US CERT Current Activity
Google Releases Security Updates for Chrome, CVE-2020-16009
Nov 3, 2020
Original release date: November 3, 2020Google has released Chrome version 86.0.4240.183 for Windows, Mac, and Linux addressing multiple vulnerabilities, including vulnerability CVE-2020-16009. Exploit code for this vulnerability exists in the wild. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome Release Note and apply the necessary updates immediately. This product is provided subject to this Notification and this Privacy & Use policy.
Oracle Releases Out-of-Band Security Alert
Nov 2, 2020
Original release date: November 2, 2020Oracle has released an out-of-band security alert to address a remote code execution vulnerability—CVE-2020-14750—in Oracle WebLogic Server. A remote attacker can exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) urges users and administrators review the Oracle Security Alert and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
CISA and FBI Release Joint Advisory on Iranian APT Actor Targeting Voter Registration Data
Oct 30, 2020
Original release date: October 30, 2020The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released a joint cybersecurity advisory on an Iranian advanced persistent threat (APT) actor targeting U.S. state websites, including elections websites, to obtain voter registration data. Joint Cybersecurity Advisory AA20-304A: Iranian APT Actor Identified Obtaining Voter Registration Data provides indicators of compromise and recommended mitigations for affected entities. Analysis by CISA and the FBI indicates this actor scanned state websites, to include state election websites, between September 20 and September 28, 2020, with the Acunetix vulnerability scanner. Additionally, CISA and the FBI observed this actor attempting to exploit websites to obtain copies of voter registration data between September 29 and October 17, 2020. This includes attempted exploitation of known vulnerabilities, directory traversal, Structured Query Language (SQL) injection, web shell uploads, and leveraging unique flaws in websites. CISA and the FBI can confirm that the actor successfully obtained voter registration data for at least one state. CISA and the FBI advise organizations that do not regularly use Acunetix to monitor their logs for any related activity that originates from IP addresses provided in this advisory and consider it malicious reconnaissance behavior. This product is provided subject to this Notification and this Privacy & Use policy.
Microsoft Warns of Continued Exploitation of CVE-2020-1472
Oct 29, 2020
Original release date: October 29, 2020Microsoft has released a blog post on cyber threat actors exploiting CVE-2020-1472, an elevation of privilege vulnerability in Microsoft’s Netlogon. A remote attacker can exploit this vulnerability to breach unpatched Active Directory domain controllers and obtain domain administrator access. The Cybersecurity and Infrastructure Security Agency (CISA) has observed nation state activity exploiting this vulnerability. This malicious activity has often, but not exclusively, been directed at federal and state, local, tribal, and territorial (SLTT) government networks. CISA urges administrators to patch all domain controllers immediately—until every domain controller is updated, the entire infrastructure remains vulnerable, as threat actors can identify and exploit a vulnerable system in minutes. CISA has released a patch validation script to detect unpatched Microsoft domain controllers. If there is an observation of CVE-2020-1472 Netlogon activity or other indications of valid credential abuse detected, it should be assumed that malicious cyber actors have compromised all identity services. In the coming weeks and months, administrators should take follow-on actions that are described in guidance released by Microsoft to prepare for the second half of Microsoft’s Netlogon migration process, which is scheduled to conclude in February 2021. CISA encourages users and administrators to review the following resources and apply the necessary updates and mitigations. Microsoft blog post: Attacks exploiting Netlogon vulnerability (CVE-2020-1472) Microsoft: August Security Advisory for CVE-2020-1472 Microsoft: How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472 CISA Patch Validation Script CISA Joint Cybersecurity Advisory: AA20-283A APT Actors Chaining Vulnerabilities Against SLTT, Critical Infrastructure, and Elections Organizations This product is provided subject to this Notification and this Privacy & Use policy.
