CISA Current Activity

Apple Releases Security Updates

4 hours 25 minutes ago
Original release date: July 27, 2021

Apple has released security updates to address a vulnerability in multiple products. An attacker could exploit this vulnerability to take control of an affected device.

CISA encourages users and administrators to review the security update page for the following products and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Microsoft Releases Guidance for Mitigating PetitPotam NTLM Relay Attacks

4 hours 26 minutes ago
Original release date: July 27, 2021

On July 23, Microsoft released KB5005413: Mitigating NTLM Relay Attacks on Active Directory Certificate Services (AD CS) to address a NTLM Relay Attack named PetitPotam. CISA encourages users and administrators to review KB5005413 and apply the necessary mitigations.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

 Cisco Releases Security Updates

5 days 1 hour ago
Original release date: July 22, 2021

Cisco has released security updates to address multiple vulnerabilities in Intersight Virtual Appliance. An attacker could exploit these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

CISA encourages users and administrators to review Cisco Advisory cisco-sa-ucsi2-iptaclbp-L8Dzs8m8 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Drupal Releases Security Updates

5 days 1 hour ago
Original release date: July 22, 2021

Drupal has released security updates to address a critical third-party-library vulnerability that could affect Drupal 7,  8.9, 9.1, and 9.2. An attacker could exploit this vulnerability to take control of an affected system.

CISA encourages users and administrators to review the Drupal security advisory and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

2021 CWE Top 25 Most Dangerous Software Weaknesses

5 days 22 hours ago
Original release date: July 21, 2021

The Homeland Security Systems Engineering and Development Institute, sponsored by the Department of Homeland Security and operated by MITRE, has released the 2021 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses list. The Top 25 uses data from the National Vulnerability Database (NVD) to compile the most frequent and critical errors that can lead to serious vulnerabilities in software. An attacker can often exploit these vulnerabilities to take control of an affected system, obtain sensitive information, or cause a denial-of-service condition.

CISA encourages users and administrators to review the Top 25 list and evaluate recommended mitigations to determine those most suitable to adopt.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Malware Targeting Pulse Secure Devices

6 days ago
Original release date: July 21, 2021

As part of CISA’s ongoing response to Pulse Secure compromises, CISA has analyzed 13 malware samples related to exploited Pulse Secure devices. CISA encourages users and administrators to review the following 13 malware analysis reports (MARs) for threat actor techniques, tactics, and procedures (TTPs) and indicators of compromise (IOCs) and to review CISA’s Alert Exploitation of Pulse Connect Secure Vulnerabilities for more information. 

MARS:

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Adobe Releases Security Updates for Multiple Products 

6 days 4 hours ago
Original release date: July 21, 2021

Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Apple Releases Security Updates

6 days 4 hours ago
Original release date: July 21, 2021

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected device.

CISA encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Google Releases Security Updates for Chrome

6 days 4 hours ago
Original release date: July 21, 2021

Google has released Chrome version 92.0.4515.107 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Significant Historical Cyber-Intrusion Campaigns Targeting ICS

1 week ago
Original release date: July 20, 2021

Protecting our Nation’s critical infrastructure is the responsibility of federal and state, local, tribal, and territorial (SLTT) governments and owners and operators of that infrastructure. The cybersecurity threats posed to the industrial control systems (ICS) that control and operate critical infrastructure are among the most significant and growing issues confronting our Nation.

To raise awareness of the risks to—and improve the cyber protection of—critical infrastructure, CISA and the Federal Bureau of Investigation (FBI) have released a Joint Cybersecurity Advisory as well as updates to five alerts and advisories. These alerts and advisories contain information on historical cyber-intrusion campaigns that have targeted ICS:

CISA urges critical infrastructure owners and operators to review the publications listed above and apply the mitigations in Joint CISA-FBI CSA AA21-201A: Gas Pipeline Intrusion Campaign, 2011-2013. CISA also encourages owners and operators to review AR-17-20045: Enhanced Analysis of Malicious Cyber Activity. These products contain threat actor tactics, techniques, and procedures (TTPs); technical indicators; and forensic analysis that critical infrastructure owners and operators can use to reduce their organizations’ exposure to cyber threats. Note: although these publications detail historical activity, the TTPs remain relevant to help network defenders protect against intrusions.

CISA encourages critical infrastructure owners and operators to report cyber incidents to CISA. Note: for information on the U.S. Department of State’s reward program for identifying persons who participate in the malicious cyber activities against U.S. critical infrastructure, see the U.S. Department of State press release.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Oracle Releases July 2021 Critical Patch Update

1 week ago
Original release date: July 20, 2021 | Last revised: July 21, 2021

Oracle has released its Critical Patch Update for July 2021 to address 342 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the Oracle July 2021 Critical Patch Update and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Citrix Releases Security Updates 

1 week ago
Original release date: July 20, 2021

Citrix has released security updates to address multiple vulnerabilities in Application Delivery Controller, Gateway, and SD-WAN WANOP Edition. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review Citrix Security Update CTX319135 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Fortinet Releases Security Updates for FortiManager and FortiAnalyzer

1 week 1 day ago
Original release date: July 19, 2021

Fortinet has released security advisory FG-IR-21-067 to address a use-after-free vulnerability in the FortiManager fgfmsd daemon. A use-after-free condition occurs when a program marks a section of memory as free but then subsequently tries to use that memory, which could result in a program crash. The use of previously freed memory in FortiManager fgfmsd daemon may allow a remote, unauthenticated attacker to execute arbitrary code as root. This occurs via sending a specifically crafted request to the fgfm port of the targeted device.

