US CERT Current Activity
Mozilla Releases Security Updates for Multiple Products
Nov 16, 2022
Original release date: November 16, 2022Mozilla has released security updates to address vulnerabilities in Thunderbird, Firefox ESR, and Firefox. An attacker could exploit these vulnerabilities to cause user confusion or conduct spoofing attacks. CISA encourages users and administrators to review Mozilla’s security advisories for Thunderbird 102.5, Firefox ESR 102.5, and Firefox 107 for mitigations and updates. This product is provided subject to this Notification and this Privacy & Use policy.
CISA and FBI Release Advisory on Iranian Government-Sponsored APT Actors Compromising Federal Network
Nov 16, 2022
Original release date: November 16, 2022Today, CISA and the Federal Bureau of Investigation (FBI) published a joint Cybersecurity Advisory (CSA), Iranian Government-Sponsored APT Actors Compromise Federal Network, Deploy Crypto Miner, Credential Harvester. The CSA provides information on an incident at a Federal Civilian Executive Branch (FCEB) organization in which Iranian government-sponsored APT actors exploited a Log4Shell vulnerability in unpatched VMware Horizon server. The CSA includes a malware analysis report (MAR), MAR-10387061-1-v1 XMRig Cryptocurrency Mining Software, on the mining software that the APT actors used against the compromised FCEB network. The CSA also provides tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) obtained from the incident response as well as recommended mitigations. CISA and FBI strongly recommend organizations apply the recommended mitigations and defensive measures, which include: Updating affected VMware Horizon and unified access gateway (UAG) systems to the latest version. Minimizing your organization’s internet-facing attack surface. Exercising, testing, and validating your organization's security program against the threat behaviors mapped to the MITRE ATT&CK for Enterprise framework in the CSA. Testing your organization’s existing security controls against the ATT&CK techniques described in the CSA. For additional information on malicious Iranian government-sponsored cyber activity, see CISA’s Iran Cyber Threat Overview and Advisories webpage and FBI’s Iran Threats webpage. This product is provided subject to this Notification and this Privacy & Use policy.
CISA Releases One Industrial Control Systems Advisory
Nov 15, 2022
Original release date: November 15, 2022CISA released one Industrial Control Systems (ICS) advisory on November 15, 2022. This advisory provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations: ICSA-22-319-01 Mitsubishi Electric GT SoftGOT2000 This product is provided subject to this Notification and this Privacy & Use policy.
CISA Has Added One Known Exploited Vulnerability to Catalog
Nov 14, 2022
Original release date: November 14, 2022CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. This type of vulnerability is a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: To view the newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column, which will sort by descending dates. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise. BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the specified criteria. This product is provided subject to this Notification and this Privacy & Use policy.
CISA Releases SSVC Methodology to Prioritize Vulnerabilities
Nov 10, 2022
Original release date: November 10, 2022Today CISA published its guide on Stakeholder-Specific Vulnerability Categorization (SSVC), a vulnerability management methodology that assesses vulnerabilities and prioritizes remediation efforts based on exploitation status, impacts to safety, and prevalence of the affected product in a singular system. As stated in Executive Assistant Director (EAD) Eric Goldstein's blog post Transforming the Vulnerability Management Landscape, implementing a methodology, such as SSVC, is a critical step to advancing the vulnerability management ecosystem. Additionally, the blog details advances—including CISA's Known Exploited Vulnerabilities (KEV) catalog, Common Security Advisory Framework (CSAF) machine-readable security advisories, and the Vulnerability Exploitability eXchange (VEX)—that, used in conjunction with SSVC, will reduce the window cyber threat actors have to exploit networks. CISA encourages organizations to read EAD Goldstein's blog post and to use the following resources on the SSVC webpage to strengthen their vulnerability management processes: CISA's SSVC decision tree SSVC Guide on using SSVC and the SSVC decision tree SSVC Calculator for prioritizing vulnerability responses in an organization’s respective environment This product is provided subject to this Notification and this Privacy & Use policy.
