US CERT Current Activity

CISA Adds Two Known Exploited Vulnerabilities to Catalog

Dec 21, 2023

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-49897 FXC AE1021, AE1021PE OS Command Injection Vulnerability CVE-2023-47565 QNAP VioStor NVR OS Command Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Continue Reading ›

CISA Releases Microsoft 365 Secure Configuration Baselines and SCuBAGear Tool

Dec 21, 2023

CISA has published the finalized Microsoft 365 Secure Configuration Baselines, designed to bolster the security and resilience of organizations’ Microsoft 365 (M365) cloud services. This guidance release is accompanied by the updated SCuBAGear tool that assesses organizations’ M365 cloud services per CISA’s recommended baselines. Today’s release incorporates stakeholder input from last year’s public comment period and pilot effort with federal agencies. Changes to the draft Microsoft 365 Secure Configuration Baselines were integrated with the SCuBAGear tool, which is also now more automated to reduce organization effort. CISA thanks all whose input took this guidance from a series of best practices to actionable policies and made the SCuBAGear tool easier to use. Organizations are urged to review these baselines and utilize the SCuBAGear tool. For more information, read CISA’s blog and contact CISA’s Cybersecurity Shared Services Office for additional support.

Continue Reading ›

CISA Releases Two Industrial Control Systems Advisories

Dec 21, 2023

CISA released two Industrial Control Systems (ICS) advisories on December 21, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-355-01 FXC AE1021/AE1021PE ICSA-23-355-02 QNAP VioStor NVR CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations.

Continue Reading ›

Apple Releases Security Updates for Multiple Products

Dec 20, 2023

Apple has released security updates to address vulnerabilities in Safari, iOS, iPadOS, and macOS Sonoma. A cyber threat actor could exploit one of these vulnerabilities to obtain sensitive information. CISA encourages users and administrators to review Apple security releases and apply necessary updates.

Continue Reading ›

Mozilla Releases Security Updates for Firefox and Thunderbird

Dec 20, 2023

Mozilla has released security updates to address vulnerabilities in Firefox and Thunderbird. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories and apply the necessary updates: Firefox 121 Thunderbird 115.6 Firefox ESR 115.6

Continue Reading ›

CISA Releases Seven Industrial Control Systems Advisories

Dec 19, 2023

CISA released seven Industrial Control Systems (ICS) advisories on December 19, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-353-01 Subnet Solutions Inc. PowerSYSTEM Center ICSA-23-353-02 EFACEC BCU 500 ICSA-23-353-03 EFACEC UC 500E  ICSA-23-353-04 Open Design Alliance Drawing SDK ICSA-23-353-05 EuroTel ETL3100 Radio Transmitter ICSA-23-341-03 Johnson Controls Metasys and Facility Explorer (Update A)  ICSA-20-303-01 Mitsubishi Electric MELSEC iQ-R, Q, and L Series (Update D)   CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations.

Continue Reading ›

CISA and FBI Release Advisory on ALPHV Blackcat Affiliates

Dec 19, 2023

Today, CISA and the Federal Bureau of Investigation (FBI) released a joint Cybersecurity Advisory (CSA), #StopRansomware: ALPHV Blackcat, to disseminate known ALPHV Blackcat affiliates’ tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) identified through FBI investigations as recently as Dec. 6, 2023. The advisory also provides updates to the FBI FLASH BlackCat/ALPHV Ransomware Indicators of Compromise released April 19, 2022. ALPHV Blackcat affiliates have extensive networks and experience with ransomware and data extortion operations. FBI investigations, as of September 2023, place the number of compromised entities at over 1000—over half of which are in the United States and approximately 250 outside the United States. CISA and FBI encourage critical infrastructure organizations to review and implement the mitigations provided in the joint CSA to reduce the likelihood and impact of ALPHV Blackcat ransomware and data extortion incidents. For more information, see CISA’s #StopRansomware webpage, which includes the updated #StopRansomware Guide.

Continue Reading ›

FBI, CISA, and ASD’s ACSC Release Advisory on Play Ransomware

Dec 18, 2023

Today, the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Australian Signals Directorate’s Australian Cyber Security Centre (ASD's ACSC) released a joint Cybersecurity Advisory (CSA), #StopRansomware: Play Ransomware, to disseminate Play ransomware group’s tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) identified through FBI investigations as recently as October 2023. Play ransomware actors employ a double-extortion model, encrypting systems after exfiltrating data and have impacted a wide range of businesses and critical infrastructure organizations in North America, South America, Europe, and Australia. FBI, CISA, and the ASD’s ACSC encourage organizations review and implement the recommendations provided in the joint CSA to reduce the likelihood and impact of Play and other ransomware incidents. For more information, see CISA’s #StopRansomware webpage, which includes the updated #StopRansomware Guide.

