Cybersecurity Alerts

Recent Cybersecurity Alerts

03/07/2024 

Today, CISA and the National Security Agency (NSA) released five joint Cybersecurity Information Sheets (CSIs) to provide organizations with recommended best practices and/or mitigations to improve the security of their cloud environment(s).

CISA and NSA encourage all organizations to review the practices and implement the mitigations provided in the joint CSIs to help strengthen their cloud security. For more information on cloud security best practices, see CISA’s Secure Cloud Business Applications (SCuBA) Project and Trusted Internet Connections (TIC) pages.


03/07/2024 

 

Apple released security updates to address vulnerabilities in iOS and iPadOS. A cyber threat actor could exploit one of these vulnerabilities to obtain sensitive information.

CISA encourages users and administrators to review the following security releases and apply the necessary updates:


03/06/2024 

 

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See theBOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.


03/05/2024 

 

CISA released three Industrial Control Systems (ICS) advisories on March 5, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations.


03/04/2024 

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

  • CVE-2024-21338 Microsoft Windows Kernel Exposed IOCTL with Insufficient Access Control Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.


02/29/2024 

Today, CISA, the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint Cybersecurity Advisory (CSA), #StopRansomware: Phobos Ransomware, to disseminate known tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs), which are from incident response investigations tied to Phobos ransomware activity from as recently as February 2024.

Structured as a ransomware as a service (RaaS) model, Phobos ransomware actors have targeted entities including municipal and county governments, emergency services, education, public healthcare, and critical infrastructure to successfully ransom several million in U.S. dollars. CISA, the FBI, and MS-ISAC encourages critical infrastructure organizations to review and implement the mitigations provided in the joint CSA to reduce the likelihood and impact of Phobos ransomware and other ransomware incidents.

For more information, see CISA’s #StopRansomware webpage and the updated #StopRansomware Guide.


02/29/2024

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

  • CVE-2023-29360 Microsoft Streaming Service Untrusted Pointer Dereference Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See theBOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.


02/27/2024

Today, CISA, the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) released an update to the joint advisory #StopRansomware: ALPHV Blackcat to provide new indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) associated with the ALPHV Blackcat ransomware as a service (RaaS). ALPHV Blackcat affiliates have been observed primarily targeting the healthcare sector.

CISA, the FBI, and HHS urge network defenders to review the updated joint advisory to protect and detect against malicious activity.

All organizations are encouraged to share information on incidents and anomalous activity to CISA’s 24/7 Operations Center at report@cisa.gov or via our Report page, and/or to the FBI via your local FBI field office or the FBI’s 24/7 CyWatch at (855) 292-3937 or CyWatch@fbi.gov.  For more on ransomware, visit stopransomware.gov.


02/26/2024

CISA, in partnership with UK National Cyber Security Centre (NCSC) and other U.S. and international partners released the joint advisory, SVR Cyber Actors Adapt Tactics for Initial Cloud Access. This advisory provides recent tactics, techniques, and procedures (TTPs) used by Russian Foreign Intelligence Service (SVR) cyber actors—also known as APT29, the Dukes, CozyBear, and NOBELIUM/Midnight Blizzard—to gain initial access into a cloud environment.

The authoring agencies encourage network defenders and organizations review the joint advisory for recommended mitigations. For more information on APT29, see joint CSA Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally or visit CISA’s Russia Cyber Threat Overview and Advisories page. For more guidance on cloud security best practices, see CISA’s Secure Cloud Business Applications (SCuBA) Project.


CISA Adds One Known Exploited Vulnerability to Catalog
02/22/2024 12:00 PM EST

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

  • CVE-2024-1709 ConnectWise ScreenConnect Authentication Bypass Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.


Mozilla Releases Security Updates for Firefox and Thunderbird
02/21/2024 10:15 AM EST

Mozilla released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the following Mozilla Security Advisories and apply the necessary updates:


CISA Adds Two Known Exploited Vulnerabilities to Catalog
02/15/2024 05:30 PM EST

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

  • CVE-2020-3259 Cisco ASA and FTD Information Disclosure Vulnerability
  • CVE-2024-21410 Microsoft Exchange Server Privilege Escalation Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.


