Cybersecurity Alerts
Recent Cybersecurity Alerts
CISA Issues BOD 25-01, Implementing Secure Practices for Cloud Services
12/17/2024
Today, CISA issued Binding Operational Directive (BOD) 25-01, Implementing Secure Practices for Cloud Services to safeguard federal information and information systems. This Directive requires federal civilian agencies to identify specific cloud tenants, implement assessment tools, and align cloud environments to CISA’s Secure Cloud Business Applications (SCuBA) secure configuration baselines.
Recent cybersecurity incidents highlight the significant risks posed by misconfigurations and weak security controls, which attackers can use to gain unauthorized access, exfiltrate data, or disrupt services. As part of CISA and the broad U.S. government’s effort to move the federal civilian enterprise to a more defensible posture, this Directive will further reduce the attack surface of the federal government networks.
The new Directive can be found at Binding Operational Directive (BOD) 25-01. To learn more about CISA Directives, visit Cybersecurity Directives webpage.
CISA Adds Two Known Exploited Vulnerabilities to Catalog
12/16/2024
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
- CVE-2024-20767 Adobe ColdFusion Improper Access Control Vulnerability
- CVE-2024-35250 Microsoft Windows Kernel-Mode Driver Untrusted Pointer Dereference Vulnerability
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
CISA Requests Public Comment for Draft National Cyber Incident Response Plan Update
12/16/2024
Today, CISA—through the Joint Cyber Defense Collaborative and in coordination with the Office of the National Cyber Director (ONCD)—released the National Cyber Incident Response Plan Update Public Comment Draft. The draft requests public comment on the National Cyber Incident Response Plan (NCIRP)—public comment period begins today and concludes on January 15, 2025.
Since initial publication in 2016, CISA conducted broad and extensive engagement and information exchanges with public and private sector partners, interagency partners, federal Sector Risk Management Agencies (SRMAs), and regulators to build upon the successes of the inaugural NCIRP. The draft NCIRP update describes a national approach to coordinating significant cyber incident detection and response.
The draft update considers the evolution in the cyber threat landscape and lessons learned from historical incidents. The text also addresses the vital role that the private sector, state and local governments (including tribal and territorial), and federal agencies hold in responding to cyber incidents.
CISA is seeking more perspectives to help strengthen the NCIRP and invites stakeholders from across the public and private sectors to share their knowledge and experiences, further informing our findings and contributing to this revision. Public comments may be posted via the Federal Register.
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
- CVE-2024-50623 Cleo Multiple Products Unrestricted File Upload Vulnerability
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
Microsoft released security updates to address vulnerabilities in multiple Microsoft products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review the following and apply necessary updates:
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
- CVE-2024-49138 Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
Fortinet has updated their security advisory addressing a critical FortiManager vulnerability (CVE-2024-47575) to include additional workarounds and indicators of compromise (IOCs). A remote, unauthenticated cyber threat actor could exploit this vulnerability to gain access to sensitive files or take control of an affected system. At this time, all patches have been released.
CISA previously added this vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation, as confirmed by Fortinet.
CISA strongly encourages users and administrators to apply the necessary updates, hunt for any malicious activity, assess potential risk from service providers, report positive findings to CISA, and review the following articles for additional information:
- Fortinet Advisory FG-IR-24-423,
- CISA alert on the Fortinet FortiManager Missing Authentication Vulnerability,
- Google Threat Intelligence article Investigating FortiManager Zero-Day Exploitation (CVE-2024-47575).
This product is provided subject to this Notification and this Privacy & Use policy.
CISA, through the Joint Cyber Defense Collaborative (JCDC), enabled swift, coordinated response and information sharing in the wake of a significant IT outage caused by a CrowdStrike software update. This outage, which impacted government, critical infrastructure, and industry across the globe, led to disruptions in essential services, including air travel, healthcare, and financial operations.
Leveraging its unique ability to bring together public and private sector partners, JCDC facilitated virtual engagements with over 1,000 federal agency representatives. In close collaboration with CrowdStrike, a JCDC partner, CISA provided critical updates, mitigation guidance, and analysis on the potential for malicious exploitation of the outage. This rapid coordination enabled key information to be quickly disseminated across federal networks, helping to expedite mitigation and protect U.S. government systems.
This successful response underscores JCDC’s essential role in uniting industry and government partners to address cyber challenges that could impact national security and resilience. For more information about JCDC’s efforts, visit the JCDC Success Stories webpage and CISA.gov/JCDC.
Threat Actors Continue to Exploit OT/ICS through Unsophisticated Means
09/25/2024
CISA continues to respond to active exploitation of internet-accessible operational technology (OT) and industrial control systems (ICS) devices, including those in the Water and Wastewater Systems (WWS) Sector. Exposed and vulnerable OT/ICS systems may allow cyber threat actors to use default credentials, conduct brute force attacks, or use other unsophisticated methods to access these devices and cause harm.
CISA urges OT/ICS operators in critical infrastructure sectors to apply the recommendations listed in Defending OT Operations Against Ongoing Pro-Russia Hacktivist Activity to defend against this activity. To learn more about secure by design principles and practices, visit CISA’s Secure by Design webpage. For more information and guidance on protection against the most common and impactful threats, tactics, techniques, and procedures, visit CISA’s Cross-Sector Cybersecurity Performance Goals.
CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
- CVE-2024-27348 Apache HugeGraph-Server Improper Access Control Vulnerability
- CVE-2020-0618 Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability
- CVE-2019-1069 Microsoft Windows Task Scheduler Privilege Escalation Vulnerability
- CVE-2022-21445 Oracle JDeveloper Remote Code Execution Vulnerability
- CVE-2020-14644 Oracle WebLogic Server Remote Code Execution Vulnerability
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
CISA and FBI Release Secure by Design Alert on Eliminating Cross-Site Scripting Vulnerabilities
09/17/2024
Today, CISA and FBI released a Secure by Design Alert, Eliminating Cross-Site Scripting Vulnerabilities, as a part of our ongoing effort to reduce the prevalence of vulnerability classes at scale. Vulnerabilities like cross-site scripting (XSS) continue to appear in software, enabling threat actors to exploit them. However, cross-site scripting vulnerabilities are preventable and should not be present in software products.
CISA and FBI urge CEOs and other business leaders at technology manufacturers to direct their technical leaders/teams to review past instances of these defects and create a strategic plan to prevent them in the future.
Visit our website to learn more about the principles of Secure by Design, take the Secure by Design Pledge, and stay informed on the latest Secure by Design Alerts.
CISA Releases Analysis of FY23 Risk and Vulnerability Assessments
09/13/2024
CISA has released an analysis and infographic detailing the findings from the 143 Risk and Vulnerability Assessments (RVAs) conducted across multiple critical infrastructure sectors in fiscal year 2023 (FY23).The analysis details a sample attack path including tactics and steps a cyber threat actor could follow to compromise an organization with weaknesses representative of those CISA observed in FY23 RVAs.
The infographic highlights the most successful techniques for each tactic that RVAs documented. Both the analysis and infographic map threat actor behavior to the MITRE ATT&CK®framework.CISA encourages network defenders to review the analysis and infographic and apply the recommended mitigations to protect against the observed tactics and techniques.
09/13/2024
CISA has released an analysis and infographic detailing the findings from the 143 Risk and Vulnerability Assessments (RVAs) conducted across multiple critical infrastructure sectors in fiscal year 2023 (FY23).
The analysis details a sample attack path including tactics and steps a cyber threat actor could follow to compromise an organization with weaknesses representative of those CISA observed in FY23 RVAs. The infographic highlights the most successful techniques for each tactic that RVAs documented. Both the analysis and infographic map threat actor behavior to the MITRE ATT&CK®framework.
CISA encourages network defenders to review the analysis and infographic and apply the recommended mitigations to protect against the observed tactics and techniques.
Citrix released security updates to address multiple vulnerabilities in the Citrix Workspace App for Windows. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review the following and apply necessary updates:
Today, the Federal Bureau of Investigation (FBI)—in partnership with CISA, the National Security Agency (NSA), and other U.S. and international partners—released a joint Cybersecurity Advisory Russian Military Cyber Actors Target U.S. and Global Critical Infrastructure. This advisory provides overlapping cybersecurity industry cyber threat intelligence, tactics, techniques, and procedures (TTPs) and Indicators of Compromise (IOCs) associated with Russian General Staff Main Intelligence Directorate (GRU) 161st Specialist Training Center (Unit 29155) cyber actors, both during and succeeding their deployment of the WhisperGate malware against Ukraine.These cyber actors are responsible for computer network operations against global targets for the purposes of espionage, sabotage, and reputational harm since at least 2020. The authoring agencies encourage organizations to review this advisory for recommended mitigations against such malicious activity.
