Archive: 2022 Cybersecurity Alerts

CISA Adds Two Known Exploited Vulnerabilities to Catalog
December 29, 2022

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view the newly added vulnerabilities in the catalog, click on the arrow in the “Date Added to Catalog” column, which will sort by descending dates.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise. BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the specified criteria.

Samba Releases Security Updates
December 16, 2022

The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the following Samba security announcements and apply the necessary updates.

• CVE-2022-38023
• CVE-2022-37966
• CVE-2022-37967
• CVE-2022-45141

VMware Releases Security Updates for Multiple Products
December 13, 2022

VVMware has released security updates to address multiple vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review VMware Security Advisories VMSA-2022-0031, VMSA-2022-0033, and apply the necessary updates.

Apple Releases Security Updates for Multiple Products
December 13, 2022

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected device.

CISA encourages users and administrators to review the Apple security updates page for the following products and apply the necessary updates as soon as possible:

• iCloud for Windows 14.1
• Safari 16.2
• macOS Monterey 12.6.2
• macOS Big Sur 11.7.2
• tvOS 16.2
• watchOS 9.2
• iOS 15.7.2 and iPadOS 15.7.2
• iOS 16.2 and iPadOS 16.2
• macOS Ventura 13.1

CISA Adds Five Known Exploited Vulnerabilities to Catalog
December 13, 2022

CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose a significant risk to the federal enterprise. Note: To view newly added vulnerabilities in the catalog, click on the arrow in the “Date Added to Catalog” column, which will sort by descending dates.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise. BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the specified criteria.

Microsoft Releases December 2022 Security Updates
December 13, 2022

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review Microsoft’s December 2022 Security Update Guide and Deployment Information and apply the necessary updates.

NSA, CISA, and ODNI Release Guidance on Potential Threats to 5G Network Slicing
December 13, 2022

Today, the National Security Agency (NSA), CISA, and the Office of the Director of National Intelligence (ODNI), published Potential Threats to 5G Network Slicing. This guidance—created by the Enduring Security Framework (ESF), a public-private cross-sector working group led by the NSA and CISA—presents both the benefits and risks associated with 5G network slicing. It also provides mitigation strategies that address potential threats to 5G network slicing. The guidance builds upon ESF’s Potential Threat Vectors to 5G Infrastructure, published in 2021.

CISA encourages 5G providers, integrators, and network operators to review this guidance and implement the recommended mitigations. For additional 5G guidance, visit CISA.gov/5G-library.

CISA Updates Advisory on #StopRansomware: Cuba Ransomware
December 13, 2022

The Federal Bureau of Investigation (FBI) and CISA have updated joint Cybersecurity Advisory AA22-335A: #StopRansomware: Cuba Ransomware, originally released on December 01, 2022. The advisory has been updated to include additional indicators of compromise (IOCs).

CISA encourages organizations to review the latest update to AA22-335A and apply the recommended mitigations.

Mozilla Releases Security Updates for Thunderbird and Firefox
December 13, 2022

Mozilla has released security updates to address vulnerabilities in Thunderbird, Firefox ESR, and Firefox. An attacker could exploit these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review Mozilla’s security advisories for Thunderbird 102.6, Firefox ESR 102.6, and Firefox 108 for more information and apply the necessary updates.

Citrix Releases Security Updates for Citrix ADC, Citrix Gateway
December 13, 2022

Citrix has released security updates to address a critical vulnerability (CVE-2022-27518) in Citrix ADC and Citrix Gateway. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability has been exploited in the wild.

CISA encourages users and administrators to review Citrix security bulletin CTX457836 and Citrix’s blog postfor more information and to apply the necessary updates. Additionally, CISA urges organizations to review NSA’s advisory APT5: Citrix ADC Threat Hunting Guidance for detection and mitigation guidance against tools employed by a malicious actor targeting vulnerable Citrix ADC systems.

Cisco Releases Security Advisory for IP Phone 7800 and 8800 Series
December 9, 2022

Cisco released a security advisory for a vulnerability affecting IP Phone 7800 and 8800 Series. A remote attacker could exploit this vulnerability to cause a denial-of-service condition. For more information, see the Cisco Security Advisories page.

CISA encourages users and administrators to review Cisco IP Phone 7800 and 8800 Series Cisco Discovery Protocol Stack Overflow Vulnerability and apply the necessary updates.

CISA Adds One Known Exploited Vulnerability to Catalog
December 5, 2022

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. This type of vulnerability is a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: To view the newly added vulnerabilities in the catalog, click on the arrow in the “Date Added to Catalog” column, which will sort by descending dates.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilitiesestablished the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise. BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the specified criteria.

Cisco Releases Security Updates for Identity Services Engine
November 16, 2022

Cisco has released security updates for vulnerabilities affecting Cisco Identity Services Engine (ISE). A remote attacker could exploit some of these vulnerabilities to bypass authorization and access system files. For updates addressing vulnerabilities, see the Cisco Security Advisories page.

CISA encourages users and administrators to review the following advisories and apply the necessary updates:

• Cisco Identity Services Engine Insufficient Access Control Vulnerability

Mozilla Releases Security Updates for Multiple Products
November 16, 2022

Mozilla has released security updates to address vulnerabilities in Thunderbird, Firefox ESR, and Firefox. An attacker could exploit these vulnerabilities to cause user confusion or conduct spoofing attacks.

CISA encourages users and administrators to review Mozilla’s security advisories for Thunderbird 102.5, Firefox ESR 102.5, and Firefox 107 for mitigations and updates.

CISA Releases One Industrial Control Systems Advisory
November 15, 2022

CISA released one Industrial Control Systems (ICS) advisory on November 15, 2022. This advisory provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations:

• ICSA-22-319-01 Mitsubishi Electric GT SoftGOT2000

CISA Has Added One Known Exploited Vulnerability to Catalog   
November 14, 2022

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. This type of vulnerability is a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: To view the newly added vulnerabilities in the catalog, click on the arrow in the “Date Added to Catalog” column, which will sort by descending dates.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise. BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the specified criteria.

