US CERT Current Activity
Google Releases Security Updates for Chrome
Sep 22, 2020
Original release date: September 22, 2020Google has updated the stable channel for Chrome to 85.0.4183.121 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the stable channel update and apply the necessary changes. This product is provided subject to this Notification and this Privacy & Use policy.
Samba Releases Security Update for CVE-2020-1472
Sep 21, 2020
Original release date: September 21, 2020The Samba Team has released a security update to address a critical vulnerability—CVE-2020-1472—in multiple versions of Samba. This vulnerability could allow a remote attacker to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Samba Security Announcement for CVE-2020-1472 and apply the necessary updates or workaround. This product is provided subject to this Notification and this Privacy & Use policy.
CISA Releases Emergency Directive on Microsoft Windows Netlogon Remote Protocol
Sep 18, 2020
Original release date: September 18, 2020The Cybersecurity and Infrastructure Security Agency (CISA) has released Emergency Directive (ED) 20-04 addressing a critical vulnerability— CVE-2020-1472—affecting Microsoft Windows Netlogon Remote Protocol. An unauthenticated attacker with network access to a domain controller could exploit this vulnerability to compromise all Active Directory identity services. Earlier this month, exploit code for this vulnerability was publicly released. Given the nature of the exploit and documented adversary behavior, CISA assumes active exploitation of this vulnerability is occurring in the wild. ED 20-04 applies to Executive Branch departments and agencies; however, CISA strongly recommends state and local governments, the private sector, and others patch this critical vulnerability as soon as possible. Review the following resources for more information: CISA Emergency Directive 20-04: Mitigate Netlogon Elevation of Privilege Vulnerability from August 2020 Patch Tuesday CERT/CC Vulnerability Note [VU#490028] Microsoft Security Vulnerability Information for CVE-2020-1472 Microsoft’s guidance on How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472 This product is provided subject to this Notification and this Privacy & Use policy.
CERT/CC Releases Information on Critical Vulnerability in Microsoft Windows Netlogon Remote Protocol
Sep 17, 2020
Original release date: September 17, 2020The CERT Coordination Center (CERT/CC) has released information on CVE-2020-1472, a vulnerability affecting Microsoft Windows Netlogon Remote Protocol. An unauthenticated attacker could exploit this vulnerability to obtain Active Directory domain administrator access. Although Microsoft provided patches for CVE-2020-1472 in August 2020, unpatched systems will be an attractive target for malicious actors. The Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review the following resources and apply the necessary updates and workaround. CERT/CC Vulnerability Note VU#490028 Microsoft’s Security Advisory for CVE-2020-1472 Microsoft’s guidance on How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472 This product is provided subject to this Notification and this Privacy & Use policy.
Drupal Releases Security Updates
Sep 17, 2020
Original release date: September 17, 2020Drupal has released security updates to address vulnerabilities in Drupal 7.x, 8.8.x, 8.9.x, and 9.0.x. An attacker could exploit some of these vulnerabilities to obtain sensitive information or leverage the way HTML is rendered. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Drupal security updates and apply the necessary updates: SA-CORE-2020-007 SA-CORE-2020-008 SA-CORE-2020-009 SA-CORE-2020-010 SA-CORE-2020-011 This product is provided subject to this Notification and this Privacy & Use policy.
Apple Releases Security Updates
Sep 17, 2020
Original release date: September 17, 2020Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates: Safari 14.0 tvOS 14.0 watchOS 7.0 iOS 14.0 and iPadOS 14.0 Xcode 12.0 This product is provided subject to this Notification and this Privacy & Use policy.
Adobe Releases Security Update for Media Encoder
Sep 16, 2020
Original release date: September 16, 2020Adobe has released a security update to address vulnerabilities in Media Encoder. An attacker could exploit these vulnerabilities to obtain sensitive information. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Adobe Security Bulletin and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.
