US CERT Current Activity

CERT/CC Releases Information on Spring4Shell Vulnerability
Apr 1, 2022
Original release date: April 1, 2022The CERT Coordination Center (CERT/CC) has released information on a vulnerability (CVE-2022-22965), known as “Spring4Shell,” affecting Spring Framework, a Java framework that creates applications, including web applications. A remote attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review the CERT/CC Vulnerability Note VU #970766 for more information and to apply the recommended mitigations. This product is provided subject to this Notification and this Privacy & Use policy.
CISA Releases Security Advisories for Rockwell Automation Products
Mar 31, 2022
Original release date: March 31, 2022CISA has released two Industrial Controls Systems Advisories (ICSAs) detailing vulnerabilities in Rockwell Automation products. An attacker could exploit these vulnerabilities to inject code on affected system. CISA encourages users and administrators to review ICSA-22-090-05: Rockwell Automation Logix Controllers and ICSA-22-090-07: Rockwell Automation Studio 5000 Logix Designer for more information and to apply the necessary mitigations and detection method. This product is provided subject to this Notification and this Privacy & Use policy.
FBI Releases PIN on Ransomware Straining Local Governments and Public Services
Mar 31, 2022
Original release date: March 31, 2022The Federal Bureau of Investigation (FBI) has released a Private Industry Notification (PIN) to inform U.S. Government Facilities Sector partners of cyber actors conducting ransomware attacks on local government agencies that have resulted in disrupted operational services, risks to public safety, and financial losses. CISA encourages local government officials and public service providers to review FBI PIN: Ransomware Attacks Straining Local U.S. Governments and Public Services and apply the recommended mitigations. This product is provided subject to this Notification and this Privacy & Use policy.
CISA Adds Eight Known Exploited Vulnerabilities to Catalog
Mar 31, 2022
Original release date: March 31, 2022CISA has added eight new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow on the of the "Date Added to Catalog" column, which will sort by descending dates. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise. BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the meet the specified criteria. This product is provided subject to this Notification and this Privacy & Use policy.
FBI Releases PIN on Phishing Campaign against U.S. Election Officials
Mar 30, 2022
Original release date: March 30, 2022The Federal Bureau of Investigation (FBI) has released a Private Industry Notification (PIN) to warn U.S. election and other state and local government officials about invoice-themed phishing emails that could be used to harvest officials’ login credentials. CISA encourages federal, state, and local government officials to review FBI PIN: Cyber Actors Target U.S. Election Officials with Invoice-Themed Phishing Campaign to Harvest Credentials and apply the recommended mitigations. This product is provided subject to this Notification and this Privacy & Use policy.
Google Releases Security Updates for Chrome
Mar 30, 2022
Original release date: March 30, 2022Google has released Chrome version 100.0.4896.60 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the Chrome Release Note and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.
Mitigating Attacks Against Uninterruptable Power Supply Devices
Mar 29, 2022
Original release date: March 29, 2022CISA and the Department of Energy (DOE) are aware of threat actors gaining access to a variety of internet-connected uninterruptable power supply (UPS) devices, often through unchanged default usernames and passwords. Organizations can mitigate attacks against their UPS devices, which provide emergency power in a variety of applications when normal power sources are lost, by removing management interfaces from the internet. Organizations can mitigate attacks against UPS devices by immediately removing management interfaces from the internet. Review CISA and DOE’s guidance on mitigating attacks against UPS devices for additional mitigations and information. This product is provided subject to this Notification and this Privacy & Use policy.
CISA Adds 32 Known Exploited Vulnerabilities to Catalog
Mar 28, 2022
Original release date: March 28, 2022CISA has added 32 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow on the of the "Date Added to Catalog" column, which will sort by descending dates. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise. BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities a part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the meet the specified criteria. This product is provided subject to this Notification and this Privacy & Use policy.
Google Releases Security Updates for Chrome
Mar 28, 2022
Original release date: March 28, 2022Google has released Chrome version 99.0.4844.84 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
CISA Adds 66 Known Exploited Vulnerabilities to Catalog
Mar 25, 2022
Original release date: March 25, 2022CISA has added 66 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow on the of the "Date Added to Catalog" column, which will sort by descending dates. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise. BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the specified criteria. This product is provided subject to this Notification and this Privacy & Use policy.
