US CERT Current Activity
VMware Releases Security Updates for Multiple Products
May 29, 2020
Original release date: May 29, 2020VMware has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit one of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the VMware Security Advisory VMSA-2020-0011 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Cisco Releases Security Updates for CML and VIRL-PE
May 29, 2020
Original release date: May 29, 2020Cisco has released security updates to address SaltStack FrameWork vulnerabilities in Cisco Modeling Labs Corporate Edition (CML) and Virtual Internet Routing Lab Personal Edition (VIRL-PE). A remote attacker could exploit these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Cisco Security Advisory and apply the necessary updates or workaround. This product is provided subject to this Notification and this Privacy & Use policy.
NSA Releases Advisory on Sandworm Actors Exploiting an Exim Vulnerability
May 28, 2020
Original release date: May 28, 2020The National Security Agency (NSA) has released a cybersecurity advisory on Russian advanced persistent threat (APT) group Sandworm exploiting a vulnerability—CVE-2019-10149—in Exim Mail Transfer Agent (MTA) software. An unauthenticated remote attacker can use this vulnerability to send a specially crafted email to execute commands with root privileges, allowing the attacker to install programs, modify data, and create new accounts. Although Exim released a security update for the MTA vulnerability in June 2019, Sandworm cyber actors have been exploiting this vulnerability in unpatched Exim servers since at least August 2019 according NSA’s advisory, which provides indicators of compromise and mitigations to detect and block exploit attempts. The Cybersecurity and Infrastructure Security Agency (CISA) encourages administrators and users to upgrade to the latest version of Exim and review NSA’s Advisory: Exim Mail Transfer Agent Actively Exploited by Russian GRU Cyber Actors and Exim’s page on CVE-2019-10149 for more information. This product is provided subject to this Notification and this Privacy & Use policy.
Apple Releases Security Updates
May 27, 2020
Original release date: May 27, 2020Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates: macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra Windows Migration Assistant 2.2.0.0 Safari 13.1.1 iCloud for Windows 11.2 iCloud for Windows 7.19 This product is provided subject to this Notification and this Privacy & Use policy.
Microsoft Releases Security Update for Edge
May 22, 2020
Original release date: May 22, 2020Microsoft has released a security update to address a vulnerability in Edge (Chromium-based). A remote attacker could exploit this vulnerability to write files to arbitrary locations and gain elevated privileges. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft’s Security Advisory for CVE-2020-1195 and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.
Cisco Releases Security Updates
May 22, 2020
Original release date: May 22, 2020Cisco has released security updates to address vulnerabilities in Unified CCX software and Prime Network Registrar. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Cisco advisories and apply the necessary updates: Unified Contact Center Express Remote Code Execution Vulnerability cisco-sa-uccx-rce-GMSC6RKN Prime Network Registrar DHCP Denial-of-Service Vulnerability cisco-sa-cpnr-dhcp-dos-BkEZfhLP For updates addressing lower severity vulnerabilities see the Cisco Security Advisories page. This product is provided subject to this Notification and this Privacy & Use policy.
ACSC Releases Cyber Criminal and APT Tradecraft Trends for 2019-2020
May 22, 2020
Original release date: May 22, 2020The Australian Cyber Security Centre (ACSC) has released a summary of trends for 2019-2020 outlining tactics, techniques, and procedures (TTPs) used by cyber criminals and advanced persistent threat (APT) groups to target Australian networks. ACSC uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework to identify notable adversary TTPs. The Cybersecurity and Infrastructure Security Agency (CISA) encourages administrators to review ACSC’s Summary of Tradecraft Trends for 2019-20: Tactics, Techniques and Procedures Used to Target Australian Networks and MITRE’s ATT&CK for Enterprise framework for more information. This product is provided subject to this Notification and this Privacy & Use policy.
CISA, DOE, and UK’s NCSC Issue Guidance on Protecting Industrial Control Systems
May 22, 2020
Original release date: May 22, 2020The Cybersecurity and Infrastructure Security Agency (CISA), the Department of Energy (DOE), and the UK's National Cyber Security Centre (NCSC) have released Cybersecurity Best Practices for Industrial Control Systems, an infographic providing recommended cybersecurity practices for industrial control systems (ICS). The two-page infographic summarizes common ICS risk considerations, short- and long-term cybersecurity event impacts, best practices to defend ICS processes, and highlights NCSC's product on Secure Design Principles and Operational Technology. CISA, DOE, and NCSC encourage users to review Cybersecurity Best Practices for Industrial Control Systems. For more in-depth information, visit CISA’s ICS Recommended Practices webpage and DOE's Cybersecurity Capability Maturity Model (C2M2) Program webpage. For information on CISA Assessments, visit https://www.cisa.gov/cyber-resource-hub. This product is provided subject to this Notification and this Privacy & Use policy.
