Feed aggregator

Mozilla Releases Security Updates for Firefox and Thunderbird

Nov 22, 2023

Mozilla has released security updates to address vulnerabilities in Firefox and Thunderbird. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories and apply the necessary updates: Firefox iOS 120 Firefox 120 Firefox ESR 115.5 Thunderbird 115.5.0

Continue Reading ›

CISA, FBI, MS-ISAC, and ASD’s ACSC Release Advisory on LockBit Affiliates Exploiting Citrix Bleed

Nov 21, 2023

Today, the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), Multi-State Information Sharing & Analysis Center (MS-ISAC), and Australian Signals Directorate’s Australian Cyber Security Center (ASD’s ACSC) released a joint Cybersecurity Advisory (CSA), #StopRansomware: LockBit Ransomware Affiliates Exploit CVE 2023-4966 Citrix Bleed Vulnerability (along with an accompanying analysis report MAR-10478915-1.v1 Citrix Bleed), in response to LockBit 3.0 ransomware affiliates and multiple threat actor groups exploiting CVE-2023-4966. Labeled Citrix Bleed, the vulnerability affects Citrix’s NetScaler web application delivery control (ADC) and NetScaler Gateway appliances. Historically, LockBit affiliates have conducted attacks against organizations of varying sizes across multiple critical infrastructure sectors—including education, energy, financial services, food and agriculture, government and emergency services, healthcare, manufacturing, and transportation. The joint CSA provides tactics, techniques, and procedures (TTPs), as well as indicators of compromise (IOCs). If compromise is detected, the authoring organizations encourage network defenders hunt for malicious activity on their networks using the detection methods and IOCs provided within the CSA and apply the incident response recommendations. Additionally, immediate application of publicly available patches is also recommended. For more information, visit StopRansomware and see the updated #StopRansomware Guide.

Continue Reading ›

CISA Adds One Known Exploited Vulnerability to Catalog

Nov 21, 2023

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-4911 GNU C Library Buffer Overflow Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Continue Reading ›

CISA Releases Five Industrial Control Systems Advisories

Nov 21, 2023

CISA released five Industrial Control Systems (ICS) advisories on November 21, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-325-01 WAGO PFC200 Series ICSA-23-325-02 Fuji Electric Tellus Lite V-Simulator ICSA-23-208-03 Mitsubishi Electric CNC Series (Update C) ICSA-23-115-01 Keysight N8844A Data Analytics Web Service (Update A)  ICSA-23-297-01 Rockwell Automation Stratix 5800 and Stratix 5200 (Update A)   CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations.

Continue Reading ›

CISA Releases The Mitigation Guide: Healthcare and Public Health (HPH) Sector

Nov 17, 2023

Today, CISA released the Mitigation Guide: Healthcare and Public Health (HPH) Sector as a supplemental companion to the HPH Cyber Risk Summary, published July 19, 2023. This guide provides defensive mitigation strategy recommendations and best practices to combat pervasive cyber threats affecting this critical infrastructure sector. It also identifies known vulnerabilities for organizations to assess their networks and minimize risks before intrusions occur.  For more information and resources, HPH entities are encouraged to visit CISA’s Healthcare and Public Health Cybersecurity Toolkit and Healthcare and Public Health Sector webpages.

Continue Reading ›

Juniper Releases Security Advisory for Juniper Secure Analytics

Nov 17, 2023

Juniper released a security advisory to address multiple vulnerabilities affecting Juniper Secure Analytics. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Juniper advisory JSA74298 and apply the necessary updates.

Continue Reading ›

FBI and CISA Release Advisory on Scattered Spider Group

Nov 16, 2023

Today, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released a joint Cybersecurity Advisory (CSA) on Scattered Spider—a cybercriminal group targeting commercial facilities sectors and subsectors. The advisory provides tactics, techniques, and procedures (TTPs) obtained through FBI investigations as recently as November 2023. Scattered Spider threat actors typically engage in data theft for extortion using multiple social engineering techniques and have recently leveraged BlackCat/ALPHV ransomware alongside their usual TTPs. FBI and CISA encourage network defenders and critical infrastructure organizations to review the joint CSA for recommended mitigations to reduce the likelihood and impact of a cyberattack by Scattered Spider actors. For more information, visit StopRansomware and see the updated #StopRansomware Guide.