Cisco Releases Security Updates for Multiple Products
November 10, 2022

Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

CISA encourages users and administrators to review the following advisories and apply the necessary updates:

• Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SSL/TLS Client Denial of Service Vulnerability cisco-sa-ssl-client-dos-cCrQPkA
• Cisco Secure Firewall 3100 Series Secure Boot Bypass Vulnerability cisco-sa-fw3100-secure-boot-5M8mUh26
• Cisco Firepower Threat Defense Software Generic Routing Encapsulation Denial of Service Vulnerability cisco-sa-ftd-gre-dos-hmedHQPM
• Cisco FirePOWER Software for ASA FirePOWER Module, Firepower Management Center Software, and NGIPS Software SNMP Default Credential Vulnerability cisco-sa-fmcsfr-snmp-access-6gqgtJ4S
• Cisco Firepower Management Center and Firepower Threat Defense Software SSH Denial of Service Vulnerability cisco-sa-fmc-dos-OwEunWJN
• Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SNMP Denial of Service Vulnerability cisco-sa-asaftd-snmp-dos-qsqBNM6x
• Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Dynamic Access Policies Denial of Service Vulnerability cisco-sa-asa-ftd-dap-dos-GhYZBxDU

Citrix Releases Security Updates for ADC and Gateway
November 9, 2022

Citrix has released security updates to address vulnerabilities in Citrix ADC and Citrix Gateway. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review Citrix Security Updates CTX463706 and apply the necessary updates.

VMware Releases Security Updates
November 9, 2022

VMware has released security updates to address multiple vulnerabilities in VMware Workspace ONE Assist. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review VMware Security Advisory VMSA-2022-0028 and apply the necessary updates and workarounds.

Citrix Releases Security Updates for ADC and Gateway
November 9, 2022

Citrix has released security updates to address vulnerabilities in Citrix ADC and Citrix Gateway. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review Citrix Security Updates CTX463706 and apply the necessary updates.

Microsoft Releases November 2022 Security Updates
November 9, 2022

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review Microsoft’s November 2022 Security Update Guide and Deployment Information and apply the necessary updates.

CISA Adds Seven Known Exploited Vulnerabilities to Catalog
November 8, 2022

CISA has added seven vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow in the “Date Added to Catalog” column, which will sort by descending dates.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise. BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the specified criteria.

Cisco Releases Security Updates for Multiple Products
November 3, 2022

Cisco has released security updates for vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

CISA encourages users and administrators to review the advisories and apply the necessary updates.

Apple Releases Security Update for Xcode
November 3, 2022

Apple has released a security update to address vulnerabilities in Xcode. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apple security page for Xcode 14.1 and apply the necessary update.

CISA Releases Three Industrial Control Systems Advisories
November 3, 2022

CISA has released three (3) Industrial Control Systems (ICS) advisories on November 3, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations:

•    ICSA-22-307-01 ETIC RAS
•    ICSA-22-307-02 Nokia ASIK 5G AirScale System Module
•    ICSA-22-307-03 Delta Industrial Automation DIALink

OpenSSL Releases Security Update
November 1, 2022

OpenSSL has released a security advisory to address two vulnerabilities, CVE-2022-3602 and CVE-2022-3786, affecting OpenSSL versions 3.0.0 through 3.0.6.

Both CVE-2022-3602 and CVE-2022-3786 can cause a denial of service. According to OpenSSL, a cyber threat actor leveraging CVE-2022-3786, “can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution,” allowing them to take control of an affected system.

CISA encourages users and administrators to review the OpenSSL advisory, blog, OpenSSL 3.0.7 announcement, and upgrade to OpenSSL 3.0.7. For additional information on affected products, see the 2022 OpenSSL vulnerability – CVE-2022-3602 GitHub repository, jointly maintained by the Netherland’s National Cyber Security Centrum (NCSC-NL) and CISA.

CISA Upgrades to TLP 2.0
November 1, 2022

Today, CISA officially upgraded to Traffic Light Protocol (TLP) 2.0, which facilitates greater information sharing and collaboration. CISA made this upgrade in accordance with the recommendation from the Forum of Incident Response and Security Teams to upgrade to TLP 2.0 by January 2023.

Key TLP 2.0 updates:

• TLP 2.0 changes TLP:WHITE to TLP:CLEAR.
• TLP 2.0 adds the designation TLP:AMBER+STRICT, which instructs the recipient to keep the information strictly within their organization only.

Note: CISA’s Automated Indicator Sharing (AIS) capability will not update from TLP 1.0 to TLP 2.0 until March 2023. This exception includes AIS’s use of the following open standards: the Structured Threat Information Expression (STIX™) for cyber threat indicators and defensive measures information and the Trusted Automated Exchange of Intelligence Information (TAXII™) for machine-to-machine communications.

CISA encourage all individuals and organizations in the cybersecurity community to adopt TLP 2.0. For more information, see CISA’s TLP webpage, www.cisa.gov/tlp and FIRST’s TLP webpage, https://www.first.org/tlp/.

CISA Releases Guidance on Phishing-Resistant and Numbers Matching Multifactor Authentication
October 31, 2022

CISA has released two fact sheets to highlight threats against accounts and systems using certain forms of multifactor authentication (MFA). CISA strongly urges all organizations to implement phishing-resistant MFA to protect against phishing and other known cyber threats. If an organization using mobile push-notification-based MFA is unable to implement phishing-resistant MFA, CISA recommends using number matching to mitigate MFA fatigue. Although number matching is not as strong as phishing-resistant MFA, it is one of best interim mitigation for organizations who may not immediately be able to implement phishing-resistant MFA.

CISA recommends users and organizations see CISA fact sheets Implementing Phishing-Resistant MFA and Implementing Number Matching in MFA Applications. Visit CISA.gov/MFA for more information on MFA, including an infographic of the hierarchy of MFA options.

CISA Has Added One Known Exploited Vulnerability to Catalog
October 28, 2022

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. This type of vulnerability is a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: To view the newly added vulnerabilities in the catalog, click on the arrow in the “Date Added to Catalog” column, which will sort by descending dates.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise. BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the specified criteria.

VMware Releases Security Updates
October 28, 2022

VMware has released security updates to address multiple vulnerabilities in VMware Cloud Foundation. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review VMware Security Advisory VMSA-2022-002 and apply the necessary updates and workarounds

Joint CISA FBI MS-ISAC Guide on Responding to DDoS Attacks and DDoS Guidance for Federal Agencies
October 28, 2022

October 26, 2022

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected device.

