Feed aggregator
Cisco Releases Security Updates for IOS XR Software
Mar 14, 2024
Cisco released security updates to address vulnerabilities in Cisco IOS XR software. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected device. CISA encourages users and administrators to review the following advisories and apply the necessary updates: Cisco IOS XR Software for ASR 9000 Series Aggregation Services Routers PPPoE Denial of Service Vulnerability Cisco IOS XR Software SSH Privilege Escalation Vulnerability Cisco IOS XR Software Layer 2 Services Denial of Service Vulnerability
CISA Releases Fifteen Industrial Control Systems Advisories
Mar 14, 2024
CISA released fifteen Industrial Control Systems (ICS) advisories on March 14, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-074-01 Siemens SENTRON 7KM PAC3x20 ICSA-24-074-02 Siemens Solid Edge ICSA-24-074-03 Siemens SINEMA Remote Connect Server ICSA-24-074-04 Siemens SINEMA Remote Connect Client ICSA-24-074-05 Siemens RUGGEDCOM APE1808 ICSA-24-074-06 Siemens SENTRON ICSA-24-074-07 Siemens SIMATIC ICSA-24-074-08 Siemens SCALANCE XB-200/XC-200/XP-200/XF-200BA/XR-300WG Family ICSA-24-074-09 Siemens Sinteso EN Cerberus PRO EN Fire Protection Systems ICSA-24-074-10 Siemens Siveillance Control ICSA-24-074-11 Siemens RUGGEDCOM APE1808 with Fortigate NGFW Devices ICSA-24-074-12 Delta Electronics DIAEnergie ICSA-24-074-13 Softing edgeConnector ICSA-24-074-14 Mitsubishi Electric MELSEC-Q/L Series ICSA-23-143-03 Mitsubishi Electric MELSEC Series CPU module (Update C) CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations.
Adobe Releases Security Updates for Multiple Products
Mar 12, 2024
Adobe released security updates to address multiple vulnerabilities in Adobe software. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates: Adobe Experience Manager Adobe Premiere Pro Adobe ColdFusion Adobe Bridge Adobe Lightroom Adobe Animate
Microsoft Releases Security Updates for Multiple Products
Mar 12, 2024
Microsoft has released security updates to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following and apply the necessary updates: Microsoft Security Update Guide for March
CISA Releases One Industrial Control Systems Advisory
Mar 12, 2024
CISA released one Industrial Control Systems (ICS) advisory on March 12, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-072-01 Schneider Electric EcoStruxure Power Design CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations.
Fortinet Releases Security Updates for Multiple Products
Mar 12, 2024
Fortinet released security updates to address vulnerabilities in multiple Fortinet products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories and apply necessary updates: FR-IR-23-390: FortiClientEMS - CSV injection in log download feature FR-IR-23-328: FortiOS, FortiProxy - Out-of-bounds Write in captive portal FR-IR-24-013: FortiOS, FortiProxy - Authorization bypass in SSLVPN bookmarks FR-IR-23-103: FortiWLM MEA for FortiManager - Improper access control in backup and restore features FR-IR-24-007: Pervasive SQL injection in DAS component
CISA Publishes SCuBA Hybrid Identity Solutions Guidance
Mar 12, 2024
CISA has published Secure Cloud Business Applications (SCuBA) Hybrid Identity Solutions Guidance (HISG) to help users better understand identity management capabilities and securely integrate their traditional on-premises enterprise networks with cloud-based solutions. This initial publication reflects feedback gathered during its 2023 draft public comment period. CISA encourages users to review and implement this solutions guidance as appropriate for their individual organizations. HISG is the latest resource released by CISA’s SCuBA project. In accordance with Executive Order 14028, CISA’s SCuBA project aims to develop consistent, effective, modern, and manageable security that will help secure organizations’ information assets stored within cloud environments. Visit CISA’s SCuBA project page for more information.
