US CERT Current Activity

CISA Adds Five Known Exploited Vulnerabilities to Catalog

Sep 18, 2024

CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-27348 Apache HugeGraph-Server Improper Access Control Vulnerability CVE-2020-0618 Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability CVE-2019-1069 Microsoft Windows Task Scheduler Privilege Escalation Vulnerability CVE-2022-21445 Oracle JDeveloper Remote Code Execution Vulnerability CVE-2020-14644 Oracle WebLogic Server Remote Code Execution Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Continue Reading ›

CISA Adds Four Known Exploited Vulnerabilities to Catalog

Sep 17, 2024

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2014-0497 Adobe Flash Player Integer Underflow Vulnerability CVE-2013-0643 Adobe Flash Player Incorrect Default Permissions Vulnerability CVE-2013-0648 Adobe Flash Player Code Execution Vulnerability CVE-2014-0502 Adobe Flash Player Double Free Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Continue Reading ›

CISA Releases Three Industrial Control Systems Advisories

Sep 17, 2024

CISA released three Industrial Control Systems (ICS) advisories on September 17, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-261-01 Siemens SIMATIC S7-200 SMART Devices ICSA-24-261-02 Millbeck Communications Proroute H685t-w ICSA-24-261-03 Yokogawa Dual-redundant Platform for Computer (PC2CKM) CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

Continue Reading ›

CISA and FBI Release Secure by Design Alert on Eliminating Cross-Site Scripting Vulnerabilities

Sep 17, 2024

Today, CISA and FBI released a Secure by Design Alert, Eliminating Cross-Site Scripting Vulnerabilities, as a part of our ongoing effort to reduce the prevalence of vulnerability classes at scale. Vulnerabilities like cross-site scripting (XSS) continue to appear in software, enabling threat actors to exploit them. However, cross-site scripting vulnerabilities are preventable and should not be present in software products. CISA and FBI urge CEOs and other business leaders at technology manufacturers to direct their technical leaders/teams to review past instances of these defects and create a strategic plan to prevent them in the future. Visit our website to learn more about the principles of Secure by Design, take the Secure by Design Pledge, and stay informed on the latest Secure by Design Alerts.

Continue Reading ›

New CISA Plan Aligns Federal Agencies in Cyber Defense

Sep 16, 2024

Today, the Cybersecurity and Infrastructure Security Agency (CISA) released the Federal Civilian Executive Branch (FCEB) Operational Cybersecurity Alignment (FOCAL) Plan. Developed in collaboration with FCEB agencies, this plan provides standard, essential components of enterprise operational cybersecurity and aligns the collective operational defense capabilities across the federal enterprise. Currently, federal agencies maintain their own networks and system architectures—and they independently manage their cyber risk. CISA’s FOCAL plan aligns the federal enterprise, empowering agencies to better address the dynamic cyber threat environment collectively. The plan recommends actions that substantively advance operational cybersecurity improvements and alignment goals.  For additional guidance, visit CISA’s Securing Networks web page. 

Continue Reading ›

CISA Adds Two Known Exploited Vulnerabilities to Catalog

Sep 16, 2024

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-43461 Microsoft Windows MSHTML Platform Spoofing Vulnerability CVE-2024-6670 Progress WhatsUp Gold SQL Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Continue Reading ›

CISA Adds One Known Exploited Vulnerability to Catalog

Sep 13, 2024

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-8190 Ivanti Cloud Services Appliance OS Command Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Continue Reading ›

Ivanti Releases Security Update for Cloud Services Appliance

Sep 13, 2024

Ivanti has released a security update addressing an OS command injection vulnerability (CVE-2024-8190) affecting Ivanti Cloud Services Appliance (CSA) 4.6 (all versions before patch 519). A cyber threat actor could exploit this vulnerability to take control of an affected system.   At this time, Ivanti has confirmed limited exploitation and urges its customers using the affected versions to upgrade to CSA version 5.0. Ivanti no longer supports CSA 4.6 (end-of-life).  CISA recommends users and administrators review CISA and FBI's joint guidance on eliminating OS command injections and the Ivanti security advisory and apply the recommended updates.  Note: CISA has added CVE-2024-8190 to its Known Exploited Vulnerabilities Catalog, which, per Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the specified due date to protect FCEB networks against active threats. 