Drupal Releases Security Updates
May 21, 2020
Original release date: May 21, 2020Drupal has released security updates to address vulnerabilities affecting Drupal 7, 8.7, and 8.8. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Drupal Advisories SA-CORE-2020-002 and SA-CORE-2020-003 for more information and to apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Apple Releases Security Update for Xcode
May 21, 2020
Original release date: May 21, 2020Apple has released a security update to address a vulnerability in Xcode. A remote attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apple security page for Xcode 11.5 and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.
CISA, IRS, USSS, and Treasury Release Joint Alert on Scams Related to Coronavirus Economic Impact Payments
May 21, 2020
Original release date: May 21, 2020The Cybersecurity and Infrastructure Security Agency (CISA), U.S. Department of the Treasury, Internal Revenue Service (IRS), and United States Secret Service (USSS) have released a Joint Alert with mitigations to help Americans avoid scams related to coronavirus economic impact payments—particularly attempts to steal payments, personal and financial information, and disrupt payment efforts. CISA encourages consumers to review the Joint Alert, Avoid Scams Related to Economic Payments, COVID-19, and www.cisa.gov/coronavirus for more information. This product is provided subject to this Notification and this Privacy & Use policy.
ISC Releases Security Advisory for BIND
May 20, 2020
Original release date: May 20, 2020The Internet Systems Consortium (ISC) has released security advisories that addresses vulnerabilities affecting multiple versions of ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the ISC advisories for CVE-2020-8616 and CVE-2020-8617 for more information and to apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Adobe Releases Security Updates
May 20, 2020
Original release date: May 20, 2020Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit these vulnerabilities to obtain sensitive information. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates. Premiere Pro APSB20-27 Audition APSB20-28 Premiere Rush APSB20-29 This product is provided subject to this Notification and this Privacy & Use policy.
Google Releases Security Updates for Chrome
May 20, 2020
Original release date: May 20, 2020Google has released Chrome version 83.0.4103.61 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome Release Note and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
VMware Releases Security Update for Cloud Director
May 20, 2020
Original release date: May 20, 2020VMware has released security updates to address a vulnerability in VMware Cloud Director (formerly known as vCloud Director). A remote attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the VMware Security Advisory and apply the necessary updates or workaround. This product is provided subject to this Notification and this Privacy & Use policy.
Microsoft Releases Security Advisory for Windows DNS Servers
May 20, 2020
Original release date: May 20, 2020Microsoft has released a security advisory that addresses a vulnerability affecting Windows DNS Servers. An attacker could exploit this vulnerability to cause a denial-of-service condition. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft Advisory ADV200009 for more information and to apply the necessary mitigation or workaround. This product is provided subject to this Notification and this Privacy & Use policy.
CISA-FBI Joint Announcement on PRC Targeting of COVID-19 Research Organizations
May 13, 2020
Original release date: May 13, 2020The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have jointly released a Public Service Announcement on the People’s Republic of China’s targeting of COVID-19 research organizations. CISA and FBI encourage COVID-19 research organizations to review and apply the announcement’s recommended mitigations to prevent surreptitious review or theft of COVID-19-related material. For more information on Chinese malicious cyber activity, see https://www.us-cert.gov/china. This product is provided subject to this Notification and this Privacy & Use policy.
Microsoft Releases May 2020 Security Updates
May 12, 2020
Original release date: May 12, 2020Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft’s May 2020 Security Update Summary and Deployment Information and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Adobe Releases Security Updates
May 12, 2020
Original release date: May 12, 2020Adobe has released security updates to address vulnerabilities affecting Adobe DNG Software Development Kit, Acrobat, and Reader. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Adobe Security Bulletin APSB20-24 and APSB20-26 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
North Korean Malicious Cyber Activity
May 12, 2020
Original release date: May 12, 2020The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Defense (DoD) have identified three malware variants—COPPERHEDGE, TAINTEDSCRIBE, and PEBBLEDASH—used by the North Korean government. In addition, U.S. Cyber Command has released the three malware samples to the malware aggregation tool and repository, VirusTotal. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA. CISA encourages users and administrators to review the Malware Analysis Reports for each malware variant listed above, U.S. Cyber Command’s VirusTotal page, and CISA’s North Korean Malicious Cyber Activity page for more information. This product is provided subject to this Notification and this Privacy & Use policy.