CISA and MS-ISAC Release Advisory on Compromised Account Used to Access State Government Organization
02/15/2024 03:00 PM EST

Today, CISA and the Multi-State Information Sharing & Analysis Center (MS-ISAC) released a joint Cybersecurity Advisory (CSA), Threat Actor Leverages Compromised Account of Former Employee to Access State Government Organization to provide network defenders with the tactics, techniques, and procedures (TTPs) utilized by a threat actor and methods to protect against similar exploitation.

Following an incident response assessment of a state government organization’s network environment, analysis confirmed compromise through network administrator credentials of a former employee. This allowed the threat actor to successfully authenticate to an internal virtual private network (VPN) access point.

CISA and MS-ISAC encourage network defenders and organizations review the TTPs and implement the mitigations provided in the joint CSA. For more information, visit CISA’s Cross-Sector Cybersecurity Performance Goals.


Adobe Releases Security Updates for Multiple Products
02/13/2024 07:00 AM EST

Adobe has released security updates to address vulnerabilities in Adobe software. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates:


CISA Adds One Known Exploited Vulnerability to Catalog
01/31/2024 

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

  • CVE-2022-48618 Apple Multiple Products Improper Authentication Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.


New Mitigations to Defend Against Exploitation of Ivanti Connect Secure and Policy Secure Gateways
01/30/2024 

CISA is releasing this alert to provide cyber defenders with new mitigations to defend against threat actors exploiting Ivanti Connect Secure and Policy Secure Gateways vulnerabilities in Ivanti devices (CVE-2023-46805 and CVE-2024-21887).

Threat actors are continuing to leverage vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways to capture credentials and/or drop webshells that enable further compromise of enterprise networks. Some threat actors have recently developed workarounds to current mitigations and detection methods and have been able to exploit weaknesses, move laterally, and escalate privileges without detection. CISA is aware of instances in which sophisticated threat actors have subverted the external integrity checker tool (ICT), further minimizing traces of their intrusion.

If an organization has been running Ivanti Connect Secure (9.x and 22.x) and Policy Secure gateways over the last several weeks and/or continues to run these products, CISA recommends continuous threat hunting on any systems connected to—or recently connected to—the Ivanti device. Additionally, organizations should monitor authentication, account usage, and identity management services that could be exposed and isolate the system(s) from any enterprise resources as much as possible.

After applying patches, when these become available, CISA recommends that organizations continue to hunt their network in order to detect any compromise that may have occurred before patches were implemented.

This guidance supplements CISA’s previous guidance for mitigation and detection, which remains applicable. For previous guidance, see CISA Issues Emergency Directive on Ivanti Vulnerabilitiesand Ivanti Releases Security Update for Connect Secure and Policy Secure Gateways.


01/23/2024 12:00 PM EST

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

  • CVE-2024-23222 Apple Multiple Products Type Confusion Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.


01/19/2024 

CISA has issued Emergency Directive (ED) 24-01 Mitigate Ivanti Connect Secure and Ivanti Policy Secure Vulnerabilities in response to active vulnerabilities in the following Ivanti products: Ivanti Connect Secure and Ivanti Policy Secure.

ED 24-01 directs all Federal Civilian Executive Branch (FCEB) agencies running Ivanti Connect Secure and Ivanti Policy Secure to:

  • Implement the mitigations as detailed in the ED.
  • Report indications of compromise to CISA.
  • Remove compromised products from agency networks and follow the ED’s comprehensive instructions for restoring and bringing the products back into service.
  • Apply the updates to the products within 48 hours of Ivanti releasing the updates.
  • Provide CISA with a report that includes:
    • A complete inventory of all instances of Ivanti Connect Secure and Ivanti Policy Secure products on agency networks.
    • Details on actions taken and results.