Continue Reading ›

CISA Releases Analysis of FY23 Risk and Vulnerability Assessments

Sep 13, 2024

CISA has released an analysis and infographic detailing the findings from the 121 Risk and Vulnerability Assessments (RVAs) conducted across multiple critical infrastructure sectors in fiscal year 2023 (FY23). The analysis details a sample attack path including tactics and steps a cyber threat actor could follow to compromise an organization with weaknesses representative of those CISA observed in FY23 RVAs. The infographic highlights the most successful techniques for each tactic that RVAs documented. Both the analysis and infographic map threat actor behavior to the MITRE ATT&CK® framework. CISA encourages network defenders to review the analysis and infographic and apply the recommended mitigations to protect against the observed tactics and techniques.

Continue Reading ›

Cisco Releases Security Updates for IOS XR Software

Sep 12, 2024

Cisco released security updates to address vulnerabilities in Cisco ISO XR software. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.  CISA encourages users and administrators to review the following advisories and apply the necessary updates:  September 2024 Semiannual Cisco IOS XR Software Security Advisory Bundled Publication

Continue Reading ›

CISA Releases Twenty-Five Industrial Control Systems Advisories

Sep 12, 2024

CISA released twenty-five Industrial Control Systems (ICS) advisories on September 12, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-256-01 Siemens SINEMA Remote Connect Server ICSA-24-256-02 Siemens SINUMERIK ONE, SINUMERIK 840D and SINUMERIK 828D ICSA-24-256-03 Siemens User Management Component (UMC) ICSA-24-256-04 Siemens SINUMERIK Systems ICSA-24-256-05 Siemens Mendix Runtime ICSA-24-256-06 Siemens Automation License Manager ICSA-24-256-07 Siemens SIMATIC RFID Readers ICSA-24-256-08 Siemens Industrial Products ICSA-24-256-09 Siemens SIMATIC, SIPLUS, and TIM ICSA-24-256-10 Siemens SINEMA ICSA-24-256-11 Siemens Industrial Edge Management ICSA-24-256-12 Siemens Tecnomatix Plant Simulation ICSA-24-256-13 Siemens SCALANCE W700 ICSA-24-256-14 Siemens SIMATIC SCADA and PCS 7 Systems ICSA-24-256-15 Siemens Industrial Products ICSA-24-256-16 Siemens Third Party Component in SICAM and SITIPE Products ICSA-24-256-17 AutomationDirect DirectLogic H2-DM1E ICSA-24-256-18 Rockwell Automation ControlLogix/GuardLogix 5580 and CompactLogix/Compact GuardLogix 5380 ICSA-24-256-19 Rockwell Automation OptixPanel ICSA-24-256-20 Rockwell Automation AADvance Trusted SIS Workstation ICSA-24-256-21 Rockwell Automation 5015-U8IHFT ICSA-24-256-22 Rockwell Automation FactoryTalk Batch View ICSA-24-256-23 Rockwell Automation FactoryTalk View Site ICSA-24-256-24 Rockwell Automation Pavilion8 ICSA-24-256-25 Rockwell Automation ThinManager CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

Continue Reading ›

Adobe Releases Security Updates for Multiple Products

Sep 12, 2024

Adobe released security updates to address multiple vulnerabilities in Adobe software. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.    CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates:   Security update available for Adobe Media Encoder | APSB24-53 Security update available for Adobe Audition | APSB24-54 Security update available for Adobe After Effects | APSB24-55 Security update available for Adobe Premiere Pro | APSB24-58 Security update available for Adobe Illustrator | APSB24-66 Security update available for Adobe Acrobat Reader | APSB24-70 Security update available for Adobe ColdFusion | APSB24-71 Security update available for Adobe Photoshop | APSB24-72

