Feed aggregator
CISA Updates Best Practices for Mapping to MITRE ATT&CK®
Jan 17, 2023
Original release date: January 17, 2023Today, CISA updated Best Practices for MITRE ATT&CK® Mapping. The MITRE ATT&CK® framework is a lens through which network defenders can analyze adversary behavior and, as CISA Executive Assistant Director Eric Goldstein noted in his June 2021 blog post on the framework, it directly supports “robust, contextual bi-directional sharing of information to help strengthen the security of our systems, networks, and data.” CISA highly encourages the cybersecurity community to use the framework because it provides a common language for threat actor analysis. CISA coordinated this update of the best practices with the Homeland Security Systems Engineering and Development Institute™ (HSSEDI), a DHS-owned R&D center operated by MITRE. The update covers changes that the MITRE ATT&CK team made to the framework since CISA initially published the best practices in June 2021. The update also covers common analytical biases, mapping mistakes, and specific ATT&CK mapping guidance for industrial control systems (ICS). This product is provided subject to this Notification and this Privacy & Use policy.
CISA Releases Four Industrial Control Systems Advisories
Jan 17, 2023
Original release date: January 17, 2023CISA released four Industrial Control Systems (ICS) advisories on January 17, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-23-017-01 GE Proficy Historian ICSA-23-017-02 Mitsubishi Electric MELSEC iQ-F, iQ-R Series ICSA-23-017-03 Siemens SINEC INS ICSA-22-347-03 Contec CONPROSYS HMI System (CHS) (Update A) This product is provided subject to this Notification and this Privacy & Use policy.
Juniper Networks Releases Security Updates for Multiple Products
Jan 12, 2023
Original release date: January 12, 2023Juniper Networks has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Juniper Networks’ security advisories page and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Drupal Releases Security Update to Address Vulnerability in Private Taxonomy Terms
Jan 12, 2023
Original release date: January 12, 2023Drupal has released a security update to address a vulnerability affecting private vocabulary modules for Drupal 8.x. An unauthorized user could exploit this vulnerability to bypass access permissions to create, modify, and delete private vocabulary terms. CISA encourages users and administrators to review Drupal’s security advisory SA-CONTRIB-2023-001 and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.
CISA Releases Twelve Industrial Control Systems Advisories
Jan 11, 2023
Original release date: January 12, 2023CISA released twelve Industrial Control Systems (ICS) advisories on January 12, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-23-012-01 Sewio RTLS Studio ICSA-23-012-02 RONDS Equipment Predictive Maintenance Solution ICSA-23-012-03 InHand Networks InRouter ICSA-23-012-04 Panasonic Sanyo CCTV Network Camera ICSA-23-012-05 SAUTER Controls Nova 200 – 220 Series (PLC 6) ICSA-23-012-06 Johnson Controls Metasys ICSA-22-012-07 Hitachi Energy Lumada APM ICSA-23-012-08 Siemens S7-1500 CPU devices ICSA-23-012-09 Siemens Mendix SAML Module ICSA-23-012-10 Siemens Automation License Manager ICSA-23-012-11 Siemens Solid Edge before V2023 MP1 ICSMA-21-322-02 Philips Patient Information Center iX (PIC iX) and Efficia CM Series (Update A) This product is provided subject to this Notification and this Privacy & Use policy.
NCSC-UK Releases Guidance on Using MSP for Administering Cloud Services
Jan 11, 2023
Original release date: January 11, 2023The United Kingdom’s National Cyber Security Centre (NCSC-UK) has released a blog post, Using MSPs to administer your cloud services, that provides organizations security considerations for using a third party, such as a managed service provider (MSP), to administer cloud services. Contracting with an MSP for cloud service management has become an increasingly appealing option for organizations. The post discusses the trade-offs involved as well as specific security checks organizations should make to confirm the MSP’s ability to defend against cyber threats. CISA encourages organizations using MSPs for administering cloud services to implement the guidance NCSC-UK provides in the blog post. This product is provided subject to this Notification and this Privacy & Use policy.
Adobe Releases Security Updates for Multiple Products
Jan 10, 2023
Original release date: January 10, 2023Adobe has released security updates to address multiple vulnerabilities in Adobe software. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates. Adobe Acrobat and Reader APSB23-01 Adobe InDesign APSB23-07 Adobe InCopy APSB23-08 Adobe Dimension APSB23-10 This product is provided subject to this Notification and this Privacy & Use policy.
Microsoft Releases January 2023 Security Updates
Jan 10, 2023
Original release date: January 10, 2023Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s January 2023 Security Update Guide and Deployment Information and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
CISA Adds Two Known Exploited Vulnerabilities to Catalog
Jan 10, 2023
Original release date: January 10, 2023CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view the newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column, which will sort by descending dates. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise. BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the specified criteria. This product is provided subject to this Notification and this Privacy & Use policy.