Iran-Based Threat Actor Exploits VPN Vulnerabilities
Sep 15, 2020
Original release date: September 15, 2020The Cybersecurity Security and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released a Joint Cybersecurity Advisory on an Iran-based malicious cyber actor targeting several U.S. federal agencies and other U.S.-based networks. This Advisory analyzes the threat actor’s indicators of compromise (IOCs); and tactics, techniques, and procedures (TTPs); and exploited Common Vulnerabilities and Exposures (CVEs). CISA encourages users and administrators to review the following resources for more information. Joint Cybersecurity Advisory: Iran-Based Threat Actor Exploits VPN Vulnerabilities MAR-10297887-1.v1: Iranian Web Shells This product is provided subject to this Notification and this Privacy & Use policy.
Exploit for Netlogon Remote Protocol Vulnerability, CVE-2020-1472
Sep 14, 2020
Original release date: September 14, 2020The Cybersecurity and Infrastructure Security Agency (CISA) is aware of publicly available exploit code for CVE-2020-1472, an elevation of privilege vulnerability in Microsoft’s Netlogon. Although Microsoft provided patches for CVE-2020-1472 in August 2020, unpatched systems will be an attractive target for malicious actors. Attackers could exploit this vulnerability to obtain domain administrator access. CISA encourages users and administrators to review Microsoft’s August Security Advisory for CVE-2020-1472 and Article for more information and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Chinese Government-affiliated Malicious Cyber Actors Targeting U.S. Government Agencies
Sep 14, 2020
Original release date: September 14, 2020The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) have issued an advisory about Chinese Ministry of State Security (MSS)-affiliated cyber threat actors targeting U.S. government agencies. Through the National Cybersecurity Protection System, CISA has observed Chinese MSS-affiliated cyber threat actors operating from the People’s Republic of China using commercially available information sources and open-source exploitation tools. CISA leveraged the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) and Pre-ATT&CK frameworks to characterize the tactics, techniques, and procedures (TTPs) used by Chinese MSS-affiliated actors. CISA encourages users and administrators to review the joint cybersecurity advisory and CISA's Chinese Malicious Cyber Activity page for more information. This product is provided subject to this Notification and this Privacy & Use policy.
CISA Insights: Email-Based Attacks on Elections-Related Entities
Sep 10, 2020
Original release date: September 10, 2020The Cybersecurity and Infrastructure Security Agency (CISA) has released CISA Insights: Actions to Counter Email-Based Attacks on Elections-Related Entities in light of increased sophisticated phishing operations targeting individuals and groups involved in the upcoming U.S. elections. CISA strongly recommends elections-related individuals and organizations to prioritize the protection of email accounts and systems. Use provider-offered protections, if utilizing cloud email. Secure user accounts on high value services. Implement email authentication and other best practices. Secure email gateway capabilities. See the following resources for more information. CISA Insights: Actions to Counter Email-Based Attacks on Elections-Related Entities CISA Tip: Best Practices for Securing Election Systems CISA Tip: Avoiding Social Engineering and Phishing Scams Microsoft Blog: New cyberattacks targeting U.S. elections This product is provided subject to this Notification and this Privacy & Use policy.
ACSC Releases Annual Cyber Threat Report for 2019–2020
Sep 10, 2020
Original release date: September 10, 2020The Australian Cyber Security Centre (ACSC) has released its annual report on key cyber threats and statistics from 2019–2020. The report highlights that phishing and spearphishing are still the most common cyberattacks, and ransomware has become a significant threat to operations across multiple sectors. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review ACSC’s Annual Cyber Threat Report July 2019 to June 2020 and CISA’s Tip on Avoiding Social Engineering and Phishing Attacks and webpage on Ransomware for more information. This product is provided subject to this Notification and this Privacy & Use policy.
Adobe Releases Security Updates
Sep 8, 2020
Original release date: September 8, 2020Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates. InDesign APSB20-52 Framemaker APSB20-54 Experience Manager APSB20-56 This product is provided subject to this Notification and this Privacy & Use policy.
