US CERT Current Activity

Subscribe to US CERT Current Activity feed
A regularly updated summary of the most frequent, high-impact security incidents currently being reported to the US-CERT.

Joint CISA FBI MS-ISAC Guide on Responding to DDoS Attacks and DDoS Guidance for Federal Agencies

Oct 28, 2022

Original release date: October 28, 2022CISA, the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) have released Understanding and Responding to Distributed Denial-of-Service Attacks to provide organizations proactive steps to reduce the likelihood and impact of distributed denial-of-service (DDoS) attacks. The guidance is for both network defenders and leaders to help them understand and respond to DDoS attacks, which can cost an organization time, money, and reputational damage. Concurrently, CISA has released Capacity Enhancement Guide (CEG): Additional DDoS Guidance for Federal Agencies, which provides federal civilian executive branch (FCEB) agencies additional DDoS guidance, including recommended FCEB contract vehicles and services that provide DDoS protection and mitigations.  CISA encourages all network defenders and leaders to review: Joint guide: Understanding and Responding to Distributed Denial-of-Service Attacks https://www.cisa.gov/sites/default/files/publications/understanding-and-responding-to-ddos-attacks_508c.pdf CEG: Additional DDoS Guidance for Federal Agencies https://www.cisa.gov/sites/default/files/publications/ceg-additional-ddos-guidance-for-federal-agencies_508c.pdf Tip: Understanding Denial-of-Service Attacks https://www.cisa.gov/uscert/ncas/tips/ST04-015 This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

VMware Releases Security Updates

Oct 28, 2022

Original release date: October 28, 2022VMware has released security updates to address multiple vulnerabilities in VMware Cloud Foundation. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory VMSA-2022-002 and apply the necessary updates and workarounds. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

CISA Releases Four Industrial Control Systems Advisories

Oct 27, 2022

Original release date: October 27, 2022CISA has released four (4) Industrial Control Systems (ICS) advisories on October 27, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations: •    ICSA-22-300-01 Rockwell Automation FactoryTalk Alarm and Events Server •    ICSA-22-300-02 SAUTER Controls moduWeb •    ICSA-22-300-03 Rockwell Automation Stratix Devices Containing Cisco IOS •    ICSA-22-300-04 Trihedral VTScada This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Apple Releases Security Updates for Multiple Products 

Oct 26, 2022

Original release date: October 26, 2022Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected device.    CISA encourages users and administrators to review the Apple security updates page for the following products and apply the necessary updates as soon as possible:  •    Safari 16.1  •    iOS 16.1 and iPadOS 16  •    macOS Big Sur 11.7.1  •    macOS Monterey 12.6.1 •    macOS Ventura 13  •    tvOS 16.1  •    watchOS 9.1  This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Samba Releases Security Updates 

Oct 26, 2022

Original release date: October 26, 2022The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.  CISA encourages users and administrators to review the following Samba Security Announcements and apply the necessary updates and workarounds.  •    CVE-2022-3437   •    CVE-2022-3592 This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

CISA Has Added One Known Exploited Vulnerability to Catalog    

Oct 25, 2022

Original release date: October 25, 2022CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. This type of vulnerability is a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: To view the newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column, which will sort by descending dates.       Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise. BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.    Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the specified criteria.  This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

CISA Releases Eight Industrial Control Systems Advisories

Oct 25, 2022

Original release date: October 25, 2022CISA has released eight (8) Industrial Control Systems (ICS) advisories on October 25, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations: •    ICSMA-22-298-01 AliveCor KardiaMobile •    ICSA-22-298-01 Haas Controller •    ICSA-22-298-02 HEIDENHAIN Controller TNC •    ICSA-22-298-03 Siemens Siveillance Video Mobile Server •    ICSA-22-298-04 Hitachi Energy MicroSCADA X DMS600 •    ICSA-22-298-05 Johnson Controls CKS CEVAS •    ICSA-22-298-06 Delta Electronics DIAEnergie •    ICSA-22-298-07 Delta Electronics InfraSuite Device Master This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

CISA Upgrades to Version 2.0 of Traffic Light Protocol in One Week – Join Us!