Although this directive is only for FCEB agencies, CISA strongly encourages all organizations to address the vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure. For additional details, see CISA’s Alert, Ivanti Releases Security Update for Connect Secure and Policy Secure Gateways, which CISA will update with further mitigations and patches as these become available.


01/17/2024 

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

  • CVE-2023-6549 Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability
  • CVE-2023-6548 Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability
  • CVE-2024-0519 Google Chromium V8 Out-of-Bounds Memory Access Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.


01/16/2024

Today, CISA and the Federal Bureau of Investigation (FBI) released a joint Cybersecurity Advisory (CSA), Known Indicators of Compromise Associated with Androxgh0st Malware, to disseminate known indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) associated with threat actors deploying Androxgh0st malware.

Androxgh0st malware establishes a botnet for victim identification and exploitation in vulnerable networks, and targets files that contain confidential information, such as credentials, for various high profile applications. Threat actors deploying Androxgh0st malware have been observed exploiting specific vulnerabilities which could lead to remote code execution, including:

In response, CISA is adding these CVEs to its Known Exploited Vulnerabilities Catalog.

CISA and FBI encourage organizations to review and implement the mitigations found in the joint CSA to reduce the likelihood and impact of cybersecurity incidents caused by Androxgh0st malware. For more information, visit CISA’s Malware, Phishing, and Ransomware page.

01/16/2024 

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

  • CVE-2018-15133 Laravel Deserialization of Untrusted Data Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.


01/11/2024 

Juniper Networks has released a security advisory to address a vulnerability (CVE-2024-21611) in Junos OS and Junos OS Evolved. A cyber threat actor could exploit this vulnerability to cause a denial-of-service condition.

CISA encourages users and administrators to review the Juniper Advisory JSA75752 and apply the necessary updates.


01/11/2024 

Cisco released a security advisory to address a vulnerability (CVE-2024-20272) in Cisco Unity Connection. A cyber threat actor could exploit this vulnerability to take control of an affected system.

CISA encourages users and administrators to review the Cisco Unity Connection Unauthenticated Arbitrary File Upload Vulnerability advisory and apply the necessary updates.


01/10/2024

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

  • CVE-2024-21887 Ivanti Connect Secure and Policy Secure Command Injection Vulnerability
  • CVE-2023-46805 Ivanti Connect Secure and Policy Secure Authentication Bypass Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.


01/10/2024 

Ivanti has released a security update to address an authentication bypass vulnerability (CVE-2023-46805) and a command injection vulnerability (CVE-2024-21887) in all supported versions (9.x and 22.x) of Connect Secure and Policy Secure gateways. A cyber threat actor could exploit these vulnerabilities to take control of an affected system.

Ivanti reports active exploitation of both CVE-2023-46805 and CVE-2024-21887.

CISA urges users and administrators to immediately apply the current workaround in Ivanti’s security update and review Volexity’s blog on these vulnerabilitiesNote: CISA has added CVE-2023-46805 and CVE-2024-21887 to its Known Exploited Vulnerabilities Catalog, which, per Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the specified due date to protect FCEB networks against active threats.


01/10/2024

Fortinet has released a security update to address a vulnerability in FortiOS and FortiProxy software. A cyber threat actor could exploit this vulnerability to take control of an affected system.

CISA encourages users and administrators to review the FG-IR-23-315 FortiOS & FortiProxy – Improper authorization for HA requests security bulletin and apply necessary updates.


01/10/2024

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

  • CVE-2023-29357 Microsoft SharePoint Server Privilege Escalation Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.


01/03/2024 

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

  • CVE-2023-7024 Google Chromium WebRTC Heap Buffer Overflow Vulnerability
  • CVE-2023-7101 Spreadsheet::ParseExcel Remote Code Execution Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.


01/02/2024 

Juniper released a security advisory to address multiple vulnerabilities affecting Juniper Secure Analytics. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the Juniper advisory JSA75636 and apply the necessary updates.


12/20/2023 

Mozilla has released security updates to address vulnerabilities in Firefox and Thunderbird. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the following advisories and apply the necessary updates:


12/20/2023 11:00 AM EST

Apple has released security updates to address vulnerabilities in Safari, iOS, iPadOS, and macOS Sonoma. A cyber threat actor could exploit one of these vulnerabilities to obtain sensitive information.