Note that FortiAnalyzer is only vulnerable where it supports FortiManager features that have been enabled, on specific hardware, with a very specific upgrade path.

CISA encourages users and administrators to review Fortinet security advisory FG-IR-21-067 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

U.S. Government Releases Indictment and Several Advisories Detailing Chinese Cyber Threat Activity

1 week 1 day ago
Original release date: July 19, 2021

CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have observed increasingly sophisticated Chinese state-sponsored activity targeting U.S. political, economic, military, educational, and critical infrastructure personnel and organizations. In response:

CISA also encourages users and administrators to review the blog post, Safeguarding Critical Infrastructure against Threats from the People’s Republic of China, by CISA Executive Assistant Director Eric Goldstein and the China Cyber Threat Overview and Advisories webpage.

 

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Cisco Releases Security Updates

1 week 4 days ago
Original release date: July 16, 2021

Cisco has released security updates to address a vulnerability in Adaptive Security Appliance Software Release 9.16.1 and Firepower Threat Defense Software Release 7.0.0. A remote attacker could exploit this vulnerability to cause a denial of service condition.

CISA encourages users and administrators to review Cisco Advisory cisco-sa-asa-ftd-ipsec-dos-TFKQbgWC and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Google Releases Security Updates for Chrome

1 week 4 days ago
Original release date: July 16, 2021

Google has released Chrome version 91.0.4472.164 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. One of these vulnerabilities—CVE-2021-30563—has been detected in exploits in the wild.

CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Ransomware Risk in Unpatched, EOL SonicWall SRA and SMA 8.x Products

1 week 4 days ago
Original release date: July 15, 2021

CISA is aware of threat actors actively targeting a known, previously patched, vulnerability in SonicWall Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life (EOL) 8.x firmware. Threat actors can exploit this vulnerability to initiate a targeted ransomware attack.

CISA encourages users and administrators to review the SonicWall security advisory and upgrade to the newest firmware or disconnect EOL appliances as soon as possible. Review the CISA Bad Practices webpage to learn more about bad cybersecurity practices, such as using EOL software, that are especially dangerous for organizations supporting designated Critical Infrastructure or National Critical Functions. 

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Juniper Networks Releases Security Updates for Multiple Products

1 week 5 days ago
Original release date: July 15, 2021

Juniper Networks has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the Juniper Networks security advisories page and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

New StopRansomware.gov website – The U.S. Government’s One-Stop Location to Stop Ransomware

1 week 5 days ago
Original release date: July 15, 2021

The U.S. Government launched a new website to help public and private organizations defend against the rise in ransomware cases. StopRansomware.gov is a whole-of-government approach that gives one central location for ransomware resources and alerts. We encourage organizations to use this new website to understand the threat of ransomware, mitigate risk, and in the event of an attack, know what steps to take next.

The StopRansomware.gov webpage is an interagency resource that provides our partners and stakeholders with ransomware protection, detection, and response guidance that they can use on a single website. This includes ransomware alerts, reports, and resources from CISA, the FBI, and other federal partners.

We look forward to growing the information and resources on StopRansomware.gov and plan to partner with additional Federal Agencies who are working to curb the rise in ransomware.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

CISA Insights: Guidance for MSPs and Small- and Mid-sized Businesses

1 week 5 days ago
Original release date: July 14, 2021

CISA has released CISA Insights: Guidance for Managed Service Providers (MSPs) and Small- and Mid-sized Businesses, which provides mitigation and hardening guidance to help these organizations strengthen their defenses against cyberattacks. Many small- and mid-sized businesses use MSPs to manage IT systems, store data, or support sensitive processes, making MSPs valuable targets for malicious cyber actors. Compromises of MSPs—such as with the recent Kaseya ransomware attack—can have globally cascading effects and introduce significant risk to MSP customers.

CISA strongly recommends MSPs and small- and mid-sized businesses follow the guidance provided in the CISA Insights and CISA Webpage: Kaseya Ransomware Attack: Guidance for Affected MSPs and their Customers to protect MSP customer network assets and reduce the risk of successful cyberattacks.  

This product is provided subject to this Notification and this Privacy & Use policy.

CISA
Checked
47 seconds ago
A regularly updated summary of the most frequent, high-impact security incidents currently being reported to the US-CERT.
Subscribe to CISA Current Activity feed

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer