US CERT Current Activity
NCSC-UK Releases Guidance on Using MSP for Administering Cloud Services
Jan 11, 2023
Original release date: January 11, 2023The United Kingdom’s National Cyber Security Centre (NCSC-UK) has released a blog post, Using MSPs to administer your cloud services, that provides organizations security considerations for using a third party, such as a managed service provider (MSP), to administer cloud services. Contracting with an MSP for cloud service management has become an increasingly appealing option for organizations. The post discusses the trade-offs involved as well as specific security checks organizations should make to confirm the MSP’s ability to defend against cyber threats. CISA encourages organizations using MSPs for administering cloud services to implement the guidance NCSC-UK provides in the blog post. This product is provided subject to this Notification and this Privacy & Use policy.
Adobe Releases Security Updates for Multiple Products
Jan 10, 2023
Original release date: January 10, 2023Adobe has released security updates to address multiple vulnerabilities in Adobe software. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates. Adobe Acrobat and Reader APSB23-01 Adobe InDesign APSB23-07 Adobe InCopy APSB23-08 Adobe Dimension APSB23-10 This product is provided subject to this Notification and this Privacy & Use policy.
Microsoft Releases January 2023 Security Updates
Jan 10, 2023
Original release date: January 10, 2023Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s January 2023 Security Update Guide and Deployment Information and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
CISA Adds Two Known Exploited Vulnerabilities to Catalog
Jan 10, 2023
Original release date: January 10, 2023CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view the newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column, which will sort by descending dates. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise. BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the specified criteria. This product is provided subject to this Notification and this Privacy & Use policy.
CISA Releases Two Industrial Control Systems Advisories
Jan 10, 2023
Original release date: January 10, 2023CISA released two Industrial Control Systems (ICS) advisories on January 10, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-23-010-01 Black Box KVM ICSA-22-298-07 Delta Electronics InfraSuite Device Master (Update A) This product is provided subject to this Notification and this Privacy & Use policy.
CISA Releases Three Industrial Systems Control Advisories
Jan 5, 2023
Original release date: January 5, 2023CISA released three Industrial Control Systems (ICS) advisories on January 5 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-23-005-01 Hitachi Energy UNEM ICSA-23-005-02 Hitachi Energy FOXMAN-UN ICSA-23-005-03 Hitachi Energy Lumada Asset Performance Management This product is provided subject to this Notification and this Privacy & Use policy.
Fortinet Releases Security Updates for FortiADC
Jan 4, 2023
Original release date: January 4, 2023Fortinet has released a security advisory to address a vulnerability in multiple versions of FortiADC. This vulnerability may allow a remote attacker “to execute unauthorized code or commands via specifically crafted HTTP requests.” CISA encourages users and administrators to review Fortinet security advisory FG-IR-22-061 and apply the recommended updates. This product is provided subject to this Notification and this Privacy & Use policy.
CISA Adds Two Known Exploited Vulnerabilities to Catalog
Dec 29, 2022
Original release date: December 29, 2022CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view the newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column, which will sort by descending dates. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise. BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the specified criteria. This product is provided subject to this Notification and this Privacy & Use policy.
CISA Releases Four Industrial Control Systems Advisories
Dec 22, 2022
Original release date: December 22, 2022CISA released four Industrial Control Systems (ICS) advisories on December 22, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-22-356-01 Priva TopControl Suite ICSA-22-356-02 Rockwell Automation Studio 5000 Logix Emulate ICSA-22-356-03 Mitsubishi Electric MELSEC iQ-R, iQ-L Series and MELIPC Series ICSA-22-356-04 Omron CX-Programmer This product is provided subject to this Notification and this Privacy & Use policy.
CISA Releases Six Industrial Control Systems Advisories
Dec 20, 2022
Original release date: December 20, 2022CISA released six Industrial Control Systems (ICS) advisories on December 20, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-22-354-01 Fuji Electric Tellus Lite V-Simulator ICSA-22-354-02 Rockwell Automation GuardLogix and ControlLogix ICSA-22-354-03 ARC Informatique PcVue ICSA-22-354-04 Rockwell Automation MicroLogix 1100 and 1400 ICSA-22-354-05 Delta 4G Router DX-3021 ICSA-22-349-01 Prosys OPC UA Simulation Server (Update A) This product is provided subject to this Notification and this Privacy & Use policy.