CISA encourages users and administrators to review Apple security releases and apply necessary updates.


12/18/2023 

Today, the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) released a joint Cybersecurity Advisory (CSA), #StopRansomware: Play Ransomware, to disseminate Play ransomware group’s tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) identified through FBI investigations as recently as October 2023.

Play ransomware actors employ a double-extortion model, encrypting systems after exfiltrating data, and have impacted a wide range of businesses and critical infrastructure organizations in North America, South America, Europe, and Australia.

FBI, CISA, and the ASD’s ACSC encourage organizations review and implement the recommendations provided in the joint CSA to reduce the likelihood and impact of Play and other ransomware incidents. For more information, see CISA’s #StopRansomware webpage, which includes the updated #StopRansomware Guide.


12/15/2023 

Today, CISA published guidance on How Manufacturers Can Protect Customers by Eliminating Default Passwords as a part of our new Secure by Design (SbD) Alert series.

This SbD Alert urges technology manufacturers to proactively eliminate the risk of default password exploitation by implementing principles one and three of the joint guidance, Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Secure by Design Software:

  • Take ownership of customer security outcomes.
  • Build organizational structure and leadership to achieve these goals.

By implementing these two principles in their design, development, and delivery processes, software manufactures will prevent exploitation of static default passwords in their customers’ systems. CISA urges technology manufacturers to read and implement the guidance in this second SbD Alert in our new series that focuses on how vendor decisions can reduce harm at a global scale.


CISA and Partners Release Advisory on Russian SVR-affiliated Cyber Actors Exploiting CVE-2023-42793
12/13/2023 

Today, CISA—along with the U.S. Federal Bureau of Investigation (FBI), National Security Agency (NSA), Polish Military Counterintelligence Service (SKW), CERT Polska (CERT.PL), and the UK’s National Cyber Security Centre (NCSC)—released a joint Cybersecurity Advisory (CSA), Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally.

Since September 2023, Russian Foreign Intelligence Service (SVR)-affiliated cyber actors (also known as Advanced Persistent Threat 29 (APT 29), the Dukes, CozyBear, and NOBELIUM/Midnight Blizzard) have been targeting servers hosting JetBrains TeamCity software that ultimately enabled them to bypass authorization and conduct arbitrary code execution on the compromised server. The joint CSA provides information on the SVR’s most recent compromise, actionable indicators of compromise (IOCs), and SIGMA and YARA rules.

The authoring agencies encourage network defenders and organizations review the joint CSA for recommended mitigations and rules. For more information on affiliated advanced persistent threats, see CISA’s Advanced Persistent Threats and Nation-State Actors and Russia Cyber Threat Overview and Advisories webpages. For more guidance to protect against the most common and impactful threats, visit CISA’s Cross-Sector Cybersecurity Performance Goals.


Microsoft Releases Security Updates for Multiple Products
12/12/2023

Microsoft has released security updates to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review Microsoft’s December Security Update Guide and apply the necessary updates.


The Apache Software Foundation Updates Struts 2
12/12/2023 

The Apache Software Foundation has released security updates to address a vulnerability (CVE-2023-50164) in Struts 2. A remote attacker could exploit this vulnerability to take control of an affected system.

Users and administrators are encouraged to review the Apache Security Bulletin and upgrade to Struts 2.5.33 or Struts 6.3.0.2 or greater.


Adobe Releases Security Updates for Multiple Products
12/12/2023

Adobe has released security updates to address multiple vulnerabilities in Adobe software. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates:


Apple Releases Security Updates for Multiple Products
12/12/2023

Apple has released security updates for Safari, iOS and iPadOS, Sonoma, Ventura, and Monterey to address multiple vulnerabilities. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the following advisories and apply necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.


CISA Adds One Known Exploited Vulnerability to Catalog
12/12/2023

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

  • CVE-2023-6448 Unitronics Vision PLC and HMI Insecure Default Password

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.