CISA Releases Two Industrial Control Systems Advisories
Jan 10, 2023
Original release date: January 10, 2023CISA released two Industrial Control Systems (ICS) advisories on January 10, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-23-010-01 Black Box KVM ICSA-22-298-07 Delta Electronics InfraSuite Device Master (Update A) This product is provided subject to this Notification and this Privacy & Use policy.
CISA Releases Three Industrial Systems Control Advisories
Jan 5, 2023
Original release date: January 5, 2023CISA released three Industrial Control Systems (ICS) advisories on January 5 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-23-005-01 Hitachi Energy UNEM ICSA-23-005-02 Hitachi Energy FOXMAN-UN ICSA-23-005-03 Hitachi Energy Lumada Asset Performance Management This product is provided subject to this Notification and this Privacy & Use policy.
Fortinet Releases Security Updates for FortiADC
Jan 4, 2023
Original release date: January 4, 2023Fortinet has released a security advisory to address a vulnerability in multiple versions of FortiADC. This vulnerability may allow a remote attacker “to execute unauthorized code or commands via specifically crafted HTTP requests.” CISA encourages users and administrators to review Fortinet security advisory FG-IR-22-061 and apply the recommended updates. This product is provided subject to this Notification and this Privacy & Use policy.
CISA Adds Two Known Exploited Vulnerabilities to Catalog
Dec 29, 2022
Original release date: December 29, 2022CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view the newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column, which will sort by descending dates. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise. BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the specified criteria. This product is provided subject to this Notification and this Privacy & Use policy.
CISA Releases Four Industrial Control Systems Advisories
Dec 22, 2022
Original release date: December 22, 2022CISA released four Industrial Control Systems (ICS) advisories on December 22, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-22-356-01 Priva TopControl Suite ICSA-22-356-02 Rockwell Automation Studio 5000 Logix Emulate ICSA-22-356-03 Mitsubishi Electric MELSEC iQ-R, iQ-L Series and MELIPC Series ICSA-22-356-04 Omron CX-Programmer This product is provided subject to this Notification and this Privacy & Use policy.
CISA Releases Six Industrial Control Systems Advisories
Dec 20, 2022
Original release date: December 20, 2022CISA released six Industrial Control Systems (ICS) advisories on December 20, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-22-354-01 Fuji Electric Tellus Lite V-Simulator ICSA-22-354-02 Rockwell Automation GuardLogix and ControlLogix ICSA-22-354-03 ARC Informatique PcVue ICSA-22-354-04 Rockwell Automation MicroLogix 1100 and 1400 ICSA-22-354-05 Delta 4G Router DX-3021 ICSA-22-349-01 Prosys OPC UA Simulation Server (Update A) This product is provided subject to this Notification and this Privacy & Use policy.
Samba Releases Security Updates
Dec 16, 2022
Original release date: December 16, 2022The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Samba security announcements and apply the necessary updates. CVE-2022-38023 CVE-2022-37966 CVE-2022-37967 CVE-2022-45141 This product is provided subject to this Notification and this Privacy & Use policy.
FBI, FDA OCI, and USDA Release Joint Cybersecurity Advisory Regarding Business Email Compromise Schemes Used to Steal Food
Dec 16, 2022
Original release date: December 16, 2022The Federal Bureau of Investigation (FBI), the Food and Drug Administration Office of Criminal Investigations (FDA OCI), and the U.S. Department of Agriculture (USDA) have released a joint Cybersecurity Advisory (CSA) detailing recently observed incidents of criminal actors using business email compromise (BEC) to steal shipments of food products and ingredients valued at hundreds of thousands of dollars. The joint CSA analyzes the common tactics, techniques, and procedures (TTPs) utilized by criminal actors to spoof emails and domains to impersonate legitimate employees and order goods that went unpaid and were possibly resold at devalued prices with labeling that lacked industry standard “need-to-knows” (i.e., necessary information about ingredients, allergens, or expiration dates). For more information, CISA encourages organizations to review the guidance provided by the FBI, FDA OCI, and USDA in joint CSA Criminal Actors Use Business Email Compromise to Steal Large Shipments of Food Products and Ingredients—whereby businesses are urged “to use a risk-informed analysis to prepare for, mitigate, and respond to cyber incidents and cyber-enabled crime.” This product is provided subject to this Notification and this Privacy & Use policy.