Google Releases Security Updates for Chrome
Sep 8, 2020
Original release date: September 8, 2020Google has released Chrome version 85.0.4183.102 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome Release and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Microsoft Releases September 2020 Security Updates
Sep 8, 2020
Original release date: September 8, 2020Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft’s September 2020 Security Update Summary and Deployment Information and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
DoS and DDoS Attacks against Multiple Sectors
Sep 4, 2020
Original release date: September 4, 2020The Cybersecurity and Infrastructure Security Agency (CISA) is aware of open-source reporting of targeted denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks against finance and business organizations worldwide. A DoS attack is accomplished by flooding the targeted host or network with traffic until the target cannot respond or simply crashes, preventing access for legitimate users. In a DDoS attack, the incoming traffic originates from many different sources, making it impossible to stop the attack by blocking a single source. These attacks can cost an organization both time and money while their resources and services are inaccessible. If you think you or your business is experiencing a DoS or DDoS attack, it is important to contact the appropriate technical professionals for assistance. Contact your network administrator to confirm whether the service outage is due to maintenance or an in-house network issue. Network administrators can also monitor network traffic to confirm the presence of an attack, identify the source, and mitigate the situation by applying firewall rules and possibly rerouting traffic through a DoS protection service. Contact your internet service provider to ask if there is an outage on their end or if their network is the target of an attack and you are an indirect victim. They may be able to advise you on an appropriate course of action. For more information, see CISA’s Tip on Understanding Denial-of-Service Attacks. This product is provided subject to this Notification and this Privacy & Use policy.
CISA Releases Final Binding Operational Directive on Developing a Vulnerability Disclosure Policy
Sep 3, 2020
Original release date: September 3, 2020The Cybersecurity and Infrastructure Security Agency (CISA) has released Binding Operational Directive (BOD) 20-01, Develop and Publish a Vulnerability Disclosure Policy (VDP). BOD 20-01 requires each federal agency to publish a VDP. Publication of agency VDPs will make it easier for users to report vulnerabilities they find in the Federal Government’s internet-accessible systems. CISA released a draft version of BOD 20-01 for public comment in December 2019 and incorporated many of the received suggestions in the final version. CISA encourages users to review BOD 20-01 and the CISA blog post, Improving Vulnerability Disclosure Together (Officially) for more information. This product is provided subject to this Notification and this Privacy & Use policy.
September is National Preparedness Month
Sep 3, 2020
Original release date: September 3, 2020September is National Preparedness Month, which promotes family and community disaster planning. This year’s theme is “Disasters Don’t Wait. Make Your Plan Today.” The Cybersecurity and Infrastructure Security Agency (CISA) recommends users and administrators use this month as an opportunity to asses cybersecurity preparedness for cyber-related events, such as identity theft, ransomware infection, or a data breach. Learn more about preparing for a natural disaster or general emergency at Ready.gov/September. See Ready.gov/Cybersecurity and the following CISA Tips for resources on preparing for, and responding to, unexpected cyber-related events: Protecting Against Ransomware Avoiding Social Engineering and Phishing Attacks Preventing and Responding to Identity Theft Protecting Against Malicious Code This product is provided subject to this Notification and this Privacy & Use policy.
Cisco Releases Security Updates
Sep 3, 2020
Original release date: September 3, 2020Cisco has released security updates to address vulnerabilities in Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities see the Cisco Security Advisories page. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Cisco Advisories and apply the necessary updates: Jabber for Windows Message Handling Arbitrary Code Execution Vulnerability cisco-sa-jabber-UyTKCPGg Enterprise NFV Infrastructure Software File Overwrite Vulnerability cisco-sa-nfvis-file-overwrite-UONzPMkr Jabber for Windows Protocol Handler Command Injection Vulnerability cisco-sa-jabber-vY8M4KGB IOS XR Authenticated User Privilege Escalation Vulnerability cisco-sa-iosxr-cli-privescl-sDVEmhqv IOS XR Software Authenticated User Privilege Escalation Vulnerability cisco-sa-iosxr-LJtNFjeN This product is provided subject to this Notification and this Privacy & Use policy.
CISA Releases Joint Advisory on Approaches to Uncovering and Remediating Malicious Activity
Sep 1, 2020
Original release date: September 1, 2020The Cybersecurity and Infrastructure Security Agency (CISA)—in collaboration with the cybersecurity authorities of Australia, Canada, New Zealand, and the United Kingdom—has released a joint Cybersecurity Advisory that highlights technical approaches to uncovering malicious activity. This Advisory includes steps to enhance incident response among partners and network administrators. CISA encourages users and administrators to review AA20-245A: Technical Approaches to Uncovering and Remediating Malicious Activity for more information. This product is provided subject to this Notification and this Privacy & Use policy.