CISA and International Partners Release Advisory on Russia-based Threat Actor Group, Star Blizzard

12/07/2023

Today, the Cybersecurity and Infrastructure Security Agency (CISA)—in coordination with the United Kingdom’s National Cyber Security Centre (UK-NCSC), Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), Canadian Centre for Cyber Security (CCCS), New Zealand National Cyber Security Centre (NCSC-NZ), and the U.S. National Security Agency (NSA), Federal Bureau of Investigation (FBI), and Cyber Command Cyber National Mission Force (CNMF)—released a joint Cybersecurity Advisory (CSA) Russian FSB Cyber Actor Star Blizzard Continues Worldwide Spear-phishing Campaigns. The joint CSA aims to raise awareness of the specific tactics, techniques, and delivery methods used by this Russia-based threat actor group to target individuals and organizations. Known Star Blizzard techniques include:

  • Impersonating known contacts’ email accounts,
  • Creating fake social media profiles,
  • Using webmail addresses from providers such as Outlook, Gmail and others, and
  • Creating malicious domains that resemble legitimate organizations.

CISA encourages network defenders and critical infrastructure organizations review the CSA to improve their cybersecurity posture and protect against similar exploitation based on threat actor activity. CISA also urges software manufacturers to incorporate secure-by-design and -default principles into their software development practices, limiting the impact of threat actor activity.

For more guidance to protect against the most common and impactful threats, visit CISA’s Cross-Sector Cybersecurity Performance Goals. For more information on secure by design, see CISA’s Secure by Design webpage.


Apple Releases Security Updates for Multiple Products
12/01/2023

Apple has released security updates to address vulnerabilities within Safari, macOS Sonoma, iOS, and iPadOS. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the following advisories and apply necessary updates:


11/21/2023 

Today, the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), Multi-State Information Sharing & Analysis Center (MS-ISAC), and Australian Signals Directorate’s Australian Cyber Security Center (ASD’s ACSC) released a joint Cybersecurity Advisory (CSA), #StopRansomware: LockBit Ransomware Affiliates Exploit CVE 2023-4966 Citrix Bleed Vulnerability (along with an accompanying analysis report MAR-10478915-1.v1 Citrix Bleed), in response to LockBit 3.0 ransomware affiliates and multiple threat actor groups exploiting CVE-2023-4966. Labeled Citrix Bleed, the vulnerability affects Citrix’s NetScaler web application delivery control (ADC) and NetScaler Gateway appliances.

Historically, LockBit affiliates have conducted attacks against organizations of varying sizes across multiple critical infrastructure sectors—including education, energy, financial services, food and agriculture, government and emergency services, healthcare, manufacturing, and transportation. The joint CSA provides tactics, techniques, and procedures (TTPs), as well as indicators of compromise (IOCs).

If compromise is detected, the authoring organizations encourage network defenders hunt for malicious activity on their networks using the detection methods and IOCs provided within the CSA and apply the incident response recommendations. Additionally, immediate application of publicly available patches is also recommended. For more information, visit StopRansomware and see the updated #StopRansomware Guide.


11/16/2023 1

Today, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released a joint Cybersecurity Advisory (CSA) on Scattered Spider—a cybercriminal group targeting commercial facilities sectors and subsectors. The advisory provides tactics, techniques, and procedures (TTPs) obtained through FBI investigations as recently as November 2023.

Scattered Spider threat actors typically engage in data theft for extortion using multiple social engineering techniques and have recently leveraged BlackCat/ALPHV ransomware alongside their usual TTPs.

FBI and CISA encourage network defenders and critical infrastructure organizations to review the joint CSA for recommended mitigations to reduce the likelihood and impact of a cyberattack by Scattered Spider actors. For more information, visit StopRansomware and see the updated #StopRansomware Guide.


11/14/2023 

VMware has released a security advisory addressing a vulnerability in VMWare Cloud Director Appliance. Cyber threat actors may exploit this vulnerability to take control of an affected system.

