US CERT Current Activity
Adobe Releases Security Updates for Multiple Products
Apr 11, 2023
Adobe has released security updates to address multiple vulnerabilities in Adobe software. An attacker can exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories and apply the necessary updates: Digital Editions APSB23-04 InCopy APSB23-13 Acrobat and Reader APSB23-24 Substance 3D Stager APSB23-26 Dimension APSB23-27 Substance 3D Designer APSB23-28
CISA Adds One Known Exploited Vulnerability to Catalog
Apr 11, 2023
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-28252 Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view other newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column—which will sort by descending dates. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
Apple Releases Security Updates for Multiple Products
Apr 11, 2023
Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected device. CISA encourages users and administrators to review the following advisories and apply the necessary updates. iOS 15.7.5 and iPadOS 15.7.5 macOS Monterey 12.6.5 macOS Big Sur 11.7.6 Safari 16.4.1 iOS 16.4.1 and iPadOS 16.4.1 macOS Ventura 13.3.1
CISA Releases Zero Trust Maturity Model Version 2
Apr 11, 2023
CISA has released an update to the Zero Trust Maturity Model (ZTMM), superseding the initial version released in September 2021. ZTMM provides a roadmap for agencies to reference as they transition towards a zero-trust architecture. ZTMM also provides a gradient of implementation across five distinct pillars to facilitate federal implementation, allowing agencies to make minor advancements toward optimization over time. The objective of this update is to facilitate the distribution of the ZTMM Version 2 and educate federal civilian agencies on the updated ZTMM and its application to their zero-trust implementations. CISA encourages state, local, tribal, and territorial governments, and the private sector to use ZTMM as a baseline for implementing zero trust architecture.
CISA Releases Two Industrial Control Systems Advisories
Apr 11, 2023
CISA released two Industrial Control Systems (ICS) advisories on April 11, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-101-01 FANUC ROBOGUIDE-HandlingPRO ICSA-20-212-04 Mitsubishi Electric Factory Automation Engineering Products (Update K) CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations.
CISA Adds Two Known Exploited Vulnerabilities to Catalog
Apr 10, 2023
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-28206 Apple iOS, iPadOS, and macOS IOSurfaceAccelerator Out-of-Bounds Write Vulnerability CVE-2023-28205 Apple iOS, iPadOS, and macOS WebKit Use-After-Free Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view other newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column—which will sort by descending dates. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
CISA Adds Five Known Exploited Vulnerabilities to Catalog
Apr 7, 2023
CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2021-27876 Veritas Backup Exec Agent File Access Vulnerability CVE-2021-27877 Veritas Backup Exec Agent Improper Authentication Vulnerability CVE-2021-27878 Veritas Backup Exec Agent Command Execution Vulnerability CVE-2019-1388 Microsoft Windows Certificate Dialog Privilege Escalation Vulnerability CVE-2023-26083 Arm Mali GPU Kernel Driver Information Disclosure Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view other newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column—which will sort by descending dates. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
Cisco Releases Security Advisories for Multiple Products
Apr 7, 2023
Cisco has released security advisories for vulnerabilities affecting multiple Cisco products. A remote cyber threat actor could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories and apply the necessary updates: Cisco Secure Network Analytics Remote Code Execution Vulnerability cisco-sa-stealthsmc-rce-sfNBPjcS Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers Command Injection Vulnerabilities cisco-sa-sb-rv32x-cmdinject-cKQsZpxL Cisco Evolved Programmable Network Manager, Cisco Identity Services Engine, and Cisco Prime Infrastructure Command Injection Vulnerabilities cisco-sa-adeos-MLAyEcvk For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.
CISA Releases Seven Industrial Control Systems Advisories
Apr 6, 2023
CISA released seven Industrial Control Systems (ICS) advisories on April 6, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-096-01 Industrial Control Links ScadaFlex II SCADA Controllers ICSA-23-096-02 JTEKT Screen Creator Advance 2 ICSA-23-096-03 JTEKT Kostac PLC ICSA-23-096-04 Korenix Jetwave ICSA-23-096-05 Hitachi Energy MicroSCADA System Data Manager SDM600 ICSA-23-096-06 mySCADA myPRO ICSA-20-051-02 Rockwell Automation FactoryTalk Diagnostics (Update A) CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations.