State-Sponsored Russian Cyber Actors Targeted Energy Sector from 2011 to 2018
Mar 24, 2022
Original release date: March 24, 2022CISA, the Federal Bureau of Investigation, and the Department of Energy have released a joint Cybersecurity Advisory (CSA) detailing campaigns conducted by state-sponsored Russian cyber actors from 2011 to 2018 that targeted U.S. and international Energy Sector organizations. The CSA highlights historical tactics, techniques, and procedures as well as mitigations Energy Sector organizations can take now to protect their networks. CISA encourages all critical infrastructure organizations to review joint CSA: Tactics, Techniques, and Procedures of Indicted State-Sponsored Russian Cyber Actors Targeting the Energy Sector and apply the recommendations. For more information on Russian state-sponsored malicious cyber activity, see CISA's Russia Cyber Threat Overview and Advisories page. This product is provided subject to this Notification and this Privacy & Use policy.
VMware Releases Security Updates
Mar 24, 2022
Original release date: March 24, 2022VMware has released security updates to address multiple vulnerabilities in VMware Carbon Black App Control software. A remote attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory VMSA-2022-0008 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
FBI and FinCEN Release Advisory on AvosLocker Ransomware
Mar 22, 2022
Original release date: March 22, 2022The Federal Bureau of Investigation (FBI) and the Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) have released a joint Cybersecurity Advisory identifying indicators of compromise associated with AvosLocker ransomware. AvosLocker is a ransomware-as-a-service affiliate-based group that has targeted victims across multiple critical infrastructure sectors in the United States including, but not limited to, the Financial Services, Critical Manufacturing, and Government Facilities sectors. CISA encourages organizations to review the joint Cybersecurity Advisory and apply the recommended mitigations. This product is provided subject to this Notification and this Privacy & Use policy.
Drupal Releases Security Updates
Mar 22, 2022
Original release date: March 22, 2022Drupal has released security updates to address a vulnerability affecting Drupal 9.2 and 9.3. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review Drupal Security Advisory SA-CORE-006 and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.
CRI-O Security Update for Kubernetes
Mar 18, 2022
Original release date: March 18, 2022CRI-O has released a security update addressing a critical vulnerability—CVE-2022-0811—in CRI-O 1.19. A local attacker could exploit this vulnerability to take control of an affected Kubernetes environment as well as other software or platforms that use CRI-O runtime containers. CISA encourages users and administrators to review the CRI-O Security Advisory and apply the necessary updates or workarounds. This product is provided subject to this Notification and this Privacy & Use policy.
WordPress Releases Security Update
Mar 17, 2022
Original release date: March 17, 2022WordPress versions prior to 5.9.2 are affected by multiple vulnerabilities. Exploitation of some of these vulnerabilities could allow a remote attacker to take control of an affected website. CISA encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 5.9.2. This product is provided subject to this Notification and this Privacy & Use policy.
ISC Releases Security Advisories for BIND
Mar 17, 2022
Original release date: March 17, 2022The Internet Systems Consortium (ISC) has released security advisories that address vulnerabilities affecting multiple versions of ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition. CISA encourages users and administrators to review the following ISC advisories and apply the necessary updates or workarounds. CVE-2021-25220 CVE-2022-0396 CVE-2022-0635 CVE-2022-0667 This product is provided subject to this Notification and this Privacy & Use policy.
Strengthening Cybersecurity of SATCOM Network Providers and Customers
Mar 17, 2022
Original release date: March 17, 2022CISA and the Federal Bureau of Investigation (FBI) are aware of possible threats to U.S. and international satellite communications (SATCOM) networks. Successful intrusions into SATCOM networks could create additional risk for SATCOM network customer environments. In response, CISA and FBI have published joint Cybersecurity Advisory (CSA) Strengthening Cybersecurity of SATCOM Network Providers and Customers, which provides mitigations and resources to strengthen SATCOM provider and customer cybersecurity. CISA and FBI strongly encourage critical infrastructure organizations and, specifically, organizations that are SATCOM network providers or customers to review the joint CSA and implement the mitigations. CISA and FBI will update the joint CSA as new information becomes available. This product is provided subject to this Notification and this Privacy & Use policy.
OpenSSL Releases Security Updates
Mar 17, 2022
Original release date: March 17, 2022OpenSSL has released security updates addressing a vulnerability affecting multiple versions of OpenSSL. An attacker could exploit this vulnerability to cause a denial-of-service condition. CISA encourages users and administrators to review the OpenSSL Advisory and upgrade to the appropriate version. This product is provided subject to this Notification and this Privacy & Use policy.
Drupal Releases Security Updates
Mar 17, 2022
Original release date: March 17, 2022Drupal has released security updates to address vulnerabilities affecting Drupal 9.2 and 9.3. An attacker could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Drupal Advisory SA-CORE-2022-05 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.