US CERT Current Activity
Adobe Releases Security Updates for Multiple Products
Oct 8, 2024
Adobe released security updates to address multiple vulnerabilities in Adobe software. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates: Security update available for Adobe Substance 3D Printer| APSB24-52 Security update available for Adobe Commerce and Magento Open Source | APSB24-73 Security update available for Adobe Dimension | APSB24-74 Security update available for Adobe Animate | APSB24-76 Security update available for Adobe Lightroom | APSB24-78 Security update available for Adobe InCopy | APSB24-79 Security update available for Adobe InDesign | APSB24-80 Security update available for Adobe Substance 3D Stager | APSB24-81 Security update available for Adobe FrameMaker | APSB24-82
Avoid Scams After Disaster Strikes
Oct 8, 2024
As hurricanes and other natural disasters occur, CISA urges individuals to remain on alert for potential malicious cyber activity. Fraudulent emails and social media messages—often containing malicious links or attachments—are common after major natural disasters. Exercise caution in handling emails with hurricane-related subject lines, attachments, or hyperlinks. In addition, be wary of social media pleas, texts, or door-to-door solicitations relating to severe weather events. Before responding, ensure hurricane-related guidance is from trusted sources, such as local officials and disaster response organizations, including Federal Emergency Management Agency (FEMA) and DHS's Ready.gov. CISA encourages users to review the following resources to avoid falling victim to malicious cyber activity: Federal Trade Commission’s Staying Alert to Disaster-related Scams and Before Giving to a Charity, Consumer Financial Protection Bureau's Frauds and Scams, FEMA's Disaster Fraud guidance, and CISA’s Phishing Guidance, Stopping the Attack Cycle at Phase One to help organizations reduce likelihood and impact of successful phishing attacks.
CISA Adds One Known Exploited Vulnerability to Catalog
Oct 3, 2024
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-45519 Synacor Zimbra Collaboration Command Execution Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
CISA Releases Three Industrial Control Systems Advisories
Oct 3, 2024
CISA released three Industrial Control Systems (ICS) advisories on October 3, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-277-01 TEM Opera Plus FM Family Transmitter ICSA-24-277-02 Subnet Solutions Inc. PowerSYSTEM Center ICSA-24-277-03 Delta Electronics DIAEnergie CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.
CISA Adds One Known Exploited Vulnerability to Catalog
Oct 2, 2024
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-29824 Ivanti Endpoint Manager (EPM) SQL Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
ASD’s ACSC, CISA, FBI, NSA, and International Partners Release Guidance on Principles of OT Cybersecurity for Critical Infrastructure Organizations
Oct 1, 2024
Today, the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC)—in partnership with CISA, U.S. government and international partners—released the guide Principles of Operational Technology Cybersecurity. This guidance provides critical information on how to create and maintain a safe, secure operational technology (OT) environment. The six principles outlined in this guide are intended to aid organizations in identifying how business decisions may adversely impact the cybersecurity of OT and the specific risks associated with those decisions. Filtering decisions that impact the security of OT will enhance the comprehensive decision-making that promotes security and business continuity. CISA encourages critical infrastructure organizations review the best practices and implement recommended actions which can help ensure the proper cybersecurity controls are in place to reduce residual risk in OT decisions. For more information on OT cybersecurity, review our Industrial Control Systems page and the Joint Cybersecurity Advisory Immediate Actions to Reduce Exposure Across Operational Technologies and Control Systems to help critical infrastructure organizations manage and enhance their OT cybersecurity.
CISA Releases Two Industrial Control Systems Advisories
Oct 1, 2024
CISA released two Industrial Control Systems (ICS) advisories on October 1, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-275-01 Optigo Networks ONS-S8 Spectra Aggregation Switch ICSA-24-275-02 Mitsubishi Electric MELSEC iQ-F FX5-OPC CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.
CISA’s VDP Platform 2023 Annual Report Showcases Success
Sep 30, 2024
Today, the Cybersecurity and Infrastructure Security Agency (CISA) released its Vulnerability Disclosure Policy (VDP) Platform 2023 Annual Report, highlighting the service’s remarkable success in 2023, its second full year of operation. Throughout 2023, CISA focused on advocating for the increased agency adoption of the VDP Platform, supporting federal civilian executive branch (FCEB) agencies in identifying vulnerabilities in their systems, and engaging the public security researcher community. Public security researchers play a vital role in securing our federal government's networks. As part of CISA's persistent and ongoing collaboration with the public security researcher community, CISA issued Binding Operational Directive (BOD) 20-01 in 2020, which requires every FCEB agency to establish a VDP. These VDPs follow industry and community best practices, including giving authorization to participating public security researchers and committing to not pursue legal action for good-faith research. CISA's VDP Platform complements BOD 20-01 by giving FCEB agencies an easy way to establish a VDP and to engage with public security researchers. CISA appreciates the contributions by thousands of public security researchers to date and looks forward to continuing to further broaden this collaboration in the future. To learn more about the VDP Platform, please visit the Vulnerability Disclosure Policy (VDP) Platform webpage and view the VDP 101 video on CISA’s YouTube channel.