CISA encourages users and administrators to review the Apple security updates page for the following products and apply the necessary updates as soon as possible:

•    Safari 16.1
•    iOS 16.1 and iPadOS 16
•    macOS Big Sur 11.7.1
•    macOS Monterey 12.6.1
•    macOS Ventura 13
•    tvOS 16.1
•    watchOS 9.1

FBI and CISA Publish a PSA on Information Manipulation Tactics for 2022 Midterm Elections
October 7, 2022

The Federal Bureau of Investigation (FBI) and CISA have published a joint public service announcement that:

• Describes methods that foreign actors use to spread and amplify false information—including reports of alleged malicious cyber activity—in attempts to undermine trust in election infrastructure.
• Confirms “the FBI and CISA have no information suggesting any cyber activity against U.S. election infrastructure has impacted the accuracy of voter registration information, prevented a registered voter from casting a ballot, or compromised the integrity of any ballots cast.”

The PSA also describes the extensive safeguards in place to protect election infrastructure and includes recommendations to assist the public in understanding how to find trustworthy sources of election-related information.

Adobe Releases Security Updates for Multiple Products
August 9, 2022

Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates.

• Adobe Commerce APSB22-38
• Acrobat and Reader APSB22-39
• Illustrator APSB22-41
• FrameMaker APSB22-42
• Premiere Elements APSB22-43

Microsoft Releases August 2022 Security Updates
August 9, 2022

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review Microsoft’s August 2022 Security Update Guide and Deployment Information and apply the necessary updates.

VMware Releases Security Updates
August 9, 2022

VMware has released security updates to address multiple vulnerabilities in vRealize Operations. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review VMware Security Advisory VMSA-2022-0022 and apply the necessary updates.

CISA Adds One Known Exploited Vulnerability to Catalog
August 4, 2022

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow in the “Date Added to Catalog” column, which will sort by descending dates.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise. BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the specified criteria.

Cisco Releases Security Updates for RV Series Routers
August 4, 2022

Cisco has released security updates to address vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. 

CISA encourages users and administrators to review Cisco advisory cisco-sa-sb-mult-vuln-CbVp4SUR and apply the necessary updates.

July 22, 2022

Apple has released security updates to address vulnerabilities in multiple products. These updates address vulnerabilities attackers could exploit to take control of affected systems.

CISA encourages users and administrators to review the Apple security updates and apply necessary releases

Cisco Releases Security Updates for Multiple Products
July 22, 2022

Cisco has released security updates to address vulnerabilities in multiple products. Some of these vulnerabilities could allow a remote attacker to execute take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

CISA encourages users and administrators to review the Cisco advisories and apply the necessary updates.

Atlassian Releases Security Advisory for Questions for Confluence App, CVE-2022-26138
July 22, 2022

Atlassian has released a security advisory to address a vulnerability (CVE-2022-26138) affecting Questions for Confluence App. An attacker could exploit this vulnerability to obtain sensitive information. Atlassian reports that the vulnerability is likely to be exploited in the wild.

CISA encourages users and administrators to review Atlassian’s security advisory, Questions For Confluence Security Advisory 2022-07-20, and apply the necessary updates immediately.

Google Releases Security Updates for Chrome
July 21, 2022

Google has released Chrome version 103.0.5060.134  for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates.

Drupal Releases Security Update 
July 21, 2022

Drupal has released security updates to address vulnerabilities affecting Drupal 9.3 and 9.4. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review Drupal security advisory SA-CORE-2022-015 and apply the necessary update.

Oracle Releases July 2022 Critical Patch Update
July 21, 2022 (Updated from July 20, 2022)

Oracle has released its Critical Patch Update for July 2022 to address 349 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the Oracle July 2022 Critical Patch Update and apply the necessary updates.

CISA released Security Advisory on MiCODUS MV720 Global Positioning System (GPS) Tracker
July 19, 2022

CISA has released an Industrial Controls Systems Advisory (ICSA) detailing six vulnerabilities that were discovered in MiCODUS MV720 Global Positioning System Tracker. Successful exploitation of these vulnerabilities may allow a remote actor to exploit access and gain control the global positioning system tracker. These vulnerabilities could impact access to a vehicle fuel supply, vehicle control, or allow locational surveillance of vehicles in which the device is installed.

CISA encourages users and technicians to review ICS Advisory ICSA-22-200-01: MiCODUS MV720 GPS Tracker for technical details and mitigations and the Bitsight Report: Critical Vulnerabilities in Widely Used Vehicle GPS Tracker for additional information.

CISA Updates Advisory on Cyber Actors Continued Exploitation of Log4Shell in VMware Horizon Systems
July 18, 2022

CISA has updated the joint CISA-United States Coast Guard Cyber Command (CGCYBER) Cybersecurity Advisory AA22-174A: Malicious Cyber Actors Continue to Exploit Log4Shell in VMware Horizon, originally released June 23, 2022. The advisory now includes IOCs provided in Malware Analysis Report (MAR)-10382580-2.

CISA and CGCYBER encourage users and administrators to update all affected VMware Horizon and Unified Access Gateway (UAG) systems to the latest versions. If updates or workarounds were not promptly applied following VMware’s release of updates for Log4Shell, treat all affected VMware systems as compromised. See the joint advisory for more information and additional recommendations.

Juniper Networks Releases Security Updates for Multiple Products
July 14, 2022

Juniper Networks has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the Juniper Networks security advisories page and apply the necessary updates.

Microsoft Releases July 2022 Security Updates
July 12, 2022

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review Microsoft’s July 2022 Security Update and Deployment Information and apply the necessary updates.

SAP Releases July 2022 Security Updates
July 12, 2022

SAP has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review SAP Security Patch Day – July 2022 and apply the necessary updates.

Citrix Releases Security Updates for Hypervisor
July 12, 2022

Citrix has released security updates to address vulnerabilities in Hypervisor. An attacker could exploit these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review Citrix Security Updates CTX461397 and apply the necessary updates.

CISA Adds One Known Exploited Vulnerability to Catalog 
July 12, 2022

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow in the “Date Added to Catalog” column, which will sort by descending dates.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise. BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the specified criteria.