CISA Releases Forty-One Industrial Control Systems Advisories
Dec 15, 2022
Original release date: December 15, 2022CISA has released forty-one (41) Industrial Control Systems (ICS) advisories on 15 December 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-22-349-01 Prosys OPC UA Simulation ICSA-22-349-02 Siemens SCALANCE X-200RNA Switch Devices ICSA-22-349-03 Siemens Multiple Denial of Service Vulnerabilities in Industrial Products ICSA-22-349-04 Siemens Multiple Vulnerabilities in SCALANCE Products ICSA-22-349-05 Siemens PLM Help Server ICSA-22-349-06 Siemens SIMATIC WinCC OA Ultralight Client ICSA-22-349-07 Siemens Simcenter STAR-CCM+ ICSA-22-349-08 Siemens Polarion ALM ICSA-22-349-09 Siemens Products affected by OpenSSL 3.0 ICSA-22-349-10 Siemens APOGEE_TALON Field Panels ICSA-22-349-11 Siemens SIPROTEC 5 Devices ICSA-22-349-12 Siemens Parasolid ICSA-22-349-13 Siemens Mendix Workflow Commons ICSA-22-349-14 Siemens SISCO MMS-EASE Third Party Component ICSA-22-349-15 Siemens Teamcenter Visualization and JT2Go ICSA-22-349-16 Siemens APOGEE and TALON ICSA-22-349-17 Siemens Mendix Email Connector ICSA-22-349-18 Siemens SCALANCE SC-600 Family ICSA-22-349-19 Siemens SICAM PAS ICSA-22-349-20 Siemens Teamcenter Visualization and JT2Go ICSA-22-349-21 Siemens SCALANCE X-200RNA Switch Devices ICSA-21-012-02 Siemens SCALANCE X Switches (Update C) ICSA-20-014-03 Siemens SCALANCE X Switches (Update B) ICSA-20-042-07 Siemens SCALANCE X Switches (Update C) ICSA-22-069-01 Siemens RUGGEDCOM Devices (Update D) ICSA-21-222-05 Siemens Industrial Products Intel CPUs (Update G) ICSA-20-161-04 Siemens SIMATIC, SINAMICS, SINEC, SINEMA, SINUMERIK (Update K) ICSA-22-286-09 Siemens SICAM P850 and P855 Devices (Update A) ICSA-22-286-11 Siemens SCALANCE and RUGGEDCOM Products (Update B) ICSA-22-258-04 Siemens Mendix SAML Module (Update B) ICSA-22-104-06 Siemens PROFINET Stack Integrated on Interniche Stack (Update E) ICSA-22-286-07 Siemens Nucleus RTOS FTP Server (Update A) ICSA-22-314-09 Siemens Teamcenter Visualization and JT2Go (Update A) ICSA-22-314-02 Siemens Missing Web Server Login Page of Industrial Controllers (Update A) ICSA-22-167-14 Siemens OpenSSL Affected Industrial Products (Update E) ICSA-22-132-05 Siemens Industrial PCs and CNC devices (Update A) ICSA-22-104-13 Siemens SIMATIC S7-1500 CPU GNU Linux subsystem (Update A) ICSA-18-163-02 Siemens SCALANCE X Switches (Update B) ICSA-22-132-12 Siemens Industrial Products (Update C) ICSA-20-105-08 Siemens KTK, SIDOOR, SIMATIC, and SINAMICS (Update D) ICSA-19-283-02 Siemens Profinet Devices (Update L) This product is provided subject to this Notification and this Privacy & Use policy.
Drupal Releases Security Updates to Address Vulnerabilities in H5P and File (Field) Paths
Dec 15, 2022
Original release date: December 15, 2022Drupal has released security updates to address vulnerabilities affecting H5P and the File (Field) Paths modules for Drupal 7.x. An attacker could exploit these vulnerabilities to access sensitive information and remotely execute code. CISA encourages users and administrators to review Drupal’s security advisories SA-CONTRIB-2022-064 and SA-CONTRIB-2022-065 and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.
CISA Consolidates Twitter Accounts
Dec 15, 2022
Original release date: December 15, 2022CISA has consolidated its social media presence on Twitter. Three accounts — @ICSCERT, @Cyber, and @CISAInfraSec — are no longer active. Additionally, the @USCERT_gov Twitter account is now renamed @CISACyber. The following current active Twitter accounts will include posts on content previously covered on the now-inactive accounts. @CISACyber will cover updates relevant to the industrial control systems community along with the latest vulnerability management info, threat analysis, and other info relevant to the cybersecurity community. @CISAgov will continue to provide agencywide content or non-urgent ICS updates. @CISAJen will continue to include posts across a variety of topics coming straight from the CISA director. CISA encourages followers of the @ICSCERT, @Cyber, and @CISAInfraSec Twitter accounts to follow @CISACyber and @CISAgovTwitter accounts to keep receiving important CISA messages and information. This product is provided subject to this Notification and this Privacy & Use policy.