CISA Adds Four Known Exploited Vulnerabilities to Catalog
Sep 30, 2024
CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-25280 D-Link DIR-820 Router OS Command Injection Vulnerability CVE-2020-15415 DrayTek Multiple Vigor Routers OS Command Injection Vulnerability CVE-2021-4043 Motion Spell GPAC Null Pointer Dereference Vulnerability CVE-2019-0344 SAP Commerce Cloud Deserialization of Untrusted Data Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
CISA Releases Five Industrial Control Systems Advisories
Sep 26, 2024
CISA released five Industrial Control Systems (ICS) advisories on September 26, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. IICSA-24-270-01 Advantech ADAM-5550 ICSA-24-270-02 Advantech ADAM-5630 ICSA-24-270-03 Atelmo Atemio AM 520 HD Full HD Satellite Receiver ICSA-24-270-04 goTenna Pro X and Pro X2 ICSA-24-270-05 goTenna Pro ATAK Plugin CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.
Cisco Releases Security Updates for IOS and IOS XE Software
Sep 26, 2024
Cisco released its September 2024 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication to address vulnerabilities in IOS and IOS XE. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following and apply the necessary updates: September 2024 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication
ASD’s ACSC, CISA, and US and International Partners Release Guidance on Detecting and Mitigating Active Directory Compromises
Sep 25, 2024
Today, the Australian Signals Directorate Australian Cyber Security Centre (ASD ACSC), the Cybersecurity and Infrastructure Security Agency (CISA), and other U.S. and international partners released the joint guide Detecting and Mitigating Active Directory Compromises. This guide informs organizations of recommended strategies to mitigate common techniques used by malicious actors to compromise Active Directory. Active Directory is the most widely used authentication and authorization solution in enterprise information technology (IT) networks globally. Malicious actors routinely target Active Directory as part of efforts to compromise enterprise IT networks by escalating privileges and targeting the highest confidential user objects. Responding to and recovering from malicious activity involving Active Directory can be consuming, costly, and disruptive. CISA encourages organizations review the guidance and implement the recommended mitigations to improve Active Directory security. To learn more about taking a top-down approach to developing secure products, visit CISA’s Secure by Design webpage.
CISA Warns of Hurricane-Related Scams
Sep 25, 2024
As Hurricane Helene approaches, CISA urges users to remain on alert for potential malicious cyber activity. Fraudulent emails and social media messages—often containing malicious links or attachments—are common after major natural disasters. Exercise caution in handling emails with hurricane-related subject lines, attachments, or hyperlinks. In addition, be wary of social media pleas, texts, or door-to-door solicitations relating to severe weather events. CISA encourages users to review the following resources to avoid falling victim to malicious cyber activity: Federal Trade Commission’s Staying Alert to Disaster-related Scams and Before Giving to a Charity, Consumer Financial Protection Bureau's Frauds and scams, and CISA’s Phishing Guidance, Stopping the Attack Cycle at Phase One to help organizations reduce likelihood and impact of successful phishing attacks.
Citrix Releases Security Updates for XenServer and Citrix Hypervisor
Sep 25, 2024
Citrix released security updates to address multiple vulnerabilities in XenServer and Citrix Hypervisor. A cyber threat actor could exploit some of these vulnerabilities to cause a denial of service condition. CISA encourages users and administrators to review the following and apply necessary updates: XenServer and Citrix Hypervisor Security Update for CVE-2024-45817
Threat Actors Continue to Exploit OT/ICS through Unsophisticated Means
Sep 25, 2024
CISA continues to respond to active exploitation of internet-accessible operational technology (OT) and industrial control systems (ICS) devices, including those in the Water and Wastewater Systems (WWS) Sector. Exposed and vulnerable OT/ICS systems may allow cyber threat actors to use default credentials, conduct brute force attacks, or use other unsophisticated methods to access these devices and cause harm. CISA urges OT/ICS operators in critical infrastructure sectors to apply the recommendations listed in Defending OT Operations Against Ongoing Pro-Russia Hacktivist Activity to defend against this activity. To learn more about secure by design principles and practices, visit CISA's Secure by Design webpage. For more information and guidance on protection against the most common and impactful threats, tactics, techniques, and procedures, visit CISA’s Cross-Sector Cybersecurity Performance Goals.