FYI: North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector
July 6, 2022

CISA, the Federal Bureau of Investigation (FBI), and the Department of the Treasury (Treasury) have released a joint Cybersecurity Advisory (CSA), North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector, to provide information on Maui ransomware, which has been used by North Korean state-sponsored cyber actors since at least May 2021 to target Healthcare and Public Health (HPH) Sector organizations.

CISA, FBI and Treasury urge network defenders to examine their current cybersecurity posture and apply the recommended mitigations in this joint CSA, which include:

• Train users to recognize and report phishing attempts.
• Enable and enforce multifactor authentication.
• Install and regularly update antivirus and antimalware software on all hosts.

See North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector for Maui ransomware tactics, techniques, and procedures, indicators of compromise, and recommended mitigations. Additionally, review StopRansomware.gov for more guidance on ransomware protection, detection, and response.

For more information on state-sponsored North Korean malicious cyber activity, see CISA’s North Korea Cyber Threat Overview and Advisories webpage.

OpenSSL Releases Security Update
July 6, 2022

OpenSSL has released a security update to address a vulnerability affecting OpenSSL 3.0.4. An attacker could exploit this vulnerability to take control of an affected system.

CISA encourages users and administrators to review the OpenSSL advisory and upgrade to the appropriate version.

Prepare for a New Cryptographic Standard to Protect Against Future Quantum-Based Threats
July 5, 2022

The National Institute of Standards and Technology (NIST) has announced that a new post-quantum cryptographic standard will replace current public-key cryptography, which is vulnerable to quantum-based attacks. Note: the term “post-quantum cryptography” is often referred to as “quantum-resistant cryptography” and includes, “cryptographic algorithms or methods that are assessed not to be specifically vulnerable to attack by either a CRQC [cryptanalytically relevant quantum computer] or classical computer.” (See the National Security Memorandum on Promoting United States Leadership in Quantum Computing While Mitigating Risks to Vulnerable Cryptographic Systems for more information).

Although NIST will not publish the new post-quantum cryptographic standard for use by commercial products until 2024, CISA and NIST strongly recommend organizations start preparing for the transition now by following the Post-Quantum Cryptography Roadmap, which includes:

• Inventorying your organization’s systems for applications that use public-key cryptography.
• Testing the new post-quantum cryptographic standard in a lab environment; however, organizations should wait until the official release to implement the new standard in a production environment.
• Creating a plan for transitioning your organization’s systems to the new cryptographic standard that includes:
  • Performing an interdependence analysis, which should reveal issues that may impact the order of systems transition;
  • Decommissioning old technology that will become unsupported upon publication of the new standard; and
  • Ensuring validation and testing of products that incorporate the new standard.
• Creating acquisition policies regarding post-quantum cryptography. This process should include:
  • Setting new service levels for the transition.
  • Surveying vendors to determine possible integration into your organization’s roadmap and to identify needed foundational technologies.
• Alerting your organization’s IT departments and vendors about the upcoming transition.
• Educating your organization’s workforce about the upcoming transition and providing any applicable training.

For additional guidance and background, CISA and NIST strongly encourage users and administrators to review:

• NIST press release, NIST Announces First Four Quantum-Resistant Cryptographic Algorithms.
• The NIST and Post-Quantum Cryptography, Post-Quantum Cryptography Standardization, and Migration to Post-Quantum Cryptography websites.

Google Releases Security Update for Chrome
July 5, 2022

Google has released Chrome version 103.0.5060.114 for Windows. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

CISA encourages users and administrators to review the Chrome Release Note and apply the necessary update.

CISA Adds One Known Exploited Vulnerability to Catalog
July 1, 2022

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow in the “Date Added to Catalog” column, which will sort by descending dates.

Note: CISA previously added and then removed today’s addition, CVE-2022-26925, to the KEV Catalog after determining that remediations associated with this vulnerability would break certificate authentication for many federal agencies. Details:

• CVE-2022-26925 was mitigated by Microsoft’s June 2022 Patch Tuesday update.
• The Microsoft update also includes remediations for CVE-2022-26923 and CVE-2022-26931, which change the way certificates are mapped to accounts in Active Directory. These changes break certificate authentication for many federal agencies.
• For this reason, CISA has also published a Knowledge Article that provides critical steps that must be followed to prevent service outages. Agencies should review this Knowledge Article carefully before beginning the mitigation process.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise. BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the specified criteria.

#StopRansomware: MedusaLocker
June 30, 2022

CISA, the Federal Bureau of Investigation (FBI), the Department of the Treasury (Treasury), and the Financial Crimes Enforcement Network (FinCEN) have released a joint Cybersecurity Advisory (CSA), #StopRansomware: MedusaLocker, to provide information on MedusaLocker ransomware. MedusaLocker actors target vulnerabilities in Remote Desktop Protocol (RDP) to access victims’ networks. Note: this joint #StopRansomware CSA is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors.

CISA, FBI, Treasury and FinCEN encourage network defenders to examine their current cybersecurity posture and apply the recommended mitigations in this joint CSA, which include:

• Prioritize remediating known exploited vulnerabilities.
• Train users to recognize and report phishing attempts.
• Enable and enforce multifactor authentication.

See #StopRansomware: MedusaLocker to learn about MedusaLocker actors’ tactics, techniques, and procedures and the recommended mitigations. Additionally, review the U.S. government resource StopRansomware.gov for more guidance on ransomware protection, detection, and response.

Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird
June 29, 2022

Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the Mozilla security advisories for Firefox 102, Firefox ESR 91.11, and Thunderbird 91.11 and 102 and apply the necessary updates.

CISA Releases Guidance on Switching to Modern Auth in Exchange Online before October 1
June 28, 2022

CISA has released guidance on switching from Basic Authentication (“Basic Auth”) in Microsoft Exchange Online to Modern Authentication (“Modern Auth”) before Microsoft begins permanently disabling Basic Auth on October 1, 2022. Basic Auth is a legacy authentication method that does not support multifactor authentication (MFA), which is a requirement for Federal Civilian Executive Branch (FCEB) agencies per Executive Order 14028, “Improving the Nation’s Cybersecurity”. Although this guidance is tailored to FCEB agencies, CISA urges all organizations to switch to Modern Auth before October 1 and enable MFA.

CISA recommends all organizations review Switch to Modern Authentication in Exchange Online Before Basic Authentication Deprecation and prioritize moving to Modern Auth. For more information, CISA recommends reviewing Microsoft’s Deprecation of Basic Authentication in Exchange Online documentation and the associated Exchange Team blog post, Basic Authentication Deprecation in Exchange Online.

2022 CWE Top 25 Most Dangerous Software Weaknesses
June 28, 2022

The Homeland Security Systems Engineering and Development Institute, sponsored by CISA and operated by MITRE, has released the 2022 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses list. The list uses data from the National Vulnerability Database to compile the most frequent and critical errors that can lead to serious vulnerabilities in software. An attacker can often exploit these vulnerabilities to take control of an affected system, obtain sensitive information, or cause a denial-of-service condition. This year’s list also incorporates updated weakness data for recent Common Vulnerabilities and Exposure records in the dataset that are part of CISA’s Known Exploited Vulnerabilities Catalog.

CISA encourages users and administrators to review the 2022 CWE Top 25 Most Dangerous Software Weaknesses and evaluate recommended mitigations to determine those most suitable to adopt.

Malicious Cyber Actors Continue to Exploit Log4Shell in VMware Horizon Systems
June 23, 2022

CISA and the United States Coast Guard Cyber Command (CGCYBER) have released a joint Cybersecurity Advisory (CSA) to warn network defenders that cyber threat actors, including state-sponsored advanced persistent threat (APT) actors, have continued to exploit CVE-2021-44228 (Log4Shell) in VMware Horizon® and Unified Access Gateway (UAG) servers to obtain initial access to organizations that did not apply available patches. The CSA provides information—including tactics, techniques, and procedures and indicators of compromise—derived from two related incident response engagements and malware analysis of samples discovered on the victims’ networks.

CISA and CGCYBER encourage users and administrators to update all affected VMware Horizon and UAG systems to the latest versions. If updates or workarounds were not promptly applied following VMware’s release of updates for Log4Shell, treat all affected VMware systems as compromised. See joint CSA Malicious Cyber Actors Continue to Exploit Log4Shell in VMware Horizon Systems for more information and additional recommendations.

CISA Releases Cloud Security Technical Reference Architecture
June 23, 2022

CISA has released its Cloud Security (CS) Technical Reference Architecture (TRA) to guide federal civilian departments and agencies in securely migrating to the cloud. Co-authored by CISA, the United States Digital Service, and the Federal Risk and Authorization Management Program, the CS TRA defines and clarifies considerations for shared services, cloud migration, and cloud security posture management as it fulfills a key mandate in delivering on Executive Order 14028, Improving the Nation’s Cybersecurity.

CISA encourages federal program and project managers involved in cloud migration to review and implement the CS TRA.

CISA Releases Security Advisories Related to OT:ICEFALL (Insecure by Design) Report
June 22, 2022

CISA is aware that Forescout researchers have released OT:ICEFALL, a report on 56 vulnerabilities caused by insecure-by-design practices in operational technology across multiple vendors. The vulnerabilities are divided into four main categories: insecure engineering protocols, weak cryptography or broken authentication schemes, insecure firmware updates and remote code execution via native functionality.

CISA has released five corresponding Industrial Controls Systems Advisories (ICSAs) currently to provide notice of the reported vulnerabilities and identify baseline mitigations for reducing risks to these and other cybersecurity attacks.

CISA encourages users and administrators to review the OT:ICEFALL report as well as the following ICSAs for technical details and mitigations.

• ICSA-22-172-02 : JTEKT TOYOPUC
• ICSA-22-172-03 : Phoenix Contact Classic Line Controllers
• ICSA-22-172-04 : Phoenix Contact ProConOS and MULTIPROG
• ICSA-22-172-05 : Phoenix Contact Classic Line Industrial Controllers
• ICSA-22-172-06 : Siemens WinCC OA

Google Releases Security Updates for Chrome
June 22, 2022

Google has released Chrome version 103.0.5060.53 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

CISA encourages users and administrators to review the Chrome Release Note and apply the necessary update.

Keeping PowerShell: Measures to Use and Embrace
June 22, 2022

Cybersecurity authorities from the United States, New Zealand, and the United Kingdom have released a joint Cybersecurity Information Sheet (CIS) on PowerShell. The CIS provides recommendations for proper configuration and monitoring of PowerShell, as opposed to removing or disabling it entirely due to its use by malicious actors after gaining access into victim networks. These recommendations will help defenders detect and prevent abuse by malicious cyber actors, while enabling legitimate use by administrators and defenders.

CISA urges organizations to review Keeping PowerShell: Measures to Use and Embrace and take actions to strengthen their defenses against malicious cyber activity.

Cisco Releases Security Updates for Multiple Products
June 16, 2022

Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

CISA encourages users and administrators to review the following Cisco advisories and apply the necessary updates:

• Cisco Email Security Appliance and Cisco Secure Email and Web Manager External Authentication Bypass Vulnerability cisco-sa-sma-esa-auth-bypass-66kEcxQD
• Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerability cisco-sa-sb-rv-overflow-s2r82P9v
• Cisco Email Security Appliance and Cisco Secure Email and Web Manager Information Disclosure Vulnerability cisco-sa-esasma-info-dsc-Q9tLuOvM

CISA Requests Public Comment on CISA’s TIC 3.0 Cloud Use Case
June 16, 2022

CISA has released Trusted Internet Connections (TIC) 3.0 Cloud Use Case for public comment. TIC is a federal cybersecurity initiative intended to secure federal data, networks, and boundaries while providing visibility into agency traffic, including cloud communications.

TIC use cases provide guidance on the secure implementation and configuration of specific platforms, services, and environments, and are released on an individual basis. TIC 3.0 Cloud Use Case defines how network and multi-boundary security should be applied in cloud environments, focusing on cloud deployments for Infrastructure-as-a-Service, Platform-as-a-Service, Software-as-a-Service, and Email-as-a-Service. This is the last of the Initial Common Trusted Internet Connections Use Cases outlined in OMB Memorandum M-19-26.

CISA encourages federal government stakeholders to review Executive Assistant Director Goldstein’s blog post and TIC 3.0 Cloud Use Case and share it broadly within their networks.

Citrix Releases Security Updates for Application Delivery Management
June 14, 2022

Citrix has released security updates to address vulnerabilities in Application Delivery Management. An attacker could exploit these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review Citrix Security Update CTX460016 and apply the necessary updates.

Adobe Releases Security Updates for Multiple Products
June 14, 2022

Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates.

• Animate APSB22-24
• Bridge APSB22-25
• Illustrator APSB22-26
• InCopy APSB22-29
• InDesign APSB22-30
• RoboHelp Server APSB22-31

CISA Adds One Known Exploited Vulnerability to Catalog 
June 14, 2022

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow in the “Date Added to Catalog” column, which will sort by descending dates.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise. BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the specified criteria.

SAP Releases June 2022 Security Updates
June 14, 2022

SAP has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review SAP Security Patch Day – June 2022 and apply the necessary updates.

Microsoft Releases June 2022 Security Updates
June 14, 2022

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review Microsoft’s June 2022 Security Update Summary and Deployment Information and apply the necessary updates.

Drupal Releases Security Updates
June 13, 2022

Drupal has released security updates to address a Guzzle third-party library vulnerability that does not affect Drupal core but may affect some contributed projects or custom code on Drupal sites. Exploitation of this vulnerability could allow a remote attacker to take control of an affected website.

CISA encourages users and administrators to review Drupal security advisory SA-CORE-011 and apply the necessary updates.

Google Releases Security Updates for Chrome
June 10, 2022

Google has released Chrome version 102.0.5005.115 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

CISA encourages users and administrators to review the Chrome Release Note and apply the necessary update.

CISA Adds Three Known Exploited Vulnerabilities to Catalog  
June 9, 2022

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow in the “Date Added to Catalog” column, which will sort by descending dates.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise. BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the specified criteria

CISA Adds 36 Known Exploited Vulnerabilities to Catalog 
June 8, 2022

CISA has added 36 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow in the “Date Added to Catalog” column, which will sort by descending dates.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise. BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the specified criteria.

People’s Republic of China State-Sponsored Cyber Actors Exploit Network Providers and Devices
June 7, 2022

CISA, the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) have released a joint Cybersecurity Advisory (CSA) to provide information on ways in which People’s Republic of China (PRC) state-sponsored cyber actors continue to exploit publicly known vulnerabilities in order to establish a broad network of compromised infrastructure across public and private sector organizations. The advisory details PRC state-sponsored targeting and compromise of major telecommunications companies and network service providers. It also provides information on the top vulnerabilities associated with network devices routinely exploited by PRC cyber actors since 2020.

CISA, NSA, and the FBI encourage organizations to review People’s Republic of China State-Sponsored Cyber Actors Exploit Network Providers and Devices to learn about PRC tactics, techniques, and procedures and to apply the recommended mitigations.

CISA Provides Criteria and Process for Updates to the KEV Catalog
June 7, 2022

CISA has updated the Known Exploited Vulnerabilities (KEV) catalog webpage as well as the FAQs for Binding Operational Directive (BOD) 22-01, Reducing the Significant Risk of Known Exploited Vulnerabilities, which established the KEV catalog. The updates provide information on the criteria and process used to add known exploited vulnerabilities to the KEV catalog.

Owl Labs Releases Security Updates for Meeting Owl Pro and Whiteboard Owl
June 7, 2022

Owl Labs has released security updates to address a vulnerability (CVE-2022-31460) in Meeting Owl Pro and Whiteboard Owl. An attacker could exploit this vulnerability to obtain sensitive information.

CISA encourages users and administrators to review the Owl Labs security advisories for Meeting Owl Pro and Whiteboard Owl and update to Version 5.4.1.4.

CISA Releases Security Advisory on Dominion Voting Systems Democracy Suite ImageCast X
June 3, 2022

CISA has released an Industrial Controls Systems Advisory (ICSA) detailing vulnerabilities affecting versions of the Dominion Voting Systems Democracy Suite ImageCast X, which is an in-person voting system used to allow voters to mark their ballot.

Exploitation of these vulnerabilities would require physical access to individual ImageCast X devices, access to the Election Management System (EMS), or the ability to modify files before they are uploaded to ImageCast X devices. Jurisdictions can prevent and/or detect the exploitation of these vulnerabilities by diligently applying the mitigations recommended in ICSA-22-154A, including technical, physical, and operational controls that limit unauthorized access or manipulation of voting systems. Many of these mitigations are already typically standard practice in jurisdictions where these devices are in use and can be enhanced to further guard against exploitation of these vulnerabilities.

While these vulnerabilities present risks that should be mitigated as soon as possible, CISA has no evidence that these vulnerabilities have been exploited in any elections.

Atlassian Releases Security Updates for Confluence Server and Data Center, CVE-2022-26134
June 2, 2022

Atlassian has released a security advisory to address a remote code execution vulnerability (CVE-2022-26134) affecting Confluence Server and Data Center products. An unauthenticated remote attacker could exploit this vulnerability to execute code remotely. Atlassian reports that there is known exploitation of this vulnerability.

There are currently no updates available. Atlassian is working to issue an update. CISA strongly recommends that organizations review Confluence Security Advisory 2022-06-02 for more information. CISA urges organizations with affected Atlassian’s Confluence Server and Data Center products to block all internet traffic to and from those devices until an update is available and successfully applied.

CISA Adds One Known Exploited Vulnerability (CVE-2022-26134) to Catalog  
June 2, 2022

CISA has added one new vulnerability—CVE-2022-26134—to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow on the of the “Date Added to Catalog” column, which will sort by descending dates.

There are currently no updates available. Atlassian is working to issue an update. Per BOD 22-01 Catalog of Known Exploited Vulnerabilities, federal agencies are required to immediately block all internet traffic to and from Atlassian’s Confluence Server and Data Center products until an update is available and successfully applied.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise. BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the meet the specified criteria.

CISA Updates Advisory on Threat Actors Chaining Unpatched VMware Vulnerabilities
June 2, 2022

CISA has updated Cybersecurity Advisory AA22-138B: Threat Actors Chaining Unpatched VMware Vulnerabilities for Full System Control, originally released May 18, 2022. The advisory has been updated to include additional indicators of compromise and detection signatures, as well as tactics, techniques, and procedures reported by trusted third parties.

CISA encourages organizations to review the latest update to AA22-138B and update impacted VMware products to the latest version or remove impacted versions from organizational networks.

Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird
June 1, 2022

Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the Mozilla security advisories for Firefox 101, Firefox ESR 91.10, and Thunderbird 91.10 and apply the necessary updates.