Cisco Releases Security Updates for Multiple Products
Nov 10, 2022
Original release date: November 10, 2022Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. CISA encourages users and administrators to review the following advisories and apply the necessary updates: • Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SSL/TLS Client Denial of Service Vulnerability cisco-sa-ssl-client-dos-cCrQPkA • Cisco Secure Firewall 3100 Series Secure Boot Bypass Vulnerability cisco-sa-fw3100-secure-boot-5M8mUh26 • Cisco Firepower Threat Defense Software Generic Routing Encapsulation Denial of Service Vulnerability cisco-sa-ftd-gre-dos-hmedHQPM • Cisco FirePOWER Software for ASA FirePOWER Module, Firepower Management Center Software, and NGIPS Software SNMP Default Credential Vulnerability cisco-sa-fmcsfr-snmp-access-6gqgtJ4S • Cisco Firepower Management Center and Firepower Threat Defense Software SSH Denial of Service Vulnerability cisco-sa-fmc-dos-OwEunWJN • Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SNMP Denial of Service Vulnerability cisco-sa-asaftd-snmp-dos-qsqBNM6x • Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Dynamic Access Policies Denial of Service Vulnerability cisco-sa-asa-ftd-dap-dos-GhYZBxDU This product is provided subject to this Notification and this Privacy & Use policy.
CISA Releases Twenty Industrial Control Systems Advisories
Nov 10, 2022
Original release date: November 10, 2022CISA has released twenty (20) Industrial Control Systems (ICS) advisories on November 10, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-22-314-01 Siemens Parasolid ICSA-22-314-02 Siemens Missing Web Server Login Page of Industrial Controllers ICSA-22-314-03 Siemens SINEC Network Management System Logback Component ICSA-22-314-04 Siemens SINUMERIK ONE and SINUMERIK MC ICSA-22-314-05 Siemens RUGGEDCOM ROS ICSA-22-314-06 Siemens QMS Automotive ICSA-22-314-07 Omron NJNX-series Machine Automation Controllers ICSA-22-314-08 Omron NJNX-series ICSA-22-314-09 Siemens Teamcenter Visualization and JT2Go ICSA-22-314-10 Siemens SCALANCE W1750D ICSA-22-314-11 Siemens SICAM Q100 ICSA-21-350-06 Siemens CAPITAL VSTAR (Update A) ICSA-22-286-15 Siemens SCALANCE X-200 and X-200IRT Families (Update A) ICSA-22-258-03 Siemens RUGGEDCOM ROS (Update A) ICSA-22-228-02 LS ELEC PLC and XG5000 (Update A) ICSA-22-298-06 Delta Electronic DIAEnergie (Update A) ICSA-22-258-04 Siemens Mendix SAML Module (Update A) ICSA-22-286-11 Siemens SCALANCE and RUGGEDCOM Products (Update A) ICSA-21-350-13 Siemens Questa and ModelSim (Update A) ICSA-22-069-01 Siemens RUGGEDCOM Devices (Update C) This product is provided subject to this Notification and this Privacy & Use policy.
CISA Updates Advisory on Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite
Nov 10, 2022
Original release date: November 10, 2022CISA and the Multi-State Information Sharing & Analysis Center (MS-ISAC) have updated joint Cybersecurity Advisory AA22-228A: Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite, originally released August 16, 2022. The advisory has been updated to include an additional Malware Analysis Report containing new indicators of compromise. CISA encourages organizations to review the latest update to AA22-228A and apply the recommended mitigations. This product is provided subject to this Notification and this Privacy & Use policy.
Microsoft Releases November 2022 Security Updates
Nov 9, 2022
Original release date: November 9, 2022Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s November 2022 Security Update Guide and Deployment Information and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
VMware Releases Security Updates
Nov 9, 2022
Original release date: November 9, 2022VMware has released security updates to address multiple vulnerabilities in VMware Workspace ONE Assist. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory VMSA-2022-0028 and apply the necessary updates and workarounds. This product is provided subject to this Notification and this Privacy & Use policy.
Citrix Releases Security Updates for ADC and Gateway
Nov 9, 2022
Original release date: November 9, 2022Citrix has released security updates to address vulnerabilities in Citrix ADC and Citrix Gateway. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Citrix Security Updates CTX463706 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
CISA Adds Seven Known Exploited Vulnerabilities to Catalog
Nov 8, 2022
Original release date: November 8, 2022CISA has added seven vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column, which will sort by descending dates. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise. BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the specified criteria. This product is provided subject to this Notification and this Privacy & Use policy.
Cisco Releases Security Updates for Multiple Products
Nov 3, 2022
Original release date: November 3, 2022Cisco has released security updates for vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. CISA encourages users and administrators to review the advisories and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Apple Releases Security Update for Xcode
Nov 3, 2022
Original release date: November 3, 2022Apple has released a security update to address vulnerabilities in Xcode. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apple security page for Xcode 14.1 and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.