Continue Reading ›

CISA Releases Advisory on Cyber Resilience for the HPH Sector

Dec 15, 2023

Today, CISA released a Cybersecurity Advisory, Enhancing Cyber Resilience: Insights from the CISA Healthcare and Public Health Sector Risk and Vulnerability Assessment, that details findings from our risk and vulnerability assessments of a Health and Public Health (HPH) Sector organization. CISA encourages all critical infrastructure organizations as well as software manufacturers to review the advisory and apply recommendations. The recommendations detail how organizations can harden networks to improve cyber resilience and reduce the likelihood of domain compromise. CISA encourages HPH Sector organizations to visit our Healthcare and Public Health Cybersecurity page for the new HPH Cybersecurity Toolkit.

Continue Reading ›

CISA Secure by Design Alert Urges Manufacturers to Eliminate Default Passwords

Dec 15, 2023

Today, CISA published guidance on How Manufacturers Can Protect Customers by Eliminating Default Passwords as a part of our new Secure by Design (SbD) Alert series. This SbD Alert urges technology manufacturers to proactively eliminate the risk of default password exploitation by implementing principles one and three of the joint guidance, Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Secure by Design Software: Take ownership of customer security outcomes. Build organizational structure and leadership to achieve these goals.  By implementing these two principles in their design, development, and delivery processes, software manufactures will prevent exploitation of static default passwords in their customers’ systems. CISA urges technology manufacturers to read and implement the guidance in this second SbD Alert in our new series that focuses on how vendor decisions can reduce harm at a global scale.

Continue Reading ›

FortiGuard Releases Security Updates for Multiple Products

Dec 14, 2023

FortiGuard has released security updates to address vulnerabilities in multiple FortiGuard products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories and apply necessary updates: FG-IR-23-196: Double free in cache management FG-IR-22-038: FortiMail, FortiNDR, FortiRecorder, FortiSwitch, FortiVoice – Cross-site scripting forgery (CSRF) in HTTPd CLI console FG-IR-23-138: FortiOS, FortiProxy – Format String Bug in HTTPSd

Continue Reading ›

CISA Releases Seventeen Industrial Control Systems Advisories

Dec 14, 2023

CISA released seventeen Industrial Control Systems (ICS) advisories on December 14, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-348-01 Cambium ePMP 5GHz Force 300-25 Radio  ICSA-23-348-02 Johnson Controls Kantech Gen1 ioSmart ICSA-23-348-03 Siemens User Management Component (UMC) ICSA-23-348-04 Siemens LOGO! and SIPLUS LOGO! ICSA-23-348-05 Siemens SIMATIC and SIPLUS Products ICSA-23-348-06 Siemens OPC UA Implementation in SINUMERIK ONE and SINUMERIK MC ICSA-23-348-07 Siemens SIMATIC STEP 7 (TIA Portal) ICSA-23-348-08 Siemens Web Server of Industrial Products ICSA-23-348-09 Siemens Simantic S7-1500 CPU family ICSA-23-348-10 Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1 ICSA-23-348-11 Siemens SINUMERIK ICSA-23-348-12 Siemens SICAM Q100 Devices ICSA-23-348-13 Siemens SCALANCE and RUGGEDCOM M-800/S615 Family ICSA-23-348-14 Siemens RUGGEDCOM and SCALANCE M-800/S615 Family ICSA-23-348-15 Unitronics VisiLogic ICSA-23-348-16 Siemens SINEC INS ICSMA-20-254-01 Philips Patient Monitoring Devices (Update C) CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations.