Continue Reading ›

CISA Adds Three Known Exploited Vulnerabilities to Catalog

Nov 16, 2023

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-36584 Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability CVE-2023-1671 Sophos Web Appliance Command Injection Vulnerability CVE-2023-2551 Oracle Fusion Middleware Unspecified Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view other newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column—which will sort by descending dates. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Continue Reading ›

CISA Releases Fourteen Industrial Control Systems Advisories

Nov 16, 2023

CISA released fourteen Industrial Control Systems (ICS) advisories on November 16, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-320-01 Red Lion Sixnet RTUs ICSA-23-320-02 Hitachi Energy MACH System Software ICSA-23-320-03 Siemens Desigo CC product family ICSA-23-320-04 Siemens Mendix Runtime ICSA-23-320-05 Siemens SCALANCE W700 ICSA-23-320-06 Siemens SIMATIC PCS neo ICSA-23-320-07 Siemens OPC UA Modeling Editor (SiOME) ICSA-23-320-08 Siemens SCALANCE Family Products ICSA-23-320-09 Siemens COMOS ICSA-23-320-10 Siemens SIPROTEC 4 7SJ66 ICSA-23-320-11 Siemens Mendix Studio Pro ICSA-23-320-12 Siemens PNI ICSA-23-320-13 Siemens SIMATIC MV500 ICSA-23-320-14 Siemens RUGGEDCOM APE1808 Devices CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations.

Continue Reading ›

CISA Requests Comment on Draft Secure Software Development Attestation Form

Nov 16, 2023

CISA has opened a 30-day Federal Register notice to receive public comment on the draft Secure Software Development Attestation Form. CISA developed this form in coordination with the Office of Management and Budget. With the Secure Software Development Attestation Form, federal departments and agencies will be able to obtain attestation of product security from a software producer before using the software on government systems. This form will establish a standardized process for the federal government and software producers that will create transparency on the security of software development efforts. All interested parties are encouraged to review the form and submit input through the Federal Register. Comments will be received through Dec. 18, 2023.

Continue Reading ›

Citrix Releases Security Updates for Citrix Hypervisor

Nov 16, 2023

Citrix has released security updates addressing vulnerabilities in Citrix Hypervisor 8.2 CU1 LTSR. A cyber threat actor could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Citrix Hypervisor Security Bulletin for CVE-2023-23583 and CVE-2023-46835 and apply the necessary updates.                                        

Continue Reading ›

CISA, FBI, and MS-ISAC Release Advisory on Rhysida Ransomware

Nov 15, 2023

Today, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint Cybersecurity Advisory (CSA), #StopRansomware: Rhysida Ransomware, to disseminate known Rhysida ransomware indicators of compromise (IOCs), detection methods, and tactics, techniques, and procedures (TTPs) identified through investigations as recently as September 2023. Observed as a ransomware-as-a-service (RaaS) model, Rhysida actors have compromised organizations in education, manufacturing, information technology, and government sectors and any ransom paid is split between the group and affiliates. Rhysida actors leverage external-facing remote services, such as virtual private networks (VPNs), Zerologon vulnerability (CVE-2020-1472), and phishing campaigns to gain initial access and persistence within a network. CISA, FBI, and MS-ISAC encourage organizations review the joint CSA for recommended mitigations to reduce the likelihood and impact of Rhysida and other ransomware incidents. For more information, see CISA’s #StopRansomware webpage, which includes the updated #StopRansomware Guide.

