Feed aggregator
Microsoft Releases April 2024 Security Updates
Apr 9, 2024
Microsoft released security updates to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. Users and administrators are encouraged to review the following and apply the necessary updates: Microsoft Security Update Guide for April
Adobe Releases Security Updates for Multiple Products
Apr 9, 2024
Adobe has released security updates to address multiple vulnerabilities in Adobe software. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. Users and administrators are encouraged to review the following Adobe Security Bulletins and apply the necessary updates: Adobe After Effects Adobe Photoshop Adobe Commerce and Magento Adobe InDesign Adobe Experience Manager Adobe Media Encoder Adobe Bridge Adobe Illustrator Adobe Animate
CISA Releases One Industrial Control Systems Advisory
Apr 9, 2024
CISA released one Industrial Control Systems (ICS) advisory on April 9, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-100-01 SUBNET PowerSYSTEM Server and Substation Server CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations.
Fortinet Releases Security Updates for Multiple Products
Apr 9, 2024
Fortinet released security updates to address vulnerabilities in multiple products, including OS and FortiProxy. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories and apply necessary updates: FR-IR-23-345 FortiClientMac - Lack of configuration file validation FG-IR-23-493 FortiOS & FortiProxy - Administrator cookie leakage FG-IR-23-087 FortiClient Linux - Remote Code Execution due to dangerous nodejs configuration
Ivanti Releases Security Update for Ivanti Connect Secure and Policy Secure Gateways
Apr 4, 2024
Ivanti has released security updates to address vulnerabilities in all supported versions (9.x and 22.x) of Ivanti Connect Secure and Policy Secure gateways. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. Users and administrators are encouraged to review the following Ivanti advisory and apply the necessary updates: SA:CVE-2024-21894 (Heap Overflow), CVE-2024-22052 (Null Pointer Dereference), CVE-2024-22053 (Heap Overflow) and CVE-2024-22023 (XML entity expansion or XXE) for Ivanti Connect Secure and Ivanti Policy Secure Gateways
CISA Adds Two Known Exploited Vulnerabilities to Catalog
Apr 4, 2024
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-29745 Android Pixel Information Disclosure Vulnerability CVE-2024-29748 Android Pixel Privilege Escalation Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
CISA Releases Two Industrial Control Systems Advisories
Apr 4, 2024
CISA released two Industrial Control Systems (ICS) advisories on April 4, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-095-01 Hitachi Energy Asset Suite 9 ICSA-24-095-02 Schweitzer Engineering Laboratories SEL CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations.
CISA Releases One Industrial Control Systems Advisory
Apr 2, 2024
CISA released one Industrial Control Systems (ICS) advisory on April 2, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-093-01 IOSIX IO-1020 Micro ELD CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations.
CISA Publishes New Webpage Dedicated to Providing Resources for High-Risk Communities
Apr 2, 2024
Today, CISA published a new dedicated High-Risk Communities webpage comprised of cybersecurity resources to support civil society communities at heighted risk of digital security threats, including cyber hygiene guidance, a repository of local cyber volunteer programs, and free or discounted tools and services. Despite their vulnerability to advanced cyber threats, many civil society organizations operate on lean budgets and cannot significantly invest in cybersecurity. CISA’s High-Risk Communities webpage provides resources specifically for civil society organizations, such as: Project Upskill, a suite of cyber hygiene guides designed to arm individuals of high-risk organizations with simple steps to meaningfully improve their cyber hygiene. Cybersecurity Resources for High-Risk Communities, which offers a wide selection of free or steeply discounted tools and services. Cyber Volunteer Resource Center, a repository of cyber volunteer programs across the country that provide free, hands-on cybersecurity support to under-resourced organizations. For more information on the initiative, read Associate Director Clayton Roman’s blog post, JCDC Working and Collaborating to Build Cyber Defense for Civil Society and High-Risk Communities. Visit Joint Cyber Defense Collaborative to learn more about the planning effort that aided in developing these valuable resources.
Reported Supply Chain Compromise Affecting XZ Utils Data Compression Library, CVE-2024-3094
Mar 29, 2024
CISA and the open source community are responding to reports of malicious code being embedded in XZ Utils versions 5.6.0 and 5.6.1. This activity was assigned CVE-2024-3094. XZ Utils is data compression software and may be present in Linux distributions. The malicious code may allow unauthorized access to affected systems. CISA recommends developers and users to downgrade XZ Utils to an uncompromised version—such as XZ Utils 5.4.6 Stable—hunt for any malicious activity and report any positive findings to CISA. See the following advisory for more information: Red Hat: Urgent security alert for Fedora 41 and Rawhide users
Cisco Releases Security Updates for Multiple Products
Mar 28, 2024
Cisco released security updates to address vulnerabilities in Cisco IOS, IOS XE, and AP software. A cyber threat actor could exploit some of these vulnerabilities to cause a denial-of-service. CISA encourages users and administrators to review the following advisories and apply the necessary updates: Cisco Event Response: March 2024 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication Cisco Access Point Software Secure Boot Bypass Vulnerability Cisco Access Point Software Denial of Service Vulnerability
Apple Released Security Updates for Safari and macOS
Mar 27, 2024
Apple released security updates to address a vulnerability (CVE-2024-1580) in Safari and macOS. A cyber threat actor could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review the following advisories and apply the necessary updates: Safari 17.4.1 macOS Sonoma 14.4.1 macOS Ventura 13.6.6
CISA Releases Four Industrial Control Systems Advisories
Mar 26, 2024
CISA released four Industrial Control Systems (ICS) advisories on March 26, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-086-01 Automation-Direct C-MORE EA9 HMI ICSA-24-086-02 Rockwell Automation PowerFlex 527 ICSA-24-086-03 Rockwell Automation Arena Simulation ICSA-24-086-04 Rockwell Automation FactoryTalk View ME CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations.