CISA encourages users and administrators to review the following VMware security advisory and apply the recommended updates:


11/14/2023

Fortinet has released security advisories addressing vulnerabilities in FortiClient and FortiGate. Cyber threat actors may exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the following Fortinet security advisories and apply the recommended updates:


11/14/2023

Adobe has released security updates to address vulnerabilities affecting multiple Adobe products. A cyber threat actor could exploit some of these vulnerabilities to take control of affected system.

CISA encourages users and administrators to review the following advisories and apply the necessary updates.


Microsoft Releases October 2023 Security Updates

11/14/2023 

Microsoft has released updates addressing multiple vulnerabilities in Microsoft software. A cyber threat actor can exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review Microsoft’s November 2023 Security Update Guide and apply the necessary updates.


11/14/2023 

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

  • CVE-2023-36033 Microsoft Windows Desktop Window Manager (DWM) Core Library Privilege Escalation Vulnerability
  • CVE-2023-36025 Microsoft Windows SmartScreen Security Feature Bypass Vulnerability
  • CVE-2023-36036 Microsoft Windows Cloud Files Mini Filter Driver Privilege Escalation Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view other newly added vulnerabilities in the catalog, click on the arrow in the “Date Added to Catalog” column—which will sort by descending dates.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See theBOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.


11/13/2023 

CISA has added six new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

  • CVE-2023-47246 SysAid Server Path Traversal Vulnerability
  • CVE-2023-36844 Juniper Junos OS EX Series PHP External Variable Modification Vulnerability
  • CVE-2023-36845 Juniper Junos OS EX Series and SRX Series PHP External Variable Modification Vulnerability
  • CVE-2023-36846 Juniper Junos OS SRX Series Missing Authentication for Critical Function Vulnerability
  • CVE-2023-36847 Juniper Junos OS EX Series Missing Authentication for Critical Function Vulnerability
  • CVE-2023-36851 Juniper Junos OS SRX Series Missing Authentication for Critical Function Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view other newly added vulnerabilities in the catalog, click on the arrow in the “Date Added to Catalog” column—which will sort by descending dates.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.


10/27/2023 

Apple has released security updates to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected device.

CISA encourages users and administrators to review the following advisories and apply the necessary updates:

10/25/2023

Mozilla has released security updates to address vulnerabilities in Firefox ESR 115.4 and Firefox 119. A cyber threat actor could exploit these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review Mozilla security advisories Firefox ESR 115.4 and Firefox 119 for more information and apply the necessary updates.


10/20/2023 

Today, the Cybersecurity and Infrastructure Security Agency (CISA) released a fact sheet on the effort to revise the National Cyber Incident Response Plan (NCIRP). Through the Joint Cyber Defense Collaborative (JCDC), CISA will work to ensure that the updated NCIRP addresses significant changes in policy and cyber operations since the initial NCIRP was released.

First published in 2016, the NCIRP was developed in accordance with Presidential Policy Directive 41 (PPD-41) on U.S. Cyber Incident Coordination and describes how federal government, private sector, and state, local, tribal, territorial (SLTT) government entities will organize to manage, respond to, and mitigate the consequences of significant cyber incidents.

NCIRP 2024 will address changes to the cyber threat landscape and in the nation’s cyber defense ecosystem by incorporating principles grounded in four main areas:

  • Unification
  • Shared Responsibility
  • Learning from the Past
  • Keeping Pace with Evolutions in Cybersecurity

CISA encourages all organizations to read the fact sheet and visit CISA‘s NCIRP webpage to learn about this long-term effort and stay updated on the development of the NCIRP 2024.


10/19/2023 

Today, the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released an updated version of the joint #StopRansomware Guide. The update includes new prevention tips such as hardening SMB protocols, revised response steps, and added threat hunting insights.

Developed through the U.S. Joint Ransomware Task Force (JRTF), #StopRansomware Guide is designed to be a one-stop resource to help organizations minimize the risks posed by ransomware incidents through best practices to detect, prevent, respond, and recover, including step-by-step approaches to address potential attacks.

