Feed aggregator
CISA and FBI Release Secure by Design Alert on Eliminating Cross-Site Scripting Vulnerabilities
Sep 17, 2024
Today, CISA and FBI released a Secure by Design Alert, Eliminating Cross-Site Scripting Vulnerabilities, as a part of our ongoing effort to reduce the prevalence of vulnerability classes at scale. Vulnerabilities like cross-site scripting (XSS) continue to appear in software, enabling threat actors to exploit them. However, cross-site scripting vulnerabilities are preventable and should not be present in software products. CISA and FBI urge CEOs and other business leaders at technology manufacturers to direct their technical leaders/teams to review past instances of these defects and create a strategic plan to prevent them in the future. Visit our website to learn more about the principles of Secure by Design, take the Secure by Design Pledge, and stay informed on the latest Secure by Design Alerts.
New CISA Plan Aligns Federal Agencies in Cyber Defense
Sep 16, 2024
Today, the Cybersecurity and Infrastructure Security Agency (CISA) released the Federal Civilian Executive Branch (FCEB) Operational Cybersecurity Alignment (FOCAL) Plan. Developed in collaboration with FCEB agencies, this plan provides standard, essential components of enterprise operational cybersecurity and aligns the collective operational defense capabilities across the federal enterprise. Currently, federal agencies maintain their own networks and system architectures—and they independently manage their cyber risk. CISA’s FOCAL plan aligns the federal enterprise, empowering agencies to better address the dynamic cyber threat environment collectively. The plan recommends actions that substantively advance operational cybersecurity improvements and alignment goals. For additional guidance, visit CISA’s Securing Networks web page.
CISA Adds Two Known Exploited Vulnerabilities to Catalog
Sep 16, 2024
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-43461 Microsoft Windows MSHTML Platform Spoofing Vulnerability CVE-2024-6670 Progress WhatsUp Gold SQL Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
CISA Adds One Known Exploited Vulnerability to Catalog
Sep 13, 2024
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-8190 Ivanti Cloud Services Appliance OS Command Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
Ivanti Releases Security Update for Cloud Services Appliance
Sep 13, 2024
Ivanti has released a security update addressing an OS command injection vulnerability (CVE-2024-8190) affecting Ivanti Cloud Services Appliance (CSA) 4.6 (all versions before patch 519). A cyber threat actor could exploit this vulnerability to take control of an affected system. At this time, Ivanti has confirmed limited exploitation and urges its customers using the affected versions to upgrade to CSA version 5.0. Ivanti no longer supports CSA 4.6 (end-of-life). CISA recommends users and administrators review CISA and FBI's joint guidance on eliminating OS command injections and the Ivanti security advisory and apply the recommended updates. Note: CISA has added CVE-2024-8190 to its Known Exploited Vulnerabilities Catalog, which, per Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the specified due date to protect FCEB networks against active threats.
CISA Releases Analysis of FY23 Risk and Vulnerability Assessments
Sep 13, 2024
CISA has released an analysis and infographic detailing the findings from the 121 Risk and Vulnerability Assessments (RVAs) conducted across multiple critical infrastructure sectors in fiscal year 2023 (FY23). The analysis details a sample attack path including tactics and steps a cyber threat actor could follow to compromise an organization with weaknesses representative of those CISA observed in FY23 RVAs. The infographic highlights the most successful techniques for each tactic that RVAs documented. Both the analysis and infographic map threat actor behavior to the MITRE ATT&CK® framework. CISA encourages network defenders to review the analysis and infographic and apply the recommended mitigations to protect against the observed tactics and techniques.
Cisco Releases Security Updates for IOS XR Software
Sep 12, 2024
Cisco released security updates to address vulnerabilities in Cisco ISO XR software. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories and apply the necessary updates: September 2024 Semiannual Cisco IOS XR Software Security Advisory Bundled Publication
CISA Releases Twenty-Five Industrial Control Systems Advisories
Sep 12, 2024
CISA released twenty-five Industrial Control Systems (ICS) advisories on September 12, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-256-01 Siemens SINEMA Remote Connect Server ICSA-24-256-02 Siemens SINUMERIK ONE, SINUMERIK 840D and SINUMERIK 828D ICSA-24-256-03 Siemens User Management Component (UMC) ICSA-24-256-04 Siemens SINUMERIK Systems ICSA-24-256-05 Siemens Mendix Runtime ICSA-24-256-06 Siemens Automation License Manager ICSA-24-256-07 Siemens SIMATIC RFID Readers ICSA-24-256-08 Siemens Industrial Products ICSA-24-256-09 Siemens SIMATIC, SIPLUS, and TIM ICSA-24-256-10 Siemens SINEMA ICSA-24-256-11 Siemens Industrial Edge Management ICSA-24-256-12 Siemens Tecnomatix Plant Simulation ICSA-24-256-13 Siemens SCALANCE W700 ICSA-24-256-14 Siemens SIMATIC SCADA and PCS 7 Systems ICSA-24-256-15 Siemens Industrial Products ICSA-24-256-16 Siemens Third Party Component in SICAM and SITIPE Products ICSA-24-256-17 AutomationDirect DirectLogic H2-DM1E ICSA-24-256-18 Rockwell Automation ControlLogix/GuardLogix 5580 and CompactLogix/Compact GuardLogix 5380 ICSA-24-256-19 Rockwell Automation OptixPanel ICSA-24-256-20 Rockwell Automation AADvance Trusted SIS Workstation ICSA-24-256-21 Rockwell Automation 5015-U8IHFT ICSA-24-256-22 Rockwell Automation FactoryTalk Batch View ICSA-24-256-23 Rockwell Automation FactoryTalk View Site ICSA-24-256-24 Rockwell Automation Pavilion8 ICSA-24-256-25 Rockwell Automation ThinManager CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.
