US CERT Current Activity
CISA and FBI Release Updated Guidance on Product Security Bad Practices
Jan 17, 2025
In partnership with the Federal Bureau of Investigation (FBI), CISA released an update to joint guidance Product Security Bad Practices in furtherance of CISA’s Secure by Design initiative. This updated guidance incorporates public comments CISA received in response to a Request for Information, adding additional bad practices, context regarding memory-safe languages, clarifying timelines for patching Known Exploited Vulnerabilities (KEVs), and other recommendations. While this voluntary guidance is intended for software manufacturers who develop software products and services in support of critical infrastructure, all software manufacturers are strongly encouraged to avoid these product security bad practices. CISA and FBI urge software manufacturers to reduce customer risk by prioritizing security throughout the product development process. For more information and resources, visit CISA’s Secure by Design webpage or learn how to take CISA’s Secure by Design Pledge.
CISA Adds One Known Exploited Vulnerability to Catalog
Jan 16, 2025
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-50603 Aviatrix Controllers OS Command Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
CISA and Partners Release Call to Action to Close the National Software Understanding Gap
Jan 16, 2025
Today, CISA—in partnership with the Defense Advanced Research Projects Agency (DARPA), the Office of the Under Secretary of Defense for Research and Engineering (OUSD R&E), and the National Security Agency (NSA)—published Closing the Software Understanding Gap. This report urgently implores the U.S. government to take decisive and coordinated action. Software understanding refers to assessing software-controlled systems across all conditions. Mission owners and operators often lack adequate capabilities for software understanding because technology manufacturers build software that greatly outstrips the ability to understand it. This gap, along with the lack of secure by design software being created by technology manufacturers, can lead to the exploitation of software vulnerabilities. The U.S. government has engaged in activities that have paved the way toward improving software understanding, including research investments, mission agency initiatives, and policy actions. This report further explores the opportunity for enhanced coordination to strengthen technical foundations and progress towards a more vigorous understanding of software on a national scale. To learn more about development practices and principles that build cybersecurity into the design and manufacture of technology products, visit CISA’s Secure by Design webpage.
CISA Releases Twelve Industrial Control Systems Advisories
Jan 16, 2025
CISA released twelve Industrial Control Systems (ICS) advisories on January 16, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-016-01 Siemens Mendix LDAP ICSA-25-016-02 Siemens Industrial Edge Management ICSA-25-016-03 Siemens Siveillance Video Camera ICSA-25-016-04 Siemens SIPROTEC 5 Products ICSA-25-016-05 Fuji Electric Alpha5 SMART ICSA-25-016-06 Hitachi Energy FOX61x, FOXCST, and FOXMAN-UN Products ICSA-25-016-07 Hitachi Energy FOX61x Products ICSA-25-016-08 Schneider Electric Data Center Expert ICSA-24-058-01 Mitsubishi Electric Multiple Factory Automation Products (Update A) ICSA-25-010-03 Delta Electronics DRASimuCAD (Update A) ICSA-24-191-05 Johnson Controls Inc. Software House C●CURE 9000 (Update A) ICSA-24-030-02 Mitsubishi Electric FA Engineering Software Products (Update B) CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.
CISA Releases Microsoft Expanded Cloud Logs Implementation Playbook
Jan 15, 2025
Today, CISA released the Microsoft Expanded Cloud Logs Implementation Playbook to help organizations get the most out of Microsoft’s newly introduced logs in Microsoft Purview Audit (Standard). This step-by-step guide enables technical personnel to better detect and defend against advanced intrusion techniques by operationalizing expanded cloud logs. The playbook details analytical methodologies tied to using these logs. Specifically, the playbook offers: An overview of the newly introduced logs in Microsoft Purview Audit (Standard) that enable organizations to conduct forensic and compliance investigations by accessing critical events (e.g., mail items accessed, mail items sent, and user searches in SharePoint Online and Exchange Online). A description of administration/enabling actions and ingestion of these logs to Microsoft Sentinel and Splunk Security Information and Event Management (SIEM) systems. A discussion of significant events in other M365 services, such as Teams. CISA encourages organizations to use the playbook to make newly available logs an actionable part of their enterprise cybersecurity operations.
