US CERT Current Activity

CISA Adds One Known Exploited Vulnerability to Catalog

Apr 23, 2024

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2022-38028 Microsoft Windows Print Spooler Privilege Escalation Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Continue Reading ›

CISA Releases Two Industrial Control Systems Advisories

Apr 23, 2024

CISA released two Industrial Control Systems (ICS) advisories on April 23, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-051-03 Mitsubishi Electric Electrical Discharge Machines (Update A) ICSA-24-067-01 Chirp Systems Chirp Access (Update A) CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations.

Continue Reading ›

Cisco Releases Security Advisories for Cisco Integrated Management Controller

Apr 19, 2024

Cisco has released security advisories for vulnerabilities in the Cisco integrated management controller. A remote cyber threat actor could exploit one of these vulnerabilities to take control of an affected system.  Users and administrators are encouraged to review the following advisories and apply the necessary updates:  Cisco Integrated Management Controller CLI Command Injection Vulnerability Cisco Integrated Management Controller Web-Based Management Interface Command Injection Vulnerability

Continue Reading ›

CISA and Partners Release Advisory on Akira Ransomware

Apr 18, 2024

Today, CISA, the Federal Bureau of Investigation (FBI), Europol’s European Cybercrime Centre (EC3), and the Netherlands’ National Cyber Security Centre (NCSC-NL) released a joint Cybersecurity Advisory (CSA), #StopRansomware: Akira Ransomware, to disseminate known Akira ransomware tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) identified through FBI investigations as recently as February 2024. Evolving from an initial focus on Windows systems to a Linux variant targeting VMware ESXi virtual machines, Akira threat actors began deploying Megazord (a Rust-based code) and Akira (written in C++), including Akira_v2 (also Rust-based) in August 2023. Akira ransomware has impacted a wide range of businesses and critical infrastructure entities in North America, Europe, and Australia and claimed approximately $42 million (USD) in ransomware proceeds. CISA and partners encourage critical infrastructure organizations to review and implement the mitigations provided in the joint CSA to reduce the likelihood and impact of Akira and other ransomware incidents. For more information, see CISA’s #StopRansomware webpage and the updated #StopRansomware Guide.

Continue Reading ›

Oracle Releases Critical Patch Update Advisory for April 2024

Apr 18, 2024

Oracle released its quarterly Critical Patch Update Advisory for April 2024 to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.  Users and administrators are encouraged to review the following Critical Patch Update Advisory and apply the necessary updates:   April 2024 Critical Patch Update Advisory

Continue Reading ›

CISA Releases Three Industrial Control Systems Advisories

Apr 18, 2024

CISA released three Industrial Control Systems (ICS) advisories on April 18, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-109-01 Unitronics Vision Series PLCs ICSA-21-287-03 Mitsubishi Electric MELSEC iQ-R Series (Update B) ICSA-21-250-01 Mitsubishi Electric MELSEC iQ-R Series (Update B) CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations.

Continue Reading ›

CISA Releases Four Industrial Control Systems Advisories

Apr 16, 2024

CISA released four Industrial Control Systems (ICS) advisories on April 16, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-107-01 Measuresoft ScadaPro ICSA-24-107-02 Electrolink FM/DAB/TV Transmitter ICSA-24-107-03 Rockwell Automation ControlLogix and GuardLogix ICSA-24-107-04 RoboDK RoboDK CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations.

Continue Reading ›

Joint Guidance on Deploying AI Systems Securely

Apr 15, 2024

Today, the National Security Agency’s Artificial Intelligence Security Center (NSA AISC) published the joint Cybersecurity Information Sheet Deploying AI Systems Securely in collaboration with CISA, the Federal Bureau of Investigation (FBI), the Australian Signals Directorate’s Australian Cyber Security Centre (ASD ACSC), the Canadian Centre for Cyber Security (CCCS), the New Zealand National Cyber Security Centre (NCSC-NZ), and the United Kingdom’s National Cyber Security Centre (NCSC-UK). The guidance provides best practices for deploying and operating externally developed artificial intelligence (AI) systems and aims to: Improve the confidentiality, integrity, and availability of AI systems.  Ensure there are appropriate mitigations for known vulnerabilities in AI systems. Provide methodologies and controls to protect, detect, and respond to malicious activity against AI systems and related data and services. CISA encourages organizations deploying and operating externally developed AI systems to review and apply this guidance as applicable. CISA also encourages organizations to review previously published joint guidance on securing AI systems: Guidelines for secure AI system development and Engaging with Artificial Intelligence. For more CISA information and guidance on securing AI systems, see cisa.gov/ai.  

Continue Reading ›

Juniper Releases Security Bulletin for Multiple Juniper Products

Apr 12, 2024

Juniper has released security updates to address multiple vulnerabilities in Junos OS, Junos OS Evolved, Paragon Active Assurance and Junos OS: EX4300 Series. A cyber threat actor could exploit some of these vulnerabilities to cause a denial-of-service condition. Users and administrators are encouraged to review Juniper’s Support Portal and apply the necessary updates.