Oct 25, 2022

Original release date: October 25, 2022On Nov. 1, 2022, CISA will upgrade from Traffic Light Protocol (TLP) 1.0 to TLP 2.0 in accordance with the recommendation by the Forum of Incident Response Security Teams (FIRST) that organizations move to 2.0 by the end of 2022. TLP Version 2.0 brings the following key updates: TLP:CLEAR replaces TLP:WHITE for publicly releasable information. TLP:AMBER+STRICT supplements TLP:AMBER, clarifying when information  may be shared with the recipient’s organization only. CISA encourages all network defenders and partners to upgrade to TLP Version 2.0 to facilitate greater information sharing and collaboration. For more information see: On Nov. 1, CISA Upgrades to Traffic Light Protocol 2.0 — Join Us! by Tom Millar, Cybersecurity Senior Advisor, CISA, and Co-chair of the FIRST TLP Special Interest Group (SIG) CISA.gov/TLP, which contains links to CISA’s TLP 2.0 User Guide and Fact Sheet FIRST.org/TLP This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

CISA Adds Six Known Exploited Vulnerabilities to Catalog

Oct 24, 2022

Original release date: October 24, 2022CISA has added six vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column, which will sort by descending dates.       Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise. BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.    Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the specified criteria.      This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

#StopRansomware: Daixin Team

Oct 21, 2022

Original release date: October 21, 2022CISA, the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) have released a joint Cybersecurity Advisory (CSA), #StopRansomware: Daixin Team to provide information on the “Daixin Team,” a cybercrime group actively targeting U.S. businesses, predominantly in the Healthcare and Public Health (HPH) Sector, with ransomware and data extortion operations. This joint CSA provides Daixin actors’ tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) obtained from FBI threat response activities and third-party reporting. CISA encourages HPH Sector organizations to review #StopRansomware: Daixin Team and to apply the recommended Mitigations. See StopRansomware.gov for additional guidance on ransomware protection, detection, and response. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Cisco Releases Security Update for Cisco Identity Services Engine 

Oct 21, 2022

Original release date: October 21, 2022Cisco has released a security update to address vulnerabilities affecting Cisco Identity Services Engine (ISE). A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing high and low severity vulnerabilities, see the Cisco Security Advisories page.  CISA encourages users and administrators to review Cisco Advisory cisco-sa-ise-path-trav-Dz5dpzyM and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

CISA Adds Two Known Exploited Vulnerabilities to Catalog   

Oct 20, 2022

Original release date: October 20, 2022CISA has added two vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column, which will sort by descending dates.       Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise. BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.    Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the specified criteria. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

CISA Releases Three Industrial Control Systems Advisories

Oct 20, 2022

Original release date: October 20, 2022CISA has released three (3) Industrial Control Systems (ICS) advisories on October 20, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: •    ICSA-22-293-01 Bentley Systems MicroStation Connect •    ICSMA-21-294-01 B Braun Infusomat Space Large Volume Pump (Update A) •    ICSMA-20-296-02 B. Braun SpaceCom Battery Pack SP with Wi-Fi and Data module compactplus (Update A) This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Mozilla Releases Security Updates for Firefox

Oct 20, 2022

Original release date: October 20, 2022Mozilla has released security updates to address vulnerabilities in Firefox ESR and Firefox. An attacker could exploit these vulnerabilities to cause denial-of-service conditions. CISA encourages users and administrators to review Mozilla’s security advisories for Firefox ESR 102.4 and Firefox 106 for mitigations and updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

CISA Requests for Comment on Microsoft 365 Security Configuration Baselines

Oct 20, 2022

Original release date: October 20, 2022CISA has issued requests for comment (RFCs) on eight Microsoft 365 security configuration baselines as part of the Secure Cloud Business Application (SCuBA) project to secure federal civilian executive branch agencies’ (FCEB) cloud environments. The baselines: •    Build on and integrate previous security configuration baselines developed by the Federal Chief Information Officers Council’s Cyber Innovation Tiger Team (CITT). •    Initiate a series of pilot efforts to advance cloud security practices across the FCEB.  •    Aim to enhance the security of FCEB cloud business application environments through additional configurations, settings, and security products.  Visit CISA.gov/SCuBA and CISA's SCuBA GitHub page for more information and to review the baselines. The RFC period is open until Nov. 24, 2022. CISA is specifically requesting insight on the feasibility, clarity, and usefulness of the baselines. Comments should be submitted to: QSMO@CISA.dhs.gov. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