Continue Reading ›

CISA and Partners Release Advisory on Russian SVR-affiliated Cyber Actors Exploiting CVE-2023-42793

Dec 13, 2023

Today, CISA—along with the U.S. Federal Bureau of Investigation (FBI), National Security Agency (NSA), Polish Military Counterintelligence Service (SKW), CERT Polska (CERT.PL), and the UK’s National Cyber Security Centre (NCSC)—released a joint Cybersecurity Advisory (CSA), Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally. Since September 2023, Russian Foreign Intelligence Service (SVR)-affiliated cyber actors (also known as Advanced Persistent Threat 29 (APT 29), the Dukes, CozyBear, and NOBELIUM/Midnight Blizzard) have been targeting servers hosting JetBrains TeamCity software that ultimately enabled them to bypass authorization and conduct arbitrary code execution on the compromised server. The joint CSA provides information on the SVR’s most recent compromise, actionable indicators of compromise (IOCs), and SIGMA and YARA rules. The authoring agencies encourage network defenders and organizations review the joint CSA for recommended mitigations and rules. For more information on affiliated advanced persistent threats, see CISA’s Advanced Persistent Threats and Nation-State Actors and Russia Cyber Threat Overview and Advisories webpages. For more guidance to protect against the most common and impactful threats, visit CISA’s Cross-Sector Cybersecurity Performance Goals.

Continue Reading ›

The Apache Software Foundation Updates Struts 2

Dec 12, 2023

The Apache Software Foundation has released security updates to address a vulnerability (CVE-2023-50164) in Struts 2. A remote attacker could exploit this vulnerability to take control of an affected system. Users and administrators are encouraged to review the Apache Security Bulletin and upgrade to Struts 2.5.33 or Struts 6.3.0.2 or greater.

Continue Reading ›

Apple Releases Security Updates for Multiple Products

Dec 12, 2023

Apple has released security updates for Safari, iOS and iPadOS, Sonoma, Ventura, and Monterey to address multiple vulnerabilities. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories and apply necessary updates: Safari 17.2 iOS 17.2 and iPadOS 17.2 iOS 16.7.3 and iPadOS 16.7.3 macOS Sonoma 14.2 macOS Ventura 13.6.3 macOS Monterey 12.7.2

Continue Reading ›

Adobe Releases Security Updates for Multiple Products

Dec 12, 2023

Adobe has released security updates to address multiple vulnerabilities in Adobe software. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates: Adobe Prelude Adobe Illustrator Adobe InDesign Adobe Dimension Adobe Experience Manager Adobe Substance3D Stager Adobe Substance3D Sampler Adobe Substance3D After Effects Adobe Substance3D Designer

Continue Reading ›

Microsoft Releases Security Updates for Multiple Products

Dec 12, 2023

Microsoft has released security updates to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s December Security Update Guide and apply the necessary updates.

Continue Reading ›

CISA Releases Two Industrial Control Systems Advisories

Dec 12, 2023

CISA released two Industrial Control Systems (ICS) advisories on December 12, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-346-01 Schneider Electric Easy UPS Online Monitoring Software ICSA-22-356-03 Mitsubishi Electric MELSEC iQ-R, iQ-L Series and MELIPC Series (Update B) CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations.

Continue Reading ›

CISA Releases SCuBA Google Workspace Secure Configuration Baselines for Public Comment

Dec 12, 2023

Today, CISA released the draft Secure Cloud Business Applications (SCuBA) Google Workspace (GWS) Secure Configuration Baselines and the associated assessment tool ScubaGoggles for public comment. The draft baselines offer minimum viable security configurations for nine GWS services: Groups for Business, Google Calendar, Google Common Controls, Google Classroom, Google Meet, Gmail, Google Chat, Google Drive and Docs, and Google Sites. The ScubaGoggles tool assesses GWS tenants' compliance against the baselines.    Federal agencies and other organizations are invited to adopt the draft baselines in their GWS environments, tailor them to reflect their own unique needs and risk tolerances, and then share their experiences with CISA during the public comment period, which closes Jan. 12, 2024. Comments will ensure that the final published baselines are clear, feasible, and effective.   The draft SCuBA GWS Secure Configuration Baselines is the latest offering from CISA’s SCuBA project, dedicated to securing data stored in the cloud through additional configurations, settings, and security products. These baselines are created in accordance with Executive Order 14028 to provide enhanced visibility into cloud security.   Comment on SCuBA GWS Secure Configuration Baselines by Jan. 12, 2024. For more information, read CISA Seeks Public Comment on Newly Developed Secure Configuration Baselines for Google Workspace and visit CISA’s SCuBA project page.  

Continue Reading ›

CISA Adds One Known Exploited Vulnerability to Catalog

Dec 11, 2023

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-6448 Unitronics Vision PLC and HMI Insecure Default Password  These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Continue Reading ›

Pages

Related Content

Best Practices

10 Best Pactices

Our 10 Best Pactices

Contact Us

Contact Information Security at 756-7000

Contacts

Did you know?

Stay Safe Online Tips