For additional information on Russian state-sponsored malicious cyber activity and related indictments, see the recent U.S. Department of Justice (DOJ) press release for June 26, 2024, and Sept. 5, 2024, FBI’s Cyber Crime webpage, and CISA’s Russia Cyber Threat Overview and Advisories webpage.
CISA and Partners Release Advisory on Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations
08/28/2024 10:30 AM EDT
Today, CISA—in partnership with the Federal Bureau of Investigation (FBI) and the Department of Defense Cyber Crime Center (DC3)—released Iran-based Cyber Actors Enabling Ransomware Attacks on U.S. Organizations. This joint advisory warns of cyber actors, known in the private sector as Pioneer Kitten, UNC757, Parisite, Rubidium, and Lemon Sandstorm, targeting and exploiting U.S. and foreign organizations across multiple sectors in the U.S.
FBI investigations conducted as recently as August 2024 assess that cyber actors like Pioneer Kitten are connected with the Government of Iran (GOI) and linked to an Iranian information technology (IT) company. Their malicious cyber operations are aimed at deploying ransomware attacks to obtain and develop network access. These operations aid malicious cyber actors in further collaborating with affiliate actors to continue deploying ransomware.
This advisory highlights similarities to a previous advisory, Iran-Based Threat Actor Exploits VPN Vulnerabilities published on Sept. 15, 2020, and provides known indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs).
CISA and partners encourage critical infrastructure organizations to review and implement the mitigations provided in this joint advisory to reduce the likelihood and impact of ransomware incidents. For more information on Iranian state-sponsored threat actor activity, see CISA’s Iran Cyber Threat Overview and Advisories page.
See #StopRansomware along with the updated #StopRansomware Guide for additional guidance on ransomware protection, detection, and response. Visit CISA’s Cross-Sector Cybersecurity Performance Goals for more information on the CPGs, including additional recommended baseline protections.
Today, the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), CISA, FBI, NSA, and international partners are releasing Best Practices for Event Logging and Threat Detection. This guide will assist organizations in defining a baseline for event logging to mitigate malicious cyber threats.
The increased prevalence of malicious actors employing living off the land (LOTL) techniques, such as living off the land binaries (LOLBins) and fileless malware, highlights the importance of implementing and maintaining an effective event logging program.
CISA encourages public and private sector senior information technology (IT) decision makers, operational technology (OT) operators, network administrators, network operators, and critical infrastructure organizations to review the best practices in the guide and implement recommended actions. These actions can help detect malicious activity, behavioral anomalies, and compromised networks, devices, or accounts.
For more information on LOTL techniques, see joint guidance Identifying and Mitigating Living Off the Land Techniques and CISA’s Secure by Design Alert Series.
For more information and guidance on event logging and threat detection, see CISA’s Secure Cloud Business Applications (SCuBA) products, network traffic analysis tool Malcom, and Logging Made Easy.
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
- CVE-2024-28986 SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
Adobe Releases Security Updates for Multiple Products
08/14/2024 01:00 PM EDT
Adobe released security updates to address multiple vulnerabilities in Adobe software. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates:
Microsoft Releases August 2024 Security Updates
08/13/2024 04:00 PM EDT
Microsoft released security updates to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review the following and apply necessary updates:
CISA Adds Six Known Exploited Vulnerabilities to Catalog
08/13/2024 03:00 PM EDT
CISA has added six new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
- CVE-2024-38189 Microsoft Project Remote Code Execution Vulnerability
- CVE-2024-38178 Microsoft Windows Scripting Engine Memory Corruption Vulnerability
- CVE-2024-38213 Microsoft Windows SmartScreen Security Feature Bypass Vulnerability
- CVE-2024-38193 Microsoft Windows Ancillary Function Driver for WinSock Privilege Escalation Vulnerability
- CVE-2024-38106 Microsoft Windows Kernel Privilege Escalation Vulnerability
- CVE-2024-38107 Microsoft Windows Power Dependency Coordinator Privilege Escalation Vulnerability
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See theBOD 22-01 Fact Sheet for more information.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
Today, CISA—in partnership with the Federal Bureau of Investigation (FBI)—released an update to joint Cybersecurity Advisory #StopRansomware: Royal Ransomware, #StopRansomware: BlackSuit (Royal) Ransomware. The updated advisory provides network defenders with recent and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) associated with BlackSuit and legacy Royal activity. FBI investigations identified these TTPs and IOCs as recently as July 2024.