CISA Adds Four Known Exploited Vulnerabilities to Catalog
Jan 14, 2025
CISA has added four vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-55591 Fortinet FortiOS Authorization Bypass Vulnerability CVE-2025-21333 Microsoft Windows Hyper-V NT Kernel Integration VSP Heap-based Buffer Overflow Vulnerability CVE-2025-21334 Microsoft Windows Hyper-V NT Kernel Integration VSP Use-After-Free Vulnerability CVE-2025-21335 Microsoft Windows Hyper-V NT Kernel Integration VSP Use-After-Free Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
Adobe Releases Security Updates for Multiple Products
Jan 14, 2025
Adobe released security updates to address vulnerabilities in multiple Adobe software products including Adobe Photoshop, Animate, and Illustrator for iPad. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Adobe Security Bulletin and apply necessary updates: Adobe Product Security Updates for January
Microsoft Releases January 2025 Security Updates
Jan 14, 2025
Microsoft released security updates to address vulnerabilities in multiple Microsoft products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following and apply necessary updates: Microsoft Security Update Guide for January
CISA Releases Four Industrial Control Systems Advisories
Jan 14, 2025
CISA released four Industrial Control Systems (ICS) advisories on January 14, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-014-01 Hitachi Energy FOXMAN-UN ICSA-25-014-02 Schneider Electric Vijeo Designer ICSA-25-014-03 Schneider Electric EcoStruxure ICSA-25-014-04 Belledonne Communications Linphone-Desktop CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.
CISA Releases the JCDC AI Cybersecurity Collaboration Playbook and Fact Sheet
Jan 14, 2025
Today, CISA released the JCDC AI Cybersecurity Collaboration Playbook and Fact Sheet to foster operational collaboration among government, industry, and international partners and strengthen artificial intelligence (AI) cybersecurity. The playbook provides voluntary information-sharing processes that, if adopted, can help protect organizations from emerging AI threats. Specifically, the playbook: Facilitates collaboration between federal agencies, private industry, international partners, and other stakeholders to raise awareness of AI cybersecurity risks and improve the resilience of AI systems. Guides JCDC partners on how to voluntarily share information related to cybersecurity incidents and vulnerabilities associated with AI systems. Delineates information-sharing protections and mechanisms. Outlines CISA’s actions upon receiving shared information. CISA urges JCDC partners to integrate the playbook into their incident response and information-sharing processes, make iterative improvements as needed, and provide feedback to CISA through CISA.JCDC@cisa.dhs.gov. Not a partner? Join JCDC to engage in synchronized cybersecurity planning, cyber defense, and response. Learn more by visiting CISA’s JCDC webpage and emailing CISA.JCDC@cisa.dhs.gov.
Ivanti Releases Security Updates for Multiple Products
Jan 14, 2025
Ivanti released security updates to address vulnerabilities in Ivanti Avalanche, Ivanti Application Control Engine, and Ivanti EPM. CISA encourages users and administrators to review the following Ivanti security advisories and apply the necessary guidance and updates: Ivanti Avalanche Ivanti Application Control Engine Ivanti EPM
Fortinet Releases Security Updates for Multiple Products
Jan 14, 2025
Fortinet released security updates to address vulnerabilities in multiple Fortinet products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following and apply necessary updates: Fortinet Security Updates
CISA Adds Two Known Exploited Vulnerabilities to Catalog
Jan 13, 2025
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-12686 BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) OS Command Injection Vulnerability CVE-2023-48365 Qlik Sense HTTP Tunneling Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
CISA and US and International Partners Publish Guidance on Priority Considerations in Product Selection for OT Owners and Operators
Jan 13, 2025
Today, CISA—along with U.S. and international partners—released joint guidance Secure by Demand: Priority Considerations for Operational Technology Owners and Operators when Selecting Digital Products. As part of CISA’s Secure by Demand series, this guidance focuses on helping customers identify manufacturers dedicated to continuous improvement and achieving a better cost balance, as well as how Operational Technology (OT) owners and operators should integrate secure by design elements into their procurement process. Critical infrastructure and industrial control systems are prime targets for cyberattacks. The authoring agencies warn that threat actors, when compromising OT components, target specific OT products rather than specific organizations. Many OT products are not designed and developed with Secure by Design principles and often have easily exploited weaknesses. When procuring products, OT owners and operators should select products from manufacturers who prioritize security elements identified in this guidance. For more information on questions to consider during procurement discussions, see CISA’s Secure by Demand Guide: How Software Customers Can Drive a Secure Technology Ecosystem. To learn more about secure by design principles and practices, visit Secure by Design.
