Appliance Software Release 9.16.1 and Firepower Threat Defense Software Release 7.0.0. A remote attacker could exploit this vulnerability to cause a denial of service condition. CISA encourages users and administrators to review Cisco Advisory cisco-sa-asa-ftd-ipsec-dos-TFKQbgWC and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Google Releases Security Updates for Chrome
Jul 16, 2021
Original release date: July 16, 2021Google has released Chrome version 91.0.4472.164 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. One of these vulnerabilities—CVE-2021-30563—has been detected in exploits in the wild. CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Ransomware Risk in Unpatched, EOL SonicWall SRA and SMA 8.x Products
Jul 15, 2021
Original release date: July 15, 2021CISA is aware of threat actors actively targeting a known, previously patched, vulnerability in SonicWall Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life (EOL) 8.x firmware. Threat actors can exploit this vulnerability to initiate a targeted ransomware attack. CISA encourages users and administrators to review the SonicWall security advisory and upgrade to the newest firmware or disconnect EOL appliances as soon as possible. Review the CISA Bad Practices webpage to learn more about bad cybersecurity practices, such as using EOL software, that are especially dangerous for organizations supporting designated Critical Infrastructure or National Critical Functions. This product is provided subject to this Notification and this Privacy & Use policy.