BlackSuit ransomware attacks have spread across numerous critical infrastructure sectorsincluding, but not limited to, commercial facilities, healthcare and public health, government facilities, and critical manufacturing.
CISA encourages network defenders to review the updated advisory and apply the recommended mitigations. See #StopRansomware for additional guidance on ransomware protection, detection, and response. Visit CISA’s Cross-Sector Cybersecurity Performance Goals for more information on the CPGs, including additional recommended baseline protections.
CISA encourages software manufacturers to take ownership of improving the security outcomes of their customers by applying secure by design tactics. For more information on secure by design, see CISA’s Secure by Design webpage and joint guide Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Secure by Design Software.
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
- CVE-2012-4792 Microsoft Internet Explorer Use-After-Free Vulnerability
- CVE-2024-39891 Twilio Authy Information Disclosure Vulnerability
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
Note: CISA will update this Alert with more information as it becomes available.
As of 1130am EST July 19, 2024:
CISA is aware of the widespread outage affecting Microsoft Windows hosts due to an issue with a recent CrowdStrike update and is working closely with Crowdstrike and federal, state, local, tribal and territorial (SLTT) partners, as well as critical infrastructure and international partners to assess impacts and support remediation efforts. CrowdStrike has confirmed the outage:
- Impacts Windows 10 and later systems.
- Does not impact Mac and Linux hosts.
- Is due to the CrowdStrike Falcon content update and not to malicious cyber activity.
According to CrowdStrike, the issue has been identified, isolated and a fix has been deployed. CrowdStrike customer organizations should reference CrowdStrike guidance and their customer portal to resolve the issue.
Of note, CISA has observed threat actors taking advantage of this incident for phishing and other malicious activity. CISA urges organizations and individuals to remain vigilant and only follow instructions from legitimate sources. CISA recommends organizations to remind their employees to avoid clicking on phishing emails or suspicious links.
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
- CVE-2024-23692 Rejetto HTTP File Server Improper Neutralization of Special Elements Used in a Template Engine Vulnerability
- CVE-2024-38080 Microsoft Windows Hyper-V Privilege Escalation Vulnerability
- CVE-2024-38112 Microsoft Windows MSHTML Platform Spoofing Vulnerability
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
Progress Software released a security bulletin to address a vulnerability in MOVEit Transfer. A cyber threat actor could exploit this vulnerability to take control of an affected system.
Users and administrators are encouraged to review the following bulletin and apply the necessary updates:
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
- CVE-2022-24816 GeoSolutionsGroup JAI-EXT Code Injection Vulnerability
- CVE-2022-2586 Linux Kernel Use-After-Free Vulnerability
- CVE-2020-13965 Roundcube Webmail Cross-Site Scripting (XSS) Vulnerability
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
- CVE-2024-32896 Android Pixel Privilege Escalation Vulnerability
- CVE-2024-26169 Microsoft Windows Error Reporting Service Improper Privilege Management Vulnerability
- CVE-2024-4358 Progress Telerik Report Server Authentication Bypass by Spoofing Vulnerability
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
Impersonation scams are on the rise and often use the names and titles of government employees. The Cybersecurity and Infrastructure Security Agency (CISA) is aware of recent impersonation scammers claiming to represent the agency. As a reminder, CISA staff will never contact you with a request to wire money, cash, cryptocurrency, or use gift cards and will never instruct you to keep the discussion secret.
If you suspect you are a target of an impersonation scammer claiming to be a CISA employee:
• Do not pay the caller.
• Take note of the phone number calling you.
• Hang up immediately.
• Validate the contact by calling CISA at (844) SAY-CISA (844-729-2472) or report it to law enforcement.