CISA and CNMF Identify a New Malware Variant: Zebrocy
Oct 29, 2020
Original release date: October 29, 2020Content: The Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Defense (DOD) Cyber National Mission Force (CNMF) have identified a malware variant—referred to as Zebrocy—used by a sophisticated cyber actor. In addition, U.S. Cyber Command has released the malware sample to the malware aggregation tool and repository, VirusTotal. CISA encourages users and administrators to review Malware Analysis Report MAR-10310246r1.v1 and U.S. Cyber Command’s VirusTotal page for more information. This product is provided subject to this Notification and this Privacy & Use policy.
CISA, FBI, and CNMF Identify a New Malware Variant: ComRAT
Oct 29, 2020
Original release date: October 29, 2020The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Defense Cyber National Mission Force (CNMF) have identified a malware variant—referred to as ComRAT—used by the Russian-sponsored advanced persistent threat (APT) actor Turla. In addition, U.S. Cyber Command has released the malware sample to the malware aggregation tool and repository, VirusTotal. CISA encourages users and administrators to review Malware Analysis Report MAR-10310246-2.v1 and U.S. Cyber Command’s VirusTotal page for more information. This product is provided subject to this Notification and this Privacy & Use policy.
Ransomware Activity Targeting the Healthcare and Public Health Sector
Oct 28, 2020
Original release date: October 28, 2020The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the U.S. Department of Health and Human Services (HHS) have credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers. CISA, FBI, and HHS have released AA20-302A Ransomware Activity Targeting the Healthcare and Public Health Sector that details both the threat and practices that healthcare organizations should continuously engage in to help manage the risk posed by ransomware and other cyber threats. The advisory references the joint CISA MS-ISAC Ransomware Guide that provides a ransomware response checklist that can serve as a ransomware-specific addendum to organization cyber incident response plans. CISA, FBI, and HHS are sharing this information in order to provide a warning to healthcare providers to ensure that they take timely and reasonable precautions to protect their networks from these threats. CISA encourages users and administrators to review CISA’s Ransomware webpage for additional information. This product is provided subject to this Notification and this Privacy & Use policy.
Microsoft Releases Security Update for Edge
Oct 26, 2020
Original release date: October 26, 2020Microsoft has released a security update to address vulnerabilities in Edge (Chromium-based). An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the latest entry for Microsoft Security Advisory ADV200002 apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.
CISA and FBI Release Joint Advisories Regarding Russian and Iranian APT Actors
Oct 22, 2020
Original release date: October 22, 2020The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released two joint cybersecurity advisories on widespread advanced persistent threat (APT) activity. Joint Cybersecurity Advisory: AA20-296A Russian State-Sponsored Advanced Persistent Threat Actor Compromises U.S. Government Targets Joint Cybersecurity Advisory: AA20-296B Iranian State-Sponsored Advanced Persistent Threat Actors Threaten Election-Related Systems AA20-296A updates a previous joint CISA-FBI cybersecurity advisory and provides information on Russian state-sponsored actors targeting U.S. state, local, tribal, and territorial (SLTT) government networks, as well as aviation networks. In limited instances, this activity has resulted in unauthorized access to IT systems used by U.S. election officials. AA20-296B details Iranian APT actors working to influence and interfere with the U.S. elections to sow discord among voters and undermine public confidence in the U.S. electoral process. These actors have taken part in spear-phishing campaigns, website defacements, and disinformation campaigns to spread obtained U.S. voter-registration data, anti-American propaganda, and misinformation about voter suppression, voter fraud, and ballot fraud. Both joint cybersecurity advisories contain information on exploited vulnerabilities and recommended mitigation actions for affected organizations to pursue. This product is provided subject to this Notification and this Privacy & Use policy.
Cisco Releases Security Updates for Multiple Products
Oct 22, 2020
Original release date: October 22, 2020Cisco has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Cisco security page and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Mozilla Releases Security Updates for Firefox and Firefox ESR
Oct 21, 2020
Original release date: October 21, 2020Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisories for Firefox 82 and Firefox ESR 78.4 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Google Releases Security Updates for Chrome
Oct 21, 2020
Original release date: October 21, 2020Google has released Chrome version 86.0.4240.111 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome Release and apply the necessary changes. This product is provided subject to this Notification and this Privacy & Use policy.