CISA Releases Three Industrial Control Systems Advisories
Nov 3, 2022
Original release date: November 3, 2022CISA has released three (3) Industrial Control Systems (ICS) advisories on November 3, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: • ICSA-22-307-01 ETIC RAS • ICSA-22-307-02 Nokia ASIK 5G AirScale System Module • ICSA-22-307-03 Delta Industrial Automation DIALink This product is provided subject to this Notification and this Privacy & Use policy.
OpenSSL Releases Security Update
Nov 1, 2022
Original release date: November 1, 2022OpenSSL has released a security advisory to address two vulnerabilities, CVE-2022-3602 and CVE-2022-3786, affecting OpenSSL versions 3.0.0 through 3.0.6. Both CVE-2022-3602 and CVE-2022-3786 can cause a denial of service. According to OpenSSL, a cyber threat actor leveraging CVE-2022-3786, "can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution," allowing them to take control of an affected system. CISA encourages users and administrators to review the OpenSSL advisory, blog, OpenSSL 3.0.7 announcement, and upgrade to OpenSSL 3.0.7. For additional information on affected products, see the 2022 OpenSSL vulnerability - CVE-2022-3602 GitHub repository, jointly maintained by the Netherland's National Cyber Security Centrum (NCSC-NL) and CISA. This product is provided subject to this Notification and this Privacy & Use policy.
CISA Upgrades to TLP 2.0
Nov 1, 2022
Original release date: November 1, 2022Today, CISA officially upgraded to Traffic Light Protocol (TLP) 2.0, which facilitates greater information sharing and collaboration. CISA made this upgrade in accordance with the recommendation from the Forum of Incident Response and Security Teams to upgrade to TLP 2.0 by January 2023. Key TLP 2.0 updates: TLP 2.0 changes TLP:WHITE to TLP:CLEAR. TLP 2.0 adds the designation TLP:AMBER+STRICT, which instructs the recipient to keep the information strictly within their organization only. Note: CISA’s Automated Indicator Sharing (AIS) capability will not update from TLP 1.0 to TLP 2.0 until March 2023. This exception includes AIS’s use of the following open standards: the Structured Threat Information Expression (STIX™) for cyber threat indicators and defensive measures information and the Trusted Automated Exchange of Intelligence Information (TAXII™) for machine-to-machine communications. CISA encourage all individuals and organizations in the cybersecurity community to adopt TLP 2.0. For more information, see CISA’s TLP webpage, www.cisa.gov/tlp and FIRST's TLP webpage, https://www.first.org/tlp/. This product is provided subject to this Notification and this Privacy & Use policy.
CISA Releases One Industrial Control Systems Advisory
Nov 1, 2022
Original release date: November 1, 2022CISA released one Industrial Control Systems (ICS) advisory on November 1, 2022. This advisory provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations: ICSA-22-221-01 Mitsubishi Electric Multiple Factory Automation Products (Update C) This product is provided subject to this Notification and this Privacy & Use policy.
CISA Releases Guidance on Phishing-Resistant and Numbers Matching Multifactor Authentication
Oct 31, 2022
Original release date: October 31, 2022CISA has released two fact sheets to highlight threats against accounts and systems using certain forms of multifactor authentication (MFA). CISA strongly urges all organizations to implement phishing-resistant MFA to protect against phishing and other known cyber threats. If an organization using mobile push-notification-based MFA is unable to implement phishing-resistant MFA, CISA recommends using number matching to mitigate MFA fatigue. Although number matching is not as strong as phishing-resistant MFA, it is one of best interim mitigation for organizations who may not immediately be able to implement phishing-resistant MFA. CISA recommends users and organizations see CISA fact sheets Implementing Phishing-Resistant MFA and Implementing Number Matching in MFA Applications. Visit CISA.gov/MFA for more information on MFA, including an infographic of the hierarchy of MFA options. This product is provided subject to this Notification and this Privacy & Use policy.
CISA Has Added One Known Exploited Vulnerability to Catalog
Oct 28, 2022
Original release date: October 28, 2022CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. This type of vulnerability is a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: To view the newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column, which will sort by descending dates. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise. BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the specified criteria. This product is provided subject to this Notification and this Privacy & Use policy.