Adobe Releases Security Updates for Multiple Products
Sep 12, 2024
Adobe released security updates to address multiple vulnerabilities in Adobe software. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates: Security update available for Adobe Media Encoder | APSB24-53 Security update available for Adobe Audition | APSB24-54 Security update available for Adobe After Effects | APSB24-55 Security update available for Adobe Premiere Pro | APSB24-58 Security update available for Adobe Illustrator | APSB24-66 Security update available for Adobe Acrobat Reader | APSB24-70 Security update available for Adobe ColdFusion | APSB24-71 Security update available for Adobe Photoshop | APSB24-72
Cisco Releases Security Updates for Cisco Smart Licensing Utility
Sep 10, 2024
Cisco released security updates to address two vulnerabilities (CVE-2024-20439 and CVE-2024-20440) in Cisco Smart Licensing Utility. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisory and apply the necessary updates: Cisco Smart Licensing Utility Vulnerabilities
Ivanti Releases Security Updates for Endpoint Manager, Cloud Service Application, and Workspace Control
Sep 10, 2024
Ivanti released security updates to address multiple vulnerabilities in Ivanti Endpoint Manager, Cloud Service Application 4.6, and Workspace Control. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Ivanti advisories and apply the necessary guidance and updates: Ivanti Endpoint Manager Ivanti Cloud Service Application 4.6 Ivanti Workspace Control
CISA Releases Four Industrial Control Systems Advisories
Sep 10, 2024
CISA released four Industrial Control Systems (ICS) advisory on September 10, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-254-01 Viessmann Climate Solutions SE Vitogate 300 ICSA-24-254-02 iniNet Solutions SpiderControl SCADA Web Server ICSA-24-254-03 Rockwell Automation SequenceManager ICSMA-24-254-01 BPL Medical Technologies PWS-01-BT and BPL Be Well Android Application CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.
Microsoft Releases September 2024 Security Updates
Sep 10, 2024
Microsoft released security updates to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following and apply necessary updates: Microsoft Security Update Guide for September
CISA Adds Four Known Exploited Vulnerabilities to Catalog
Sep 10, 2024
CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-38226 Microsoft Publisher Security Feature Bypass Vulnerability CVE-2024-43491 Microsoft Windows Update Remote Code Execution Vulnerability CVE-2024-38014 Microsoft Windows Installer Privilege Escalation Vulnerability CVE-2024-38217 Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
Citrix Releases Security Updates for Citrix Workspace App for Windows
Sep 10, 2024
Citrix released security updates to address multiple vulnerabilities in the Citrix Workspace App for Windows. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following and apply necessary updates: Citrix Workspace app for Windows Security Bulletin for CVE-2024-7889 and CVE-2024-7890
CISA Adds Three Known Exploited Vulnerabilities to Catalog
Sep 9, 2024
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2016-3714 ImageMagick Improper Input Validation Vulnerability CVE-2017-1000253 Linux Kernel PIE Stack Buffer Corruption Vulnerability CVE-2024-40766 SonicWall SonicOS Improper Access Control Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
FBI, CISA, NSA, and US and International Partners Release Advisory on Russian Military Cyber Actors Targeting US and Global Critical Infrastructure
Sep 5, 2024
Today, the Federal Bureau of Investigation (FBI)—in partnership with CISA, the National Security Agency (NSA), and other U.S. and international partners—released a joint Cybersecurity Advisory Russian Military Cyber Actors Target U.S. and Global Critical Infrastructure. This advisory provides overlapping cybersecurity industry cyber threat intelligence, tactics, techniques, and procedures (TTPs) and Indicators of Compromise (IOCs) associated with Russian General Staff Main Intelligence Directorate (GRU) 161st Specialist Training Center (Unit 29155) cyber actors, both during and succeeding their deployment of the WhisperGate malware against Ukraine. These cyber actors are responsible for computer network operations against global targets for the purposes of espionage, sabotage, and reputational harm since at least 2020. The authoring agencies encourage organizations to review this advisory for recommended mitigations against such malicious activity. For additional information on Russian state-sponsored malicious cyber activity and related indictments, see the recent U.S. Department of Justice (DOJ) press release for June 26, 2024, and Sept. 5, 2024, FBI’s Cyber Crime webpage, and CISA’s Russia Cyber Threat Overview and Advisories webpage.
CISA Releases Four Industrial Control Systems Advisories
Sep 5, 2024
CISA released four Industrial Control Systems (ICS) advisory on September 5, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-249-01 Hughes Network Systems WL3000 Fusion Software ICSMA-24-249-01 Baxter Connex Health Portal ICSA-20-303-01 Mitsubishi Electric MELSEC iQ-R, Q, and L Series (Update E) ICSA-22-356-03 Mitsubishi Electric MELSEC iQ-R, iQ-L Series and MELIPC Series (Update E) CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.
CISA Adds Three Known Exploited Vulnerabilities to Catalog
Sep 3, 2024
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2021-20123 Draytek VigorConnect Path Traversal Vulnerability CVE-2021-20124 Draytek VigorConnect Path Traversal Vulnerability CVE-2024-7262 Kingsoft WPS Office Path Traversal Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
CISA Releases One Industrial Control Systems Advisory
Sep 3, 2024
CISA released one Industrial Control Systems (ICS) advisory on September 3, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-247-01 LOYTEC Electronics LINX Series CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.