CISA and its partners encourage organizations to implement the recommendations in the guide to reduce the likelihood and impact of ransomware incidents. For more information, visit CISA’s Stop Ransomware page.


10/18/2023 

Today, the Cybersecurity Infrastructure and Security Agency (CISA), the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint guide, Phishing Guidance: Stopping the Attack Cycle at Phase One. The joint guide outlines phishing techniques malicious actors commonly use and provides guidance for both network defenders and software manufacturers to reduce the impact of phishing techniques used in obtaining credentials and deploying malware.

CISA and its partners encourage network defenders and software manufacturers to implement the recommendations in the guide to reduce the frequency and impact of phishing incidents. For more information, see CISA’s Malware, Phishing, and Ransomware and Security-by-Design and -Defaultwebpages.


CISA, FBI, and MS-ISAC Release Joint Advisory on Atlassian Confluence Vulnerability CVE-2023-22515
10/16/2023 

Today, CISA, the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint Cybersecurity Advisory (CSA) in response to the active exploitation of CVE-2023-22515. This critical vulnerability affects certain versions of Atlassian Confluence Data Center and Server, enabling malicious threat actors to obtain initial access to Confluence instances by creating unauthorized Confluence administrator accounts.

CISA strongly encourages upgrading to a fixed version or taking servers offline to apply necessary updates. For upgrade instructions, a complete list of affected product versions, and indicators of compromise, see Atlassian’s security advisory.


10/16/2023 

Cisco released a security advisory to address a vulnerability (CVE-2023-20198) affecting IOS XE Software Web UI. A cyber threat actor can exploit this vulnerability to take control of an affected device.

CISA encourages users and administrators to review the Cisco security advisory, apply the necessary recommendations, hunt for any malicious activity and report any positive findings to CISA, and apply patches when made available.

See the following for additional guidance and resources:


10/10/2023 

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A cyber threat actor can exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review Microsoft’s October 2023 Security Update Guide and apply the necessary updates.


10/10/2023 

CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation:

  • CVE-2023-21608 Adobe Acrobat and Reader Use-After-Free Vulnerability
  • CVE-2023-20109 Cisco IOS and IOS XE Group Encrypted Transport VPN Out-of-Bounds Write Vulnerability
  • CVE-2023-41763 Microsoft Skype for Business Privilege Escalation Vulnerability
  • CVE-2023-36563 Microsoft WordPad Information Disclosure Vulnerability
  • CVE-2023-44487 HTTP/2 Rapid Reset Attack Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view other newly added vulnerabilities in the catalog, click on the arrow in the “Date Added to Catalog” column—which will sort by descending dates.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.


10/10/2023

Citrix has released security updates to address vulnerabilities affecting multiple products. A malicious cyber actor can exploit one of these vulnerabilities take control of an affected system.

CISA encourages users and administrators to review the following Citrix security bulletins and apply the necessary updates:

10/06/2023

Apple has released security updates to address vulnerabilities in iOS and iPadOS. A cyber threat actor could exploit these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the following advisory and apply the necessary updates: iOS 17.0.3 and iPadOS 17.0.3.


Sept. 19, 2023

Today, the U.S. National Security Agency (NSA), Federal Bureau of Investigation (FBI), and Cybersecurity and Infrastructure Security Agency (CISA), along with the Japan National Police Agency (NPA) and the Japan National Center of Incident Readiness and Strategy for Cybersecurity (NISC) released joint Cybersecurity Advisory (CSA) People’s Republic of China-Linked Cyber Actors Hide in Router Firmware. The CSA details activity by cyber actors, known as BlackTech, linked to the People’s Republic of China (PRC). The advisory provides BlackTech tactics, techniques, and procedures (TTPs) and urges multinational corporations to review all subsidiary connections, verify access, and consider implementing zero trust models to limit the extent of a potential BlackTech compromise.

BlackTech has demonstrated capabilities in modifying router firmware without detection and exploiting routers’ domain-trust relationships to pivot from international subsidiaries to headquarters in Japan and the United States, which are the primary targets.