Continue Reading ›

Adobe Releases Security Updates for Multiple Products

Nov 14, 2023

Adobe has released security updates to address vulnerabilities affecting multiple Adobe products. A cyber threat actor could exploit some of these vulnerabilities to take control of affected system. CISA encourages users and administrators to review the following advisories and apply the necessary updates. APSB23-52: Adobe ColdFusion APSB23-53: Adobe RoboHelp Server APSB23-54: Adobe Acrobat and Reader APSB23-55: Adobe InDesign APSB23-56: Adobe Photoshop APSB23-57: Adobe Bridge APSB23-58: Adobe FrameMaker Publishing Server APSB23-60: Adobe InCopy APSB23-61: Adobe Animate APSB23-62: Adobe Dimension APSB23-63: Adobe Media Encoder APSB23-64: Adobe Audition APSB23-65: Adobe Premiere Pro APSB23-66: Adobe After Effects

Continue Reading ›

VMware Releases Security Update for Cloud Director Appliance

Nov 14, 2023

VMware has released a security advisory addressing a vulnerability in VMWare Cloud Director Appliance. Cyber threat actors may exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review the following VMware security advisory and apply the recommended updates: VMSA-2023-0026: VMware Cloud Director Appliance contains an authentication bypass vulnerability (CVE-2023-34060)

Continue Reading ›

CISA Adds Three Known Exploited Vulnerabilities to Catalog

Nov 14, 2023

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-36033 Microsoft Windows Desktop Window Manager (DWM) Core Library Privilege Escalation Vulnerability CVE-2023-36025 Microsoft Windows SmartScreen Security Feature Bypass Vulnerability CVE-2023-36036 Microsoft Windows Cloud Files Mini Filter Driver Privilege Escalation Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view other newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column—which will sort by descending dates. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Continue Reading ›

Microsoft Releases October 2023 Security Updates

Nov 14, 2023

Microsoft has released updates addressing multiple vulnerabilities in Microsoft software. A cyber threat actor can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s November 2023 Security Update Guide and apply the necessary updates.

Continue Reading ›

Fortinet Releases Security Updates for FortiClient and FortiGate

Nov 14, 2023

Fortinet has released security advisories addressing vulnerabilities in FortiClient and FortiGate. Cyber threat actors may exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Fortinet security advisories and apply the recommended updates: FG-IR-22-299: FortiClient (Windows) - Arbitrary file deletion from unprivileged users FG-IR-23-274: FortiClient (Windows) - DLL Hijacking via openssl.cnf FG-IR-23-385: curl and libcurl CVE-2023-38545 and CVE-2023-38546 vulnerabilities

Continue Reading ›

CISA Releases Two Industrial Control Systems Advisories

Nov 14, 2023

CISA released two Industrial Control Systems (ICS) advisories on November 14, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-318-01 AVEVA Operations Control Logger ICSA-23-318-02 Rockwell Automation SIS Workstation and ISaGRAF Workbench CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations.

Continue Reading ›

CISA Releases Roadmap for Artificial Intelligence Adoption

Nov 14, 2023

Today, CISA released its Roadmap for Artificial Intelligence—in alignment with White House Executive Order 14110: Safe, Secure, And Trustworthy Development and Use of Artificial Intelligence—to outline a comprehensive set of actions CISA will take along five lines of effort: Responsibly use AI to support our mission. Assure AI systems. Protect critical infrastructure from malicious use of AI. Collaborate and communicate on key AI efforts with the interagency, international partners, and the public. Expand AI expertise in our workforce. Learn more about CISA’s Roadmap for Artificial Intelligence at cisa.gov/AI.  

Continue Reading ›

ACSC and CISA Release Business Continuity in a Box

Nov 13, 2023

Today, the Australian Signals Directorate’s Australian Cyber Security Centre (ASD's ACSC) and CISA released Business Continuity in a Box. Business Continuity in a Box, developed by ACSC with contributions from CISA, assists organizations with swiftly and securely standing up critical business functions during or following a cyber incident. Comprised of two core components—Continuity of Communications and Continuity of Applications—Business Continuity in a Box is designed for situations where the availability or integrity of an organization’s data and/or systems has been compromised. The core components focus on keeping communications flowing during an incident and establishing interim business-critical applications. Business Continuity in a Box aligns with CISA’s goals for Critical Infrastructure Security and Resilience Month which aims to provide businesses of all sizes with free or low-cost resources and tools that aid in strengthening our national cybersecurity posture. 

Continue Reading ›

Pages

Related Content

Best Practices

10 Best Pactices

Our 10 Best Pactices

Contact Us

Contact Information Security at 756-7000

Contacts

Did you know?

Stay Safe Online Tips