Adobe Releases Security Updates for Multiple Products
Oct 21, 2020
Original release date: October 21, 2020Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates. Illustrator APSB20-53 Dreamweaver APSB20-55 Marketo APSB20-60 Animate APSB20-61 After Effects APSB20-62 Photoshop APSB20-63 Premiere Pro APSB20-64 Media Encoder APSB20-65 InDesign APSB20-66 Creative Cloud Desktop Application APSB20-68 This product is provided subject to this Notification and this Privacy & Use policy.
Oracle Releases October 2020 Security Bulletin
Oct 20, 2020
Original release date: October 20, 2020Oracle has released its Critical Patch Update for October 2020 to address 402 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Oracle October 2020 Critical Patch Update and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
NSA Releases Advisory on Chinese State-Sponsored Actors Exploiting Publicly Known Vulnerabilities
Oct 20, 2020
Original release date: October 20, 2020The National Security Agency (NSA) has released a cybersecurity advisory on Chinese state-sponsored malicious cyber activity. This advisory provides 25 Common Vulnerabilities and Exposures (CVEs) known to be recently leveraged, or scanned-for, by Chinese state-sponsored cyber actors to enable successful hacking operations against a multitude of victim networks. The Cybersecurity and Infrastructure Security Agency (CISA) encourages critical system administrators to prioritize the immediate patching of the CVEs in NSA’s advisory and to review CISA’s Alert Potential for China Cyber Response to Heightened U.S.–China Tensions, which details potential cyber response to heightened tensions between the United States and China and provides specific tactics, techniques, and procedures (TTPs) and recommended mitigations to the cybersecurity community to assist in the protection of our Nation’s critical infrastructure. Review the CISA's Chinese Malicious Cyber Activity page for more information on Chinese malicious cyber activity. This product is provided subject to this Notification and this Privacy & Use policy.
VMware Releases Security Updates for Multiple Products
Oct 20, 2020
Original release date: October 20, 2020VMware has released security updates to address vulnerabilities affecting multiple products. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review VMware Security Advisory VMSA-2020-0023 and apply the necessary updates or workarounds. This product is provided subject to this Notification and this Privacy & Use policy.
Microsoft Releases Security Updates to Address Remote Code Execution Vulnerabilities
Oct 16, 2020
Original release date: October 16, 2020Microsoft has released security updates to address remote code execution vulnerabilities affecting Windows Codecs Library and Visual Studio Code. An attacker could exploit these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Microsoft security advisories for CVE-2020-17022 and CVE-2020-17023 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
NCSC Releases Alert on Microsoft SharePoint Vulnerability
Oct 16, 2020
Original release date: October 16, 2020The United Kingdom (UK) National Cyber Security Centre (NCSC) has released an Alert to address a vulnerability—CVE-2020-16952—affecting Microsoft SharePoint server. An attacker could exploit this vulnerability to take control of an affected system. Applying patches from Microsoft’s October 2020 Security Advisory for CVE-2020-16952 can prevent exploitation of this vulnerability. The Cybersecurity and Infrastructure Security Agency (CISA) encourages administrators to review the NCSC Alert and the Microsoft Security Advisory for CVE-2020-16952 for more information. This product is provided subject to this Notification and this Privacy & Use policy.
Adobe Releases Security Updates for Magento
Oct 16, 2020
Original release date: October 16, 2020Adobe has released security updates to address vulnerabilities affecting Magento Commerce and Magento Open Source. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Adobe Security Bulletin APSB20-59 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Juniper Networks Releases Security Updates for Multiple Products
Oct 15, 2020
Original release date: October 15, 2020Juniper Networks has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Juniper Networks security advisories page and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