CISA Updates Advisory on Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite

Oct 19, 2022

Original release date: October 19, 2022CISA and the Multi-State Information Sharing & Analysis Center (MS-ISAC) have updated joint Cybersecurity Advisory AA22-228A: Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite, originally released August 16, 2022. The advisory has been updated to reference the addition of a new Malware Analysis Report, MAR-10398871.r1.v2. CISA encourages organizations to review the latest update to AA22-228A and apply the recommended mitigations. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Oracle Releases October 2022 Critical Patch Update

Oct 19, 2022

Original release date: October 19, 2022Oracle has released its Critical Patch Update for October 2022. This update addresses 366 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Oracle’s October 2022 Critical Patch Update and apply the necessary mitigations. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

CISA Releases Two Industrial Control Systems Advisories

Oct 18, 2022

Original release date: October 18, 2022CISA released two Industrial Control Systems (ICS) advisories on October 18, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-22-291-01 Advantech R-SeeNet ICSA-21-336-06 Hitachi Energy APM Edge (Update A) This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

CISA Releases RedEye: Red Team Campaign Visualization and Reporting Tool

Oct 14, 2022

Original release date: October 14, 2022CISA has released RedEye, an interactive open-source analytic tool to visualize and report Red Team command and control activities. RedEye allows an operator to quickly assess complex data, evaluate mitigation strategies, and enable effective decision making. For more information, CISA encourages users to review RedEye on GitHub and watch CISA’s RedEye tool overview video. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

CISA Releases Twenty-Five Industrial Control Systems Advisories

Oct 13, 2022

Original release date: October 13, 2022CISA has released twenty-five (25) Industrial Control Systems (ICS) advisories on October 13, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: •    ICSA-22-286-01 Siemens LOGO! •    ICSA-22-286-02 Siemens Industrial Edge Management •    ICSA-22-286-03 Siemens Solid Edge •    ICSA-22-286-04 Siemens SIMATIC S7-1200 and S7-1500 CPU Families •    ICSA-22-286-05 Hitachi Energy Lumada Asset Performance Management Prognostic Model Executor Service •    ICSA-22-286-06 Siemens Desigo PXM Devices Webserver •    ICSA-22-286-07 Siemens Nucleus RTOS FTP Server •    ICSA-22-286-08 Siemens TCP Event Service of SCALANCE and RUGGEDCOM Devices •    ICSA-22-286-09 Siemens SICAM P850 and P855 Devices •    ICSA-22-286-10 Siemens JT Open Toolkit and Simcenter Femap •    ICSA-22-286-11 Siemens SCALANCE and RUGGEDCOM Products •    ICSA-22-286-12 Siemens APOGEE, TALON and Desigo PXC/PXM Products •    ICSA-22-286-13 Siemens LOGO! 8 BM Devices •    ICSA-22-286-14 Siemens SIMATIC HMI Panels •    ICSA-22-286-15 Siemens SCALANCE X-200 and X-200IRT Families •    ICSA-22-286-16 Siemens Desigo CC and Cerberus DMS •    ICSA-21-250-01 Mitsubishi Electric MELSEC iQ-R Series (UpdateA) •    ICSA-21-287-03 Mitsubishi Electric MELSEC iQ-R Series (UpdateA) •    ICSA-22-104-06 Siemens PROFINET Stack Integrated on Interniche Stack (Update D) •    ICSA-22-069-03 Siemens SINEC NMS (Update A) •    ICSA-21-287-07 Siemens SCALANCE (Update A) •    ICSA-21-315-06 Siemens SCALANCE W1750D (Update A) •    ICSA-22-167-06 Siemens Apache HTTP Server (Update A) •    ICSA-22-167-14 Siemens OpenSSL Affected Industrial Products (Update D) •    ICSA-22-132-08 Siemens Industrial Products with OPC UA (Update C)   This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Pages

Related Content

Best Practices

10 Best Pactices

Our 10 Best Pactices

Contact Us

Contact Information Security at 756-7000

Contacts

Did you know?

Stay Safe Online Tips