Apple Released Security Updates for Multiple Products
Mar 8, 2024
Apple released security updates to address vulnerabilities in Safari, macOS, watchOS, tvOS, and visionOS. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories and apply the necessary updates: Safari 17.4 macOS Sonoma 14.4 macOS Ventura 13.6.5 macOS Monterey 12.7.4 watchOS 10.4 tvOS 17.4 visionOS 1.1
Cisco Releases Security Updates for Secure Client
Mar 7, 2024
Cisco released security updates to address vulnerabilities in Cisco Secure Client and Secure Client for Linux. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected device. CISA encourages users and administrators to review the following security releases and apply the necessary updates: Cisco Secure Client Carriage Return Line Feed Injection Vulnerability Cisco Secure Client for Linux with ISE Posture Module Privilege Escalation Vulnerability
CISA Adds One Known Exploited JetBrains Vulnerability, CVE-2024-27198, to Catalog
Mar 7, 2024
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-27198 JetBrains TeamCity Authentication Bypass Vulnerability CISA urges organizations to review the following JetBrains blog post and apply the necessary updates: Additional Critical Security Issues Affecting TeamCity On-Premises (CVE-2024-27198 and CVE-2024-27199) – Update to 2023.11.4 Now. These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
CISA Releases One Industrial Control Systems Advisory
Mar 7, 2024
CISA released one Industrial Control Systems (ICS) advisory on March 7, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-067-01 Chirp Systems Chirp Access CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations.
CISA and NSA Release Cybersecurity Information Sheets on Cloud Security Best Practices
Mar 7, 2024
Today, CISA and the National Security Agency (NSA) released five joint Cybersecurity Information Sheets (CSIs) to provide organizations with recommended best practices and/or mitigations to improve the security of their cloud environment(s). Use Secure Cloud Identity and Access Management Practices Use Secure Cloud Key Management Practices Implement Network Segmentation and Encryption in Cloud Environments Secure Data in the Cloud Mitigate Risks from Managed Service Providers in Cloud Environments CISA and NSA encourage all organizations to review the practices and implement the mitigations provided in the joint CSIs to help strengthen their cloud security. For more information on cloud security best practices, see CISA’s Secure Cloud Business Applications (SCuBA) Project and Trusted Internet Connections (TIC) pages.
Apple Releases Security Updates for iOS and iPadOS
Mar 7, 2024
Apple released security updates to address vulnerabilities in iOS and iPadOS. A cyber threat actor could exploit one of these vulnerabilities to obtain sensitive information. CISA encourages users and administrators to review the following security releases and apply the necessary updates: iOS 17.4 and iPadOS 17.4 iOS 16.7.6 and iPadOS 16.7.6
CISA Adds Two Known Exploited Vulnerabilities to Catalog
Mar 6, 2024
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-23225 Apple iOS and iPadOS Memory Corruption Vulnerability CVE-2024-23296 Apple iOS and iPadOS Memory Corruption Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
VMware Releases Security Advisory for Multiple Products
Mar 6, 2024
VMware released a security advisory to address multiple vulnerabilities in ESXi, Workstation, Fusion, and Cloud Foundation. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following VMware security advisory and apply the necessary updates: VMSA-2024-0006
CISA Adds Two Known Exploited Vulnerabilities to Catalog
Mar 5, 2024
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-21237 Android Pixel Information Disclosure Vulnerability CVE-2021-36380 Sunhillo SureLine OS Command Injection Vulnerablity These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
CISA Releases Three Industrial Control Systems Advisories
Mar 5, 2024
CISA released three Industrial Control Systems (ICS) advisories on March 5, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-065-01 Nice Linear eMerge E3-Series ICSMA-24-065-01 Santesoft Sante FFT Imaging ICSA-24-016-02 Integration Objects OPC UA Server Toolkit (Update A) CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations.