CISA Adds One Known Exploited Vulnerability to Catalog
Mar 26, 2024
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-24955 Microsoft SharePoint Server Code Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
CISA Adds Three Known Exploited Vulnerabilities to Catalog
Mar 25, 2024
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-48788 Fortinet FortiClient EMS SQL Injection Vulnerability CVE-2021-44529 Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) Code Injection Vulnerability CVE-2019-7256 Nice Linear eMerge E3-Series OS Command Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
CISA and FBI Release Secure by Design Alert to Urge Manufacturers to Eliminate SQL Injection Vulnerabilities
Mar 25, 2024
Today, CISA and the Federal Bureau of Investigation (FBI) released a joint Secure by Design Alert, Eliminating SQL Injection Vulnerabilities in Software. This Alert was crafted in response to a recent, well-publicized exploitation of SQL injection (SQLi) defects in a managed file transfer application that impacted thousands of organizations. Additionally, the Alert highlights the prevalence of this class of vulnerability. Despite widespread knowledge and documentation of SQLi vulnerabilities over the past two decades, along with the availability of effective mitigations, software manufacturers continue to develop products with this defect, which puts many customers at risk. CISA and the FBI urge senior executives at technology manufacturing companies to mount a formal review of their code to determine its susceptibility to SQLi compromises. If found vulnerable, senior executives should ensure their organizations’ software developers begin immediate implementation of mitigations to eliminate this entire class of defect from all current and future software products. For more information on recommended principles and best practices to achieve this goal, visit CISA’s Secure by Design page. To catch up on the publications in this series, visit Secure by Design Alerts.
Ivanti Releases Security Updates for Neurons for ITSM and Standalone Sentry
Mar 21, 2024
Ivanti has released security advisories to address vulnerabilities in Ivanti Neurons for ITSM and Standalone Sentry. A cyber threat actor could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Ivanti advisories and apply the necessary updates: CVE-2023-46808 (Authenticated Remote File Write) for Ivanti Neurons for ITSM CVE-2023-41724 (Remote Code Execution) for Ivanti Standalone Sentry
CISA Releases One Industrial Control Systems Advisory
Mar 21, 2024
CISA released one Industrial Control Systems (ICS) advisory on March 21, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-081-01 Advantech WebAccess/SCADA CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations.
CISA, FBI, and MS-ISAC Release Update to Joint Guidance on Distributed Denial-of-Service Techniques
Mar 21, 2024
Today, CISA, the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released an updated joint guide, Understanding and Responding to Distributed Denial-Of-Service Attacks, to address the specific needs and challenges faced by organizations in defending against DDoS attacks. The guidance now includes detailed insight into three different types of DDoS techniques: Volumetric, attacks aiming to consume available bandwidth. Protocol, attacks which exploit vulnerabilities in network protocols. Application, attacks targeting vulnerabilities in specific applications or running services. CISA, FBI, and MS-ISAC urge network defenders and leaders of critical infrastructure organizations to read the guidance provided to defend against this threat. For more actionable recommendations, best practices, and operational insights designed to address common challenges, visit CISA’s Capacity Enhancement Guides for Federal Agencies page.
CISA and Partners Release Joint Fact Sheet for Leaders on PRC-sponsored Volt Typhoon Cyber Activity
Mar 19, 2024
Today, CISA, the National Security Agency (NSA), Federal Bureau of Investigation (FBI), and other U.S. and international partners are issuing a joint fact sheet, People’s Republic of China State-Sponsored Cyber Activity: Actions for Critical Infrastructure Leaders. Partners of this publication include: U.S. Department of Energy (DOE) U.S. Environmental Protection Agency (EPA) U.S. Transportation Security Administration (TSA) U.S. Department of Treasury Australian Signals Directorate’s (ASD’s) Australian Cyber Security Centre (ACSC) Canadian Centre for Cyber Security (CCCS) a part of the Communications Security Establishment (CSE) United Kingdom’s National Cyber Security Centre (NCSC-UK) New Zealand’s National Cyber Security Centre (NCSC-NZ) The U.S. authoring agencies assess that the PRC-sponsored advanced persistent threat group known as “Volt Typhoon” are seeking to pre-position themselves—using living off the land (LOTL) techniques—on IT networks for disruptive or destructive cyber activity against U.S. critical infrastructure in the event of a major crisis or conflict with the United States. The fact sheet warns critical infrastructure leaders of the urgent risk posed by Volt Typhoon and provides guidance on specific actions to prioritize the protection of their organization from this threat activity. CISA and its partners strongly urge critical infrastructure organizations leaders to read the guidance provided in the joint fact sheet to defend against this threat. For more information on Volt Typhoon related activity, see PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure alongside supplemental Joint Guidance: Identifying and Mitigating Living off the Land Techniques. To learn more about secure by design principles and practices, visit Secure by Design.