CISA strongly recommends organizations review the advisory and implement the detection and mitigation techniques described to protect devices and networks. For additional guidance, see People’s Republic of China State-Sponsored Cyber Actors Exploit Network Providers and Devices and visit CISA’s China Cyber Threat Overview and Advisories page.


CISA Adds One Known Exploited Vulnerability to Catalog
Sept. 19, 2023

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view other newly added vulnerabilities in the catalog, click on the arrow in the “Date Added to Catalog” column—which will sort by descending dates.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Sept. 18, 2023

CISA has added eight new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

  • CVE-2022-22265 Samsung Mobile Devices Use-After-Free Vulnerability
  • CVE-2014-8361 Realtek SDK Improper Input Validation Vulnerability
  • CVE-2017-6884 Zyxel EMG2926 Routers Command Injection Vulnerability
  • CVE-2021-3129 Laravel Ignition File Upload Vulnerability
  • CVE-2022-31459 Owl Labs Meeting Owl Inadequate Encryption Strength Vulnerability
  • CVE-2022-31461 Owl Labs Meeting Owl Missing Authentication for Critical Function Vulnerability
  • CVE-2022-31462 Owl Labs Meeting Owl Use of Hard-coded Credentials Vulnerability
  • CVE-2022-31463 Owl Labs Meeting Owl Improper Authentication Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view other newly added vulnerabilities in the catalog, click on the arrow in the “Date Added to Catalog” column—which will sort by descending dates.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.


Sept. 12, 2023

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A cyber threat actor can exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review Microsoft’s September 2023 Security Update Guide and apply the necessary updates.


Sept. 12, 2023

Apple has released security updates to address a vulnerability in multiple products. A cyber threat actor could exploit this vulnerability to take control of an affected device.
CISA encourages users and administrators to review the following advisories and apply the necessary updates.


Sept. 12, 2023

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

  • CVE-2023-36761 Microsoft Word Information Disclosure Vulnerability
  • CVE-2023-36802 Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view other newly added vulnerabilities in the catalog, click on the arrow in the “Date Added to Catalog” column—which will sort by descending dates.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.


Sept. 12, 2023

Adobe has released security updates to address vulnerabilities affecting Adobe software. A cyber threat actor can exploit one of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates.


Sept. 7, 2023

Cisco has released security advisories to address vulnerabilities affecting multiple Cisco products. A cyber threat actor can exploit some of these vulnerabilities to take control of an affected system or cause a denial-of service condition.

CISA encourages users and administrators to review the following advisories and apply the necessary updates.


CISA Releases Update to Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells
Sept. 6, 2023

The Cybersecurity and Infrastructure Security Agency (CISA) has released an update to a previously published Cybersecurity Advisory (CSA), Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells. The CSA—originally released to warn network defenders of critical infrastructure organizations about threat actors exploiting CVE-2023-3519, an unauthenticated remote code execution (RCE) vulnerability affecting NetScaler (formerly Citrix) Application Delivery Controller (ADC) and NetScaler Gateway—contains victim information gathered in August 2023. Since July 2023, the Joint Cyber Defense Collaborative (JCDC) has facilitated continuous, real-time threat information sharing with and between partners on post-exploitation activity of CVE-2023-3519. JCDC consolidated and shared detection methods, threat actor tactics, techniques, and procedures (TTPs), and indicators of compromise (IOCs) received from industry and international partners. The updated CSA contains new TTPs as well as IOCs received from some of these partners and an additional victim.

CISA strongly urges all critical infrastructure organizations to review the advisory and follow the mitigation recommendations—such as prioritizing patching known exploited vulnerabilities like Citrix CVE-2023-3519.


VMware Releases Security Update for Tools
Sept. 1, 2023

VMware has released a security update to address a vulnerability in VMware Tools. A cyber threat actor can exploit this vulnerability to obtain sensitive information.

CISA encourages users and administrators to review VMware Security Advisory VMSA-2023-0019 and apply the necessary update.