CISA Releases One Industrial Control Systems Advisory
Apr 4, 2023
CISA released one Industrial Control Systems (ICS) advisory on April 4, 2023. This advisory provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-094-01 Nexx Smart Home Device CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations.
CISA Adds One Known Exploited Vulnerability to Catalog
Apr 3, 2023
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog based on evidence of active exploitation. CVE-2022-27926 Zimbra Collaboration (ZCS) Cross-Site Scripting (XSS) Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view other newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column—which will sort by descending dates. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria. Please share your thoughts. We recently updated our anonymous Product Feedback Survey and we'd welcome your feedback.
Mozilla Releases Security Update for Thunderbird 102.9.1
Mar 31, 2023
Mozilla has released a security update to address vulnerabilities in Thunderbird 102.9.1. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Mozilla’s Thunderbird 102.9.1 security advisory for more information and apply the necessary updates.
Samba Releases Security Updates for Multiple Versions of Samba
Mar 31, 2023
The Samba Team has released security updates addressing vulnerabilities in multiple versions of Samba. An attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following announcements and apply the necessary updates: CVE-2023-0225 CVE-2023-0922 CVE-2023-0614
CISA Releases One Industrial Control Systems Advisory
Mar 30, 2023
CISA released one Industrial Control Systems (ICS) advisory on March 30, 2023. This advisory provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-089-01 Hitachi Energy IEC 61850 MMS-Server CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations.
Supply Chain Attack Against 3CXDesktopApp
Mar 30, 2023
CISA is aware of open-source reports describing a supply chain attack against 3CX software and their customers. According to the reports, 3CXDesktopApp — a voice and video conferencing app — was trojanized, potentially leading to multi-staged attacks against users employing the vulnerable app. CISA urges users and organizations to review the following reports for more information, and hunt for the listed indicators of compromise (IOCs) for potential malicious activity: CrowdStrike: Falcon Platform Detects and Prevents Active Intrusion Campaign Targeting 3CXDesktopApp Customers SentinelOne: SmoothOperator | Ongoing Campaign Trojanizes 3CXDesktopApp in Supply Chain Attack DesktopApp: 3CX DesktopApp Security Alert
CISA Adds Ten Known Exploited Vulnerabilities to Catalog
Mar 30, 2023
CISA has added ten new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2013-3163 Microsoft Internet Explorer Memory Corruption Vulnerability CVE-2014-1776 Microsoft Internet Explorer Memory Corruption Vulnerability CVE-2017-7494 Samba Remote Code Execution Vulnerability CVE-2022-42948 Fortra Cobalt Strike User Interface Remote Code Execution Vulnerability CVE-2022-39197 Fortra Cobalt Strike Teamserver Cross-Site Scripting (XSS) Vulnerability CVE-2021-30900 Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability CVE-2022-38181 Arm Mali GPU Kernel Driver Use-After-Free Vulnerability CVE-2023-0266 Linux Kernel Use-After-Free Vulnerability CVE-2022-3038 Google Chrome Use-After-Free Vulnerability CVE-2022-22706 Arm Mali GPU Kernel Driver Unspecified Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view other newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column—which will sort by descending dates. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
Apple Releases Security Updates for Multiple Products
Mar 28, 2023
Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected device. CISA encourages users and administrators to review the following advisories and apply the necessary updates. macOS Ventura 13.3 Safari 16.4 Studio Display Firmware Update 16.4 iOS 15.7.4 and iPadOS 15.7.4 tvOS 16.4 macOS Big Sur 11.7.5 iOS 16.4 and iPadOS 16.4 macOS Monterey 12.6.4 watchOS 9.4 Please share your thoughts. We recently updated our anonymous Product Feedback Survey and we'd welcome your feedback.