Samba Releases Security Updates
Dec 16, 2022
Original release date: December 16, 2022The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Samba security announcements and apply the necessary updates. CVE-2022-38023 CVE-2022-37966 CVE-2022-37967 CVE-2022-45141 This product is provided subject to this Notification and this Privacy & Use policy.
FBI, FDA OCI, and USDA Release Joint Cybersecurity Advisory Regarding Business Email Compromise Schemes Used to Steal Food
Dec 16, 2022
Original release date: December 16, 2022The Federal Bureau of Investigation (FBI), the Food and Drug Administration Office of Criminal Investigations (FDA OCI), and the U.S. Department of Agriculture (USDA) have released a joint Cybersecurity Advisory (CSA) detailing recently observed incidents of criminal actors using business email compromise (BEC) to steal shipments of food products and ingredients valued at hundreds of thousands of dollars. The joint CSA analyzes the common tactics, techniques, and procedures (TTPs) utilized by criminal actors to spoof emails and domains to impersonate legitimate employees and order goods that went unpaid and were possibly resold at devalued prices with labeling that lacked industry standard “need-to-knows” (i.e., necessary information about ingredients, allergens, or expiration dates). For more information, CISA encourages organizations to review the guidance provided by the FBI, FDA OCI, and USDA in joint CSA Criminal Actors Use Business Email Compromise to Steal Large Shipments of Food Products and Ingredients—whereby businesses are urged “to use a risk-informed analysis to prepare for, mitigate, and respond to cyber incidents and cyber-enabled crime.” This product is provided subject to this Notification and this Privacy & Use policy.
CISA Releases Forty-One Industrial Control Systems Advisories
Dec 15, 2022
Original release date: December 15, 2022CISA has released forty-one (41) Industrial Control Systems (ICS) advisories on 15 December 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-22-349-01 Prosys OPC UA Simulation ICSA-22-349-02 Siemens SCALANCE X-200RNA Switch Devices ICSA-22-349-03 Siemens Multiple Denial of Service Vulnerabilities in Industrial Products ICSA-22-349-04 Siemens Multiple Vulnerabilities in SCALANCE Products ICSA-22-349-05 Siemens PLM Help Server ICSA-22-349-06 Siemens SIMATIC WinCC OA Ultralight Client ICSA-22-349-07 Siemens Simcenter STAR-CCM+ ICSA-22-349-08 Siemens Polarion ALM ICSA-22-349-09 Siemens Products affected by OpenSSL 3.0 ICSA-22-349-10 Siemens APOGEE_TALON Field Panels ICSA-22-349-11 Siemens SIPROTEC 5 Devices ICSA-22-349-12 Siemens Parasolid ICSA-22-349-13 Siemens Mendix Workflow Commons ICSA-22-349-14 Siemens SISCO MMS-EASE Third Party Component ICSA-22-349-15 Siemens Teamcenter Visualization and JT2Go ICSA-22-349-16 Siemens APOGEE and TALON ICSA-22-349-17 Siemens Mendix Email Connector ICSA-22-349-18 Siemens SCALANCE SC-600 Family ICSA-22-349-19 Siemens SICAM PAS ICSA-22-349-20 Siemens Teamcenter Visualization and JT2Go ICSA-22-349-21 Siemens SCALANCE X-200RNA Switch Devices ICSA-21-012-02 Siemens SCALANCE X Switches (Update C) ICSA-20-014-03 Siemens SCALANCE X Switches (Update B) ICSA-20-042-07 Siemens SCALANCE X Switches (Update C) ICSA-22-069-01 Siemens RUGGEDCOM Devices (Update D) ICSA-21-222-05 Siemens Industrial Products Intel CPUs (Update G) ICSA-20-161-04 Siemens SIMATIC, SINAMICS, SINEC, SINEMA, SINUMERIK (Update K) ICSA-22-286-09 Siemens SICAM P850 and P855 Devices (Update A) ICSA-22-286-11 Siemens SCALANCE and RUGGEDCOM Products (Update B) ICSA-22-258-04 Siemens Mendix SAML Module (Update B) ICSA-22-104-06 Siemens PROFINET Stack Integrated on Interniche Stack (Update E) ICSA-22-286-07 Siemens Nucleus RTOS FTP Server (Update A) ICSA-22-314-09 Siemens Teamcenter Visualization and JT2Go (Update A) ICSA-22-314-02 Siemens Missing Web Server Login Page of Industrial Controllers (Update A) ICSA-22-167-14 Siemens OpenSSL Affected Industrial Products (Update E) ICSA-22-132-05 Siemens Industrial PCs and CNC devices (Update A) ICSA-22-104-13 Siemens SIMATIC S7-1500 CPU GNU Linux subsystem (Update A) ICSA-18-163-02 Siemens SCALANCE X Switches (Update B) ICSA-22-132-12 Siemens Industrial Products (Update C) ICSA-20-105-08 Siemens KTK, SIDOOR, SIMATIC, and SINAMICS (Update D) ICSA-19-283-02 Siemens Profinet Devices (Update L) This product is provided subject to this Notification and this Privacy & Use policy.