Continue Reading ›

Palo Alto Networks Releases Guidance for Vulnerability in PAN-OS, CVE-2024-3400

Apr 12, 2024

Palo Alto Networks has released workaround guidance for a command injection vulnerability (CVE-2024-3400) affecting PAN-OS versions 10.2, 11.0, and 11.1. Palo Alto Networks has reported active exploitation of this vulnerability in the wild.  CISA encourages users and administrators to review the Palo Alto Networks Security Advisory, apply the current mitigations, and update the affected software when Palo Alto Networks makes the fixes available.  CISA has also added this vulnerability to its Known Exploited Vulnerabilities Catalog. Additional resources: Palo Alto Networks: Threat Brief: Operation MidnightEclipse, Post-Exploitation Activity Related to CVE-2024-3400 Volexity: Zero-Day Exploitation of Unauthenticated Remote Code Execution Vulnerability in GlobalProtect (CVE-2024-3400) 

Continue Reading ›

Citrix Releases Security Updates for XenServer and Citrix Hypervisor

Apr 12, 2024

Citrix released security updates to address multiple vulnerabilities in XenServer and Citrix Hypervisor. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system.  CISA encourages users and administrators to review and apply the necessary updates:  XenServer and Citrix Hypervisor Security Update for CVE-2023-46842, CVE-2024-2201 and CVE-2024-31142

Continue Reading ›

CISA Adds One Known Exploited Vulnerability to Catalog

Apr 12, 2024

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-3400 Palo Alto Networks PAN-OS Command Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Continue Reading ›

CISA Adds Two Known Exploited Vulnerabilities to Catalog

Apr 11, 2024

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-3272 D-Link Multiple NAS Devices Use of Hard-Coded Credentials Vulnerability CVE-2024-3273 D-Link Multiple NAS Devices Command Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.  Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Continue Reading ›

CISA Issues Emergency Directive 24-02: Mitigating the Significant Risk from Nation-State Compromise of Microsoft Corporate Email System

Apr 11, 2024

Today, CISA publicly issued Emergency Directive (ED) 24-02 to address the recent campaign by Russian state-sponsored cyber actor Midnight Blizzard to exfiltrate email correspondence of Federal Civilian Executive Branch (FCEB) agencies through a successful compromise of Microsoft corporate email accounts. This Directive rhttps://www.cisa.gov/news-events/directives/ed-24-02-mitigating-significant-risk-nation-state-compromise-microsoft-corporate-email-systemequires agencies to analyze the content of exfiltrated emails, reset compromised credentials, and take additional steps to secure privileged Microsoft Azure accounts. While ED 24-02 requirements only apply to FCEB agencies, other organizations may also have been impacted by the exfiltration of Microsoft corporate email and are encouraged to contact their respective Microsoft account team for any additional questions or follow up. FCEB agencies and state and local government should utilize the distro MBFedResponse@Microsoft.com for any escalations and assistance with Microsoft. Regardless of direct impact, all organizations are strongly encouraged to apply stringent security measures, including strong passwords, multifactor authentication (MFA) and prohibited sharing of unprotected sensitive information via unsecure channels.

Continue Reading ›

CISA Releases Nine Industrial Control Systems Advisories

Apr 11, 2024

CISA released nine Industrial Control Systems (ICS) advisories on April 11, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-102-01 Siemens SIMATIC S7-1500 ICSA-24-102-02 Siemens SIMATIC WinCC ICSA-24-102-03 Siemens RUGGEDCOM APE1808 before V11.0.1 ICSA-24-102-04 Siemens RUGGEDCOM APE1808 ICSA-24-102-05 Siemens Scalance W1750D ICSA-24-102-06 Siemens Parasolid ICSA-24-102-07 Siemens SINEC NMS ICSA-24-102-08 Siemens Telecontrol Server Basic  ICSA-24-102-09 Rockwell Automation 5015-AENFTXT CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations.

Continue Reading ›

Compromise of Sisense Customer Data

Apr 11, 2024

CISA is collaborating with private industry partners to respond to a recent compromise discovered by independent security researchers impacting Sisense, a company that provides data analytics services. CISA urges Sisense customers to: Reset credentials and secrets potentially exposed to, or used to access, Sisense services.  Investigate—and report to CISA—any suspicious activity involving credentials potentially exposed to, or used to access, Sisense services. CISA is taking an active role in collaborating with private industry partners to respond to this incident, especially as it relates to impacted critical infrastructure sector organizations. We will provide updates as more information becomes available. 

Continue Reading ›

Microsoft Releases April 2024 Security Updates 

Apr 9, 2024

Microsoft released security updates to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.   Users and administrators are encouraged to review the following and apply the necessary updates:   Microsoft Security Update Guide for April

Continue Reading ›

Adobe Releases Security Updates for Multiple Products 

Apr 9, 2024

Adobe has released security updates to address multiple vulnerabilities in Adobe software. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. Users and administrators are encouraged to review the following Adobe Security Bulletins and apply the necessary updates:   Adobe After Effects Adobe Photoshop Adobe Commerce and Magento Adobe InDesign Adobe Experience Manager Adobe Media Encoder Adobe Bridge Adobe Illustrator Adobe Animate

Continue Reading ›

CISA Releases One Industrial Control Systems Advisory

Apr 9, 2024

CISA released one Industrial Control Systems (ICS) advisory on April 9, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-100-01 SUBNET PowerSYSTEM Server and Substation Server CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations.

Continue Reading ›

Fortinet Releases Security Updates for Multiple Products

Apr 9, 2024

Fortinet released security updates to address vulnerabilities in multiple products, including OS and FortiProxy. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.  CISA encourages users and administrators to review the following advisories and apply necessary updates:  FR-IR-23-345 FortiClientMac - Lack of configuration file validation FG-IR-23-493 FortiOS & FortiProxy - Administrator cookie leakage FG-IR-23-087 FortiClient Linux - Remote Code Execution due to dangerous   nodejs configuration

Continue Reading ›

Pages

Related Content

Best Practices

10 Best Pactices

Our 10 Best Pactices

Contact Us

Contact Information Security at 756-7000

Contacts

Did you know?

Stay Safe Online Tips