Untitled Goose Tool Aids Hunt and Incident Response in Azure, Azure Active Directory, and Microsoft 365 Environments
Mar 23, 2023
Today, CISA released the Untitled Goose Tool to help network defenders detect potentially malicious activity in Microsoft Azure, Azure Active Directory (AAD), and Microsoft 365 (M365) environments. The Untitled Goose Tool offers novel authentication and data gathering methods for network defenders to use as they interrogate and analyze their Microsoft cloud services. The tool enables users to: Export and review AAD sign-in and audit logs, M365 unified audit log (UAL), Azure activity logs, Microsoft Defender for IoT (internet of things) alerts, and Microsoft Defender for Endpoint (MDE) data for suspicious activity. Query, export, and investigate AAD, M365, and Azure configurations. Extract cloud artifacts from Microsoft’s AAD, Azure, and M365 environments without performing additional analytics. Perform time bounding of the UAL. Extract data within those time bounds. Collect and review data using similar time bounding capabilities for MDE data. Untitled Goose Tool was developed by CISA with support from Sandia National Laboratories. Network defenders can see the Untitled Goose Tool fact sheet and visit the Untitled Goose Tool GitHub repository to get started. Please share your thoughts. We recently updated our anonymous Product Feedback Survey and we'd welcome your feedback.
Cisco Releases Security Advisories for Multiple Products
Mar 23, 2023
Cisco has released security advisories for vulnerabilities affecting multiple Cisco products. A remote cyber threat actor could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories and apply the necessary updates: Cisco IOS XE Software Virtual Fragmentation Reassembly Denial of Service Vulnerability cisco-sa-ipv4-vfr-dos-CXxtFacb Cisco IOS XE Software IOx Application Hosting Environment Privilege Escalation Vulnerability cisco-sa-iox-priv-escalate-Xg8zkyPk Cisco IOS XE SD-WAN Software Command Injection Vulnerability cisco-sa-ios-xe-sdwan-VQAhEjYw Cisco IOS XE Software Fragmented Tunnel Protocol Packet Denial of Service Vulnerability cisco-sa-ios-gre-crash-p6nE5Sq5 Cisco IOS and IOS XE Software IPv6 DHCP (DHCPv6) Relay and Server Denial of Service Vulnerability cisco-sa-ios-dhcpv6-dos-44cMvdDK Cisco IOS XE Software for Wireless LAN Controllers HTTP Client Profiling Denial of Service Vulnerability cisco-sa-ewlc-dos-wFujBHKw Cisco DNA Center Privilege Escalation Vulnerability cisco-sa-dnac-privesc-QFXe74RS Cisco IOS XE Software for Cisco Catalyst 9300 Series Switches Secure Boot Bypass Vulnerability cisco-sa-c9300-spi-ace-yejYgnNQ Cisco Access Point Software Association Request Denial of Service Vulnerability cisco-sa-ap-assoc-dos-D2SunWK2 For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. Please share your thoughts. We recently updated our anonymous Product Feedback Survey; we'd welcome your feedback.
JCDC Cultivates Pre-Ransomware Notification Capability
Mar 23, 2023
In today’s blog post, Associate Director of the Joint Cyber Defense Collaborative (JCDC) Clayton Romans highlighted recent successes of pre-ransomware notification and its impact in reducing harm from ransomware intrusions. With pre-ransomware notifications, organizations can receive early warning and potentially evict threat actors before they can encrypt and hold critical data and systems for ransom. Using this proactive cyber defense capability, CISA has notified more than 60 entities of early-stage ransomware intrusions since January 2023, including critical infrastructure organizations in the Energy, Healthcare and Public Health, Water and Wastewater Systems sectors, as well as the education community. The pre-ransomware notification was cultivated with the help of the cybersecurity research community and through CISA’s relationships with infrastructure providers and cyber threat intelligence companies. For more information, visit #StopRansomware. To report early-stage ransomware activity, visit Report Ransomware. CISA also encourages stakeholders and network defenders to review associate director Romans’ post, Getting Ahead of the Ransomware Epidemic: CISA’s Pre-Ransomware Notifications Help Organizations Stop Attacks Before Damage Occurs, to learn more about CISA’s Pre-Ransomware Notification Initiative. Please share your thoughts. We recently updated our anonymous Product Feedback Survey and we'd welcome your feedback.