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
- CVE-2017-3506 Oracle WebLogic Server OS Command Injection Vulnerability
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
Adobe Releases Security Updates for Multiple Products
05/15/2024
Adobe has released security updates to address vulnerabilities in Adobe software. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.
Users and administrators are encouraged to review the following Adobe Security Bulletins and apply necessary updates:
- Adobe Acrobat and Reader
- Adobe Illustrator
- Substance 3D Painter
- Adobe Aero
- Substance 3D Designer
- Adobe Animate
- Adobe FrameMaker
- Adobe Dreamweaver
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
- CVE-2024-30051 Microsoft DWM Core Library Privilege Escalation Vulnerability
- CVE-2024-30040 Microsoft Windows MSHTML Platform Security Feature Bypass Vulnerability
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
Content: Microsoft has released security updates to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.
Users and administrators are encouraged to review the following advisory and apply the necessary updates:
Apple Releases Security Updates for Multiple Products
05/14/2024
Apple has released security updates to address vulnerabilities in Safari, iOS, iPadOS, macOS, watchOS, and tvOS. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.
Users and administrators are encouraged to review the following advisories and apply necessary updates:
- Safari 17.5
- iOS 17.5 and iPadOS 17.5
- iOS 16.7.8 and iPadOS 16.7.8
- macOS Sonoma 14.5
- macOS Ventura 13.6.7
- macOS Monterey 12.7.5
- watchOS 10.5
- tvOS 17.5
Today, CISA, in partnership with the Federal Bureau of Investigation (FBI), the Department of Health and Human Services (HHS), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released joint Cybersecurity Advisory (CSA) #StopRansomware: Black Basta to provide cybersecurity defenders tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) used by known Black Basta ransomware affiliates and identified through FBI investigations and third-party reporting.
Black Basta is a ransomware-as-a-service (RaaS) variant, first identified in April 2022. Black Basta affiliates have targeted over 500 private industry and critical infrastructure entities, including healthcare organizations, in North America, Europe, and Australia.
CISA and partners encourage organizations to review and implement the mitigations provided in the joint CSA to reduce the likelihood and impact of Black Basta and other ransomware incidents. For more information, see StopRansomware.gov and the #StopRansomware Guide.
05/09/2024
Today, the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), together with CISA, the Canadian Centre for Cyber Security (CCCS), the United Kingdom’s National Cyber Security Centre (NCSC-UK), and the New Zealand National Cyber Security Centre (NCSC-NZ) are releasing the following guidance: Secure by Design Choosing Secure and Verifiable Technologies. This guidance was crafted to provide organizations with secure by design considerations when procuring digital products and services.
The guidance contains a range of internal and external considerations and offers sample questions to leverage at each stage of the procurement process. Additionally, the guidance informs manufacturers on steps they should be taking to align their development processes to secure by design principles and practices.
CISA and partners encourage all organizations to read the guidance to assist with making secure and informed choices when procuring digital products and services. Software manufacturers are also encouraged to incorporate the secure by design principles and practices found in the guidance. To learn more about secure by design principles and practices, visit CISA’s Secure by Design webpage.
Today, CISA, in collaboration with U.S. and international partners, published a joint fact sheet, Defending OT Operations Against Ongoing Pro-Russia Hacktivist Activity. This fact sheet provides information and mitigations associated with cyber operations conducted by pro-Russia hacktivists who seek to compromise industrial control systems (ICS) and small-scale operational technology (OT) systems in North American and European critical infrastructure sectors, including Water and Wastewater Systems, Dams, Energy, and Food and Agriculture Sectors.
The pro-Russia hacktivist activity appears mostly limited to unsophisticated techniques that manipulate ICS equipment to create nuisance effects. However, investigations have identified that these actors are capable of techniques that pose physical threats against insecure and misconfigured OT environments.
CISA and partners encourage OT operators in critical infrastructure sectors to apply the recommendations listed in the fact sheet to defend against this activity. To learn more about secure by design principles and practices, visit CISA’s Secure by Design webpage. For more information and guidance on protection against the most common and impactful threats, tactics, techniques, and procedures, visit CISA’s Cross-Sector Cybersecurity Performance Goals.
(Note: The CVE description below has been updated to address an issue in the initial email.)
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
- CVE-2023-7028 GitLab Community and Enterprise Editions Improper Access Control Vulnerability
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.