Continue Reading ›

Cisco Releases Security Updates for Cisco Smart Licensing Utility

Sep 10, 2024

Cisco released security updates to address two vulnerabilities (CVE-2024-20439 and CVE-2024-20440) in Cisco Smart Licensing Utility. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system.  CISA encourages users and administrators to review the following advisory and apply the necessary updates:  Cisco Smart Licensing Utility Vulnerabilities

Continue Reading ›

Ivanti Releases Security Updates for Endpoint Manager, Cloud Service Application, and Workspace Control

Sep 10, 2024

Ivanti released security updates to address multiple vulnerabilities in Ivanti Endpoint Manager, Cloud Service Application 4.6, and Workspace Control. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.  CISA encourages users and administrators to review the following Ivanti advisories and apply the necessary guidance and updates:  Ivanti Endpoint Manager Ivanti Cloud Service Application 4.6 Ivanti Workspace Control

Continue Reading ›

CISA Releases Four Industrial Control Systems Advisories

Sep 10, 2024

CISA released four Industrial Control Systems (ICS) advisory on September 10, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-254-01 Viessmann Climate Solutions SE Vitogate 300 ICSA-24-254-02 iniNet Solutions SpiderControl SCADA Web Server ICSA-24-254-03 Rockwell Automation SequenceManager ICSMA-24-254-01 BPL Medical Technologies PWS-01-BT and BPL Be Well Android Application CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

Continue Reading ›

Microsoft Releases September 2024 Security Updates

Sep 10, 2024

Microsoft released security updates to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following and apply necessary updates: Microsoft Security Update Guide for September

Continue Reading ›

CISA Adds Four Known Exploited Vulnerabilities to Catalog

Sep 10, 2024

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-38226 Microsoft Publisher Security Feature Bypass Vulnerability CVE-2024-43491 Microsoft Windows Update Remote Code Execution Vulnerability CVE-2024-38014 Microsoft Windows Installer Privilege Escalation Vulnerability CVE-2024-38217 Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Continue Reading ›

Citrix Releases Security Updates for Citrix Workspace App for Windows

Sep 10, 2024

Citrix released security updates to address multiple vulnerabilities in the Citrix Workspace App for Windows. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.  CISA encourages users and administrators to review the following and apply necessary updates:  Citrix Workspace app for Windows Security Bulletin for CVE-2024-7889 and CVE-2024-7890

Continue Reading ›

CISA Adds Three Known Exploited Vulnerabilities to Catalog

Sep 9, 2024

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2016-3714 ImageMagick Improper Input Validation Vulnerability CVE-2017-1000253 Linux Kernel PIE Stack Buffer Corruption Vulnerability CVE-2024-40766 SonicWall SonicOS Improper Access Control Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Continue Reading ›

FBI, CISA, NSA, and US and International Partners Release Advisory on Russian Military Cyber Actors Targeting US and Global Critical Infrastructure

Sep 5, 2024

Today, the Federal Bureau of Investigation (FBI)—in partnership with CISA, the National Security Agency (NSA), and other U.S. and international partners—released a joint Cybersecurity Advisory Russian Military Cyber Actors Target U.S. and Global Critical Infrastructure. This advisory provides overlapping cybersecurity industry cyber threat intelligence, tactics, techniques, and procedures (TTPs) and Indicators of Compromise (IOCs) associated with Russian General Staff Main Intelligence Directorate (GRU) 161st Specialist Training Center (Unit 29155) cyber actors, both during and succeeding their deployment of the WhisperGate malware against Ukraine. These cyber actors are responsible for computer network operations against global targets for the purposes of espionage, sabotage, and reputational harm since at least 2020. The authoring agencies encourage organizations to review this advisory for recommended mitigations against such malicious activity. For additional information on Russian state-sponsored malicious cyber activity and related indictments, see the recent U.S. Department of Justice (DOJ) press release for June 26, 2024, and Sept. 5, 2024, FBI’s Cyber Crime webpage, and CISA’s Russia Cyber Threat Overview and Advisories webpage.

Continue Reading ›

Pages

Related Content

Best Practices

10 Best Pactices

Our 10 Best Pactices

Contact Us

Contact Information Security at 756-7000

Contacts

Did you know?

Stay Safe Online Tips