Karakurt Data Extortion Group
June 1, 2022

CISA, the Federal Bureau of Investigation (FBI), the Department of Treasury, and the Financial Crimes Enforcement Network (FinCEN) have released a joint Cybersecurity Advisory (CSA) to provide information on the Karakurt data extortion group. Karakurt actors steal data and threaten to auction it off or release it to the public unless they receive payment of the demanded ransom.

CISA, the FBI, Treasury, and FinCEN encourage organizations to review Karakurt Data Extortion Group to learn about Karakurt’s tactics, techniques, and procedures and to apply the recommended mitigations.

Microsoft Releases Workaround Guidance for MSDT "Follina" Vulnerability
May 31, 2022

Microsoft has released workaround guidance to address a remote code execution (RCE) vulnerability—CVE-2022-30190, known as “Follina”—affecting the Microsoft Support Diagnostic Tool (MSDT) in Windows. A remote, unauthenticated attacker could exploit this vulnerability to take control of an affected system. Microsoft has reported active exploitation of this vulnerability in the wild.

CISA urges users and administrators to review Microsoft’s Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability and apply the necessary workaround.

CISA Releases Secure Tomorrow Series Toolkit
May 31, 2022

The Secure Tomorrow Series Toolkit is a diverse array of interactive and thought-provoking products uniquely designed to assist stakeholders across the critical infrastructure community to self-facilitate and conduct strategic foresight activities that will enable them to derive actionable insights about the future, identify emerging risks, and develop risk management strategies that, if taken today, could enhance long-term critical infrastructure security and resilience to implement now.

Central to the Secure Tomorrow Series effort is the selection of topics that are likely to have highly disruptive impact across multiple National Critical Functions. To this end, the National Risk Management Center worked with subject matter experts from academia, think tanks, the private sector, and the National Labs to help build and refine the knowledge base that underlies the Toolkit activities. This iteration of the Toolkit focuses on three topic areas: (1) anonymity and privacy, (2) trust and social cohesion, and (3) data storage and transmission.

These free voluntary resources are available to stakeholders in every critical infrastructure sector. More specifically, the Toolkit will assist users in identifying and examining risk mitigation strategies, managing uncertainty and encouraging strategic foresight methods in their long-term planning.

TOOLKIT ACTIVITIES

The Toolkit provide a powerful means of increasing risk awareness, identifying risk mitigation solutions, and encouraging systems-level thinking and long-term planning. Specifically, it contains game templates; facilitator, player, and controller guides; read-ahead materials, and other materials needed for users to self-facilitate four different activities:

• Scenarios workshop: Participants explore four different future scenarios (Life Under a Microscope, A Fragmented World, Deep Disinformation, and A New Wave of Cooperation), and identify a set of strategies that would most effectively mitigate risk across all the scenarios.
• Threat timelines activity: Players generate fictional news headlines that describe future security threats to a particular technology or system. Through these headlines, players think about plausible futures, reflect on potential threats to critical infrastructure security and resilience; and identify corresponding mitigating actions that can be put into motion today.
• Matrix games: Players tackle incidents and trends that could negatively affect the U.S. in the future and debate strategies to mitigate accompanying risks to critical infrastructure security and resilience.
• Cross-impacts sessions: Participants brainstorm ideas on how key risk drivers to the three topics might affect different NCFs.

By downloading the Toolkit, users will learn how to conduct foresight activities that will enable them to derive actionable insights about the future, identify emerging risks, and proactively develop corresponding risk management strategies they can implement now.

Read More Here

Google Releases Security Updates for Chrome
May 25, 2022

Google has released Chrome version 102.0.5005.61 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

CISA encourages users and administrators to review the Chrome Release Note and apply the necessary update.

Citrix Releases Security Updates for ADC and Gateway
May 26, 2022

Citrix has released security updates to address vulnerabilities in ADC and Gateway. An attacker could exploit these vulnerabilities to cause a denial-of-service condition.

CISA encourages users and administrators to review Citrix Security Update CTX457048 and apply the necessary updates.

CISA and DoD Release 5G Security Evaluation Process Investigation Study
May 26, 2022

CISA and the Department of Defense (DoD) have released their 5G Security Evaluation Process Investigation Study for federal agencies. The new features, capabilities, and services offered by fifth-generation (5G) cellular network technology can transform mission and business operations; and federal agencies will eventually be applying different 5G usage scenarios: low-, mid-, and high-band spectrum.

The study provides an overview of the proposed 5G Security Evaluation Process and applies the process to a private 5G network use case to demonstrate considerations for each step within the overarching process. The study is a joint effort among CISA, the Department of Homeland Security’s Science and Technology Directorate, and DoD’s Under Secretary of Defense for Research and Engineering.

The proposed process detailed in the study can support government agency activities during the Risk Management Framework system-level “Prepare” step for 5G-enabled systems; and federal program and project managers should use the study’s repeatable methodology in their required evaluations. CISA encourages federal program and project managers involved in 5G implementation to review the blog post by CISA Executive Assistant Director Eric Goldstein, CISA, DHS S&T, DOD Introduce Results of an Assessment into the 5G Security Evaluation Process, which links to the study.

Drupal Releases Security Updates
May 26, 2022

Drupal has released security updates to address a vulnerability that does not affect Drupal core but may affect some contributed projects or custom code on Drupal sites. Exploitation of this vulnerability could allow a remote attacker to take control of an affected website.

CISA encourages users and administrators to review Drupal security advisory SA-CORE-010 and apply the necessary updates.

CISA Adds 34 Known Exploited Vulnerabilities to Catalog
May 25, 2022

CISA has added 34 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow on the of the “Date Added to Catalog” column, which will sort by descending dates.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise. BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the meet the specified criteria.

CISA Adds 20 Known Exploited Vulnerabilities to Catalog
May 24, 2022

CISA has added 20 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow on the of the “Date Added to Catalog” column, which will sort by descending dates.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise. BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the meet the specified criteria.

Mozilla Releases Security Products for Multiple Firefox Products
May 23, 2022

Mozilla has released security updates to address vulnerabilities in Firefox 100.0.2, Firefox for Android 100.3.0, and Firefox ESR 91.9.1. An attacker could exploit these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review Mozilla security advisory MFSA 2022-19 and apply the necessary updates.