CISA Adds One Known Exploited Vulnerability to Catalog
Mar 4, 2024
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-21338 Microsoft Windows Kernel Exposed IOCTL with Insufficient Access Control Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
Cisco Releases Security Advisories for Cisco NX-OS Software
Mar 1, 2024
Cisco released security advisories to address vulnerabilities affecting Cisco NX-OS Software. A cyber threat actor could exploit one of these vulnerabilities to cause a denial-of-service condition. CISA encourages users and administrators to review the following advisories and apply the necessary updates: Cisco NX-OS Software MPLS Encapsulated IPv6 Denial of Service Vulnerability Cisco NX-OS Software External Border Gateway Protocol Denial of Service Vulnerability
CISA and Partners Release Advisory on Threat Actors Exploiting Ivanti Connect Secure and Policy Secure Gateways Vulnerabilities
Feb 29, 2024
Today, CISA and the following partners released joint Cybersecurity Advisory Threat Actors Exploit Multiple Vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways: Federal Bureau of Investigation (FBI) Multi-State Information Sharing & Analysis Center (MS-ISAC) Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) United Kingdom National Cyber Security Centre (NCSC-UK) Canadian Centre for Cyber Security (Cyber Centre), a part of the Communications Security Establishment New Zealand National Cyber Security Centre (NCSC-NZ) CERT-New Zealand (CERT NZ) The advisory describes cyber threat actor exploitation of multiple previously identified Connect Secure and Policy Secure vulnerabilities—namely CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893—which threat actors can exploit in a chain to bypass authentication, craft malicious requests, and execute arbitrary commands with elevated privileges. Additionally, the advisory describes two key CISA findings: The Ivanti Integrity Checker Tool is not sufficient to detect compromise due to the ability of threat actors to deceive it, and A cyber threat actor may be able to gain root-level persistence despite the victim having issued factory resets on the Ivanti device. The advisory provides cyber defenders with detection methods and indicators of compromise (IOCs) as well as mitigation guidance to defend against this activity. Note: As exploitation is ongoing as of publication of this advisory, CISA will provide updates to the Additional Resources list below as they are made available. CISA and its partners urge cyber defenders to review this advisory and consider the significant risk of cyber threat actor access to, and persistence on Connect Secure and Policy Secure gateways when determining whether to continue operating these devices in an enterprise environment. Additional Resources Organizations using these devices should assume a threat actor is maintaining persistence and lying dormant for a period before conducting malicious actions. For more on this specific technique, see Identifying and Mitigating Living Off the Land Techniques. CISA has issued Emergency Directive (ED) 24-01 Mitigate Ivanti Connect Secure and Ivanti Policy Secure Vulnerabilities as well as corresponding Supplemental Direction to ED 24-01 to federal agencies. IBM: Widespread exploitation of recently disclosed Ivanti vulnerabilities Akamai: Scanning Activity for CVE-2024-22024 (XXE) Vulnerability in Ivanti Rapid7 AttackerKB: CVE-2024-21893, CVE-2024-21887, CVE-2024-22024, CVE-2023-46805 Orange Cyberdefense: Ivanti Connect Secure: Journey to the core of the DSLog backdoor Volexity: Active Exploitation of Two Zero-Day Vulnerabilities in Ivanti Connect Secure VPN WatchTowr: Ivanti Connect Secure CVE-2024-22024 - Are We Now Part Of Ivanti? Mandiant: Cutting Edge: Suspected APT Targets Ivanti Connect Secure VPN in New Zero-Day Exploitation, Cutting Edge, Part 2: Investigating Ivanti Connect Secure VPN Zero-Day Exploitation, Cutting Edge, Part 3: Investigating Ivanti Connect Secure VPN Exploitation and Persistence Attempts Grey Noise: Ivanti Connect Secure Exploited to Install Cryptominers Ivanti: KB CVE-2023-46805 (Authentication Bypass) & CVE-2024-21887 (Command Injection) for Ivanti Connect Secure and Ivanti Policy Secure Gateways Palo Alto Networks Unit 42: Threat Brief: Multiple Ivanti Vulnerabilities GitHub: CSIRTs Network - Exploitation of Ivanti Connect Secure and Ivanti Policy Secure Gateway Zero-Days