Drupal Releases Security Updates to Address Vulnerabilities in H5P and File (Field) Paths
Dec 15, 2022
Original release date: December 15, 2022Drupal has released security updates to address vulnerabilities affecting H5P and the File (Field) Paths modules for Drupal 7.x. An attacker could exploit these vulnerabilities to access sensitive information and remotely execute code. CISA encourages users and administrators to review Drupal’s security advisories SA-CONTRIB-2022-064 and SA-CONTRIB-2022-065 and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.
CISA Consolidates Twitter Accounts
Dec 15, 2022
Original release date: December 15, 2022CISA has consolidated its social media presence on Twitter. Three accounts — @ICSCERT, @Cyber, and @CISAInfraSec — are no longer active. Additionally, the @USCERT_gov Twitter account is now renamed @CISACyber. The following current active Twitter accounts will include posts on content previously covered on the now-inactive accounts. @CISACyber will cover updates relevant to the industrial control systems community along with the latest vulnerability management info, threat analysis, and other info relevant to the cybersecurity community. @CISAgov will continue to provide agencywide content or non-urgent ICS updates. @CISAJen will continue to include posts across a variety of topics coming straight from the CISA director. CISA encourages followers of the @ICSCERT, @Cyber, and @CISAInfraSec Twitter accounts to follow @CISACyber and @CISAgovTwitter accounts to keep receiving important CISA messages and information. This product is provided subject to this Notification and this Privacy & Use policy.
CISA Adds One Known Exploited Vulnerability to Catalog
Dec 14, 2022
Original release date: December 14, 2022CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. This type of vulnerability is a frequent attack vector for malicious cyber actors and poses a significant risk to the federal enterprise. Note: To view the newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column, which will sort by descending dates. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise. BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the specified criteria. This product is provided subject to this Notification and this Privacy & Use policy.
Apple Releases Security Updates for Multiple Products
Dec 13, 2022
Original release date: December 13, 2022Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected device. CISA encourages users and administrators to review the Apple security updates page for the following products and apply the necessary updates as soon as possible: iCloud for Windows 14.1 Safari 16.2 macOS Monterey 12.6.2 macOS Big Sur 11.7.2 tvOS 16.2 watchOS 9.2 iOS 15.7.2 and iPadOS 15.7.2 iOS 16.2 and iPadOS 16.2 macOS Ventura 13.1 This product is provided subject to this Notification and this Privacy & Use policy.
Microsoft Releases December 2022 Security Updates
Dec 13, 2022
Original release date: December 13, 2022Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s December 2022 Security Update Guide and Deployment Information and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
CISA Updates Advisory on #StopRansomware: Cuba Ransomware
Dec 13, 2022
Original release date: December 13, 2022The Federal Bureau of Investigation (FBI) and CISA have updated joint Cybersecurity Advisory AA22-335A: #StopRansomware: Cuba Ransomware, originally released on December 01, 2022. The advisory has been updated to include additional indicators of compromise (IOCs). CISA encourages organizations to review the latest update to AA22-335A and apply the recommended mitigations. This product is provided subject to this Notification and this Privacy & Use policy.
Citrix Releases Security Updates for Citrix ADC, Citrix Gateway
Dec 13, 2022
Original release date: December 13, 2022Citrix has released security updates to address a critical vulnerability (CVE-2022-27518) in Citrix ADC and Citrix Gateway. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability has been exploited in the wild. CISA encourages users and administrators to review Citrix security bulletin CTX457836 and Citrix’s blog post for more information and to apply the necessary updates. Additionally, CISA urges organizations to review NSA’s advisory APT5: Citrix ADC Threat Hunting Guidance for detection and mitigation guidance against tools employed by a malicious actor targeting vulnerable Citrix ADC systems. This product is provided subject to this Notification and this Privacy & Use policy.