ISC Releases Security Advisory for BIND
May 19, 2022

The Internet Systems Consortium (ISC) has released a security advisory that addresses a vulnerability affecting version 9.18.0 of ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit this vulnerability to cause a denial-of-service condition.

CISA encourages users and administrators to review the ISC advisory for CVE-2022-1183 and apply the necessary update.

CISA Releases Analysis of FY21 Risk and Vulnerability Assessments
May 19, 2022

CISA has released an analysis and infographic detailing the findings from the 112 Risk and Vulnerability Assessments (RVAs) conducted across multiple sectors in Fiscal Year 2021 (FY21).

The analysis details a sample attack path comprising 11 successive tactics, or steps, a cyber threat actor could take to compromise an organization with weaknesses that are representative of those CISA observed in FY21 RVAs. The infographic highlights the three most successful techniques for each tactic that the RVAs documented. Both the analysis and the infographic map threat actor behavior to the MITRE ATT&CK® framework.

CISA encourages network defenders to review the analysis and infographic and apply the recommended mitigations to protect against the observed tactics and techniques. For information on CISA RVAs and additional services, visit the CISA Cyber Resource Hub.

CISA Issues Emergency Directive and Releases Advisory Related to VMware Vulnerabilities
May 18, 2022

CISA has issued Emergency Directive (ED) 22-03 and released a Cybersecurity Advisory (CSA) in response to active and expected exploitation of multiple vulnerabilities in the following VMware products: VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM), VMware vRealize Automation (vRA), VMware Cloud Foundation, vRealize Suite Lifecycle Manager.

The CSA, AA22-138B: Threat Actors Chaining Unpatched VMware Vulnerabilities for Full System Control, provides indicators of compromise and detection signatures from CISA as well as trusted third parties to assist administrators with detecting and responding to active exploitation of CVE-2022-22954 and CVE-2022-22960.  Malicious cyber actors were able to reverse engineer the vendor updates to develop an exploit within 48 hours and quickly began exploiting these disclosed vulnerabilities in unpatched devices. Based on this activity, CISA expects malicious cyber actors to quickly develop a capability to exploit CVE-2022-22972 and CVE-2022-22973, which were disclosed by VMware on May 18, 2022.

ED 22-03 directs all Federal Civilian Executive Branch agencies to enumerate all instances of affected VMware products and either deploy updates provided in VMware Security Advisory VMSA-2022-0014, released May 18, 2022, or remove those instances from agency networks.

CISA strongly encourages all organizations to deploy updates provided in VMware Security Advisory VMSA-2022-0014 or remove those instances from networks. CISA also encourages organizations with affected VMware products that are accessible from the internet to assume compromise and initiate threat hunting activities using the detection methods provided in the CSA. If potential compromise is detected, administrators should apply the incident response recommendations included in the CSA.

Threat Actors Exploiting F5 BIG IP CVE-2022-1388
May 18, 2022

CISA and the Multi-State Information Sharing and Analysis Center (MS-ISAC) have released the joint Cybersecurity Advisory Threat Actors Exploiting F5 BIG-IP CVE-2022-1388 in response to active exploitation of CVE-2022-1388, which affects F5 Networks BIG-IP devices. The vulnerability allows an unauthenticated actor to gain control of affected systems via the management port or self-IP addresses.

CISA encourages users and administrators to review the joint advisory for detection methods and mitigations, which include updating F5 BIG-IP software, or, if unable to immediately update, applying temporary workarounds.

Apple Releases Security Updates for Multiple Products
May 17, 2022

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. Note: Apple notes they are aware of a report that states CVE-2022-22675 may have been actively exploited. CVE-2022-22675 affects watchOS, tvOS, and macOS Big Sur.

CISA encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates.

• watchOS 8.6
• tvOS 15.3
• macOS Catalina
• macOS Big Sur 11.6.6
• macOS Monterey 12.4
• iOS 15.5 and iPad OS 15.5
• Xcode 13.4

Weak Security Controls and Practices Routinely Exploited for Initial Access
May 17, 2022

The cybersecurity authorities of the United States, Canada, New Zealand, the Netherlands, and the United Kingdom have issued a joint Cybersecurity Advisory (CSA) on 10 routinely exploited weak security controls, poor configurations, and bad practices that allow malicious actors to compromise networks. While these poor practices may be common, organizations can apply basic practices, such as the following, to help protect their systems:

• Control access.
• Harden credentials.
• Establish centralized log management.
• Use antivirus solutions.
• Employ detection tools.
• Operate services exposed on internet-accessible hosts with secure configurations.
• Keep software updated.

Apache Releases Security Advisory for Tomcat
May 16, 2022

The Apache Software Foundation has released a security advisory to address a vulnerability in multiple versions of Tomcat. An attacker could exploit this vulnerability to obtain sensitive information.

CISA encourages users and administrators to review Apache’s security advisory and apply the necessary updates.

CISA Temporarily Removes CVE-2022-26925 from Known Exploited Vulnerability Catalog
May 13, 2022

CISA is temporarily removing CVE-2022-26925 from its Known Exploited Vulnerability Catalog due to a risk of authentication failures when the May 10, 2022 Microsoft rollup update is applied to domain controllers. After installing May 10, 2022 rollup update on domain controllers, organizations might experience authentication failures on the server or client for services, such as Network Policy Server (NPS), Routing and Remote access Service (RRAS), Radius, Extensible Authentication Protocol (EAP), and Protected Extensible Authentication Protocol (PEAP). Microsoft notified CISA of this issue, which is related to how the mapping of certificates to machine accounts is being handled by the domain controller.

For more information see the Microsoft Knowledge Base article, KB5014754—Certificate-based authentication changes on Windows domain controllers: Key Distribution Center registry key.

Note: installation of updates released May 10, 2022, on client Windows devices and non-domain controller Windows Servers will not cause this issue and is still strongly encouraged. This issue only affects May 10, 2022 updates installed on servers used as domain controllers. Organizations should continue to apply updates to client Windows devices and non-domain controller Windows Servers.

Adobe Releases Security Updates for Multiple Products
May 12, 2022

Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates.

•    Character Animator APSB22-21
•    ColdFusion APSB22-22
•    InDesign APSB22-23
•    Framemaker APSB22-27
•    InCopy APSB22-28