Current Activity

Today, the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC)—in partnership with CISA, U.S. government and international partners—released the guide Principles of Operational Technology Cybersecurity. This guidance provides critical information on how to create and maintain a safe, secure operational technology (OT) environment.

The six principles outlined in this guide are intended to aid organizations in identifying how business decisions may adversely impact the cybersecurity of OT and the specific risks associated with those decisions. Filtering decisions that impact the security of OT will enhance the comprehensive decision-making that promotes security and business continuity.

CISA encourages critical infrastructure organizations review the best practices and implement recommended actions which can help ensure the proper cybersecurity controls are in place to reduce residual risk in OT decisions.

For more information on OT cybersecurity, review our Industrial Control Systems page and the Joint Cybersecurity Advisory Immediate Actions to Reduce Exposure Across Operational Technologies and Control Systems to help critical infrastructure organizations manage and enhance their OT cybersecurity.

CISA released two Industrial Control Systems (ICS) advisories on October 1, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-24-275-01 Optigo Networks ONS-S8 Spectra Aggregation Switch
• ICSA-24-275-02 Mitsubishi Electric MELSEC iQ-F FX5-OPC

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

Today, the Cybersecurity and Infrastructure Security Agency (CISA) released its Vulnerability Disclosure Policy (VDP) Platform 2023 Annual Report, highlighting the service’s remarkable success in 2023, its second full year of operation. Throughout 2023, CISA focused on advocating for the increased agency adoption of the VDP Platform, supporting federal civilian executive branch (FCEB) agencies in identifying vulnerabilities in their systems, and engaging the public security researcher community.

Public security researchers play a vital role in securing our federal government's networks. As part of CISA's persistent and ongoing collaboration with the public security researcher community, CISA issued Binding Operational Directive (BOD) 20-01 in 2020, which requires every FCEB agency to establish a VDP. These VDPs follow industry and community best practices, including giving authorization to participating public security researchers and committing to not pursue legal action for good-faith research. 

CISA's VDP Platform complements BOD 20-01 by giving FCEB agencies an easy way to establish a VDP and to engage with public security researchers. CISA appreciates the contributions by thousands of public security researchers to date and looks forward to continuing to further broaden this collaboration in the future.

To learn more about the VDP Platform, please visit the Vulnerability Disclosure Policy (VDP) Platform webpage and view the VDP 101 video on CISA’s YouTube channel.

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2023-25280 D-Link DIR-820 Router OS Command Injection Vulnerability
• CVE-2020-15415 DrayTek Multiple Vigor Routers OS Command Injection Vulnerability
• CVE-2021-4043 Motion Spell GPAC Null Pointer Dereference Vulnerability
• CVE-2019-0344 SAP Commerce Cloud Deserialization of Untrusted Data Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Cisco released its September 2024 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication to address vulnerabilities in IOS and IOS XE. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.  

CISA encourages users and administrators to review the following and apply the necessary updates: 

• September 2024 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication

CISA released five Industrial Control Systems (ICS) advisories on September 26, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-24-270-01 Advantech ADAM-5550
• ICSA-24-270-02 Advantech ADAM-5630
• ICSA-24-270-03 Atelmo Atemio AM 520 HD Full HD Satellite Receiver
• ICSA-24-270-04 goTenna Pro X and Pro X2
• ICSA-24-270-05 goTenna Pro ATAK Plugin

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

Today, the Australian Signals Directorate Australian Cyber Security Centre (ASD ACSC), the Cybersecurity and Infrastructure Security Agency (CISA), and other U.S. and international partners released the joint guide Detecting and Mitigating Active Directory Compromises. This guide informs organizations of recommended strategies to mitigate common techniques used by malicious actors to compromise Active Directory.

Active Directory is the most widely used authentication and authorization solution in enterprise information technology (IT) networks globally. Malicious actors routinely target Active Directory as part of efforts to compromise enterprise IT networks by escalating privileges and targeting the highest confidential user objects.  

Responding to and recovering from malicious activity involving Active Directory can be consuming, costly, and disruptive. CISA encourages organizations review the guidance and implement the recommended mitigations to improve Active Directory security.

To learn more about taking a top-down approach to developing secure products, visit CISA’s Secure by Design webpage. 

Citrix released security updates to address multiple vulnerabilities in XenServer and Citrix Hypervisor. A cyber threat actor could exploit some of these vulnerabilities to cause a denial of service condition. 

CISA encourages users and administrators to review the following and apply necessary updates: 

• XenServer and Citrix Hypervisor Security Update for CVE-2024-45817

As Hurricane Helene approaches, CISA urges users to remain on alert for potential malicious cyber activity. Fraudulent emails and social media messages—often containing malicious links or attachments—are common after major natural disasters. Exercise caution in handling emails with hurricane-related subject lines, attachments, or hyperlinks. In addition, be wary of social media pleas, texts, or door-to-door solicitations relating to severe weather events. 

CISA encourages users to review the following resources to avoid falling victim to malicious cyber activity: 

• Federal Trade Commission’s Staying Alert to Disaster-related Scams and Before Giving to a Charity, 

• Consumer Financial Protection Bureau's Frauds and scams, and 

• CISA’s Phishing Guidance, Stopping the Attack Cycle at Phase One to help organizations reduce likelihood and impact of successful phishing attacks. 

CISA continues to respond to active exploitation of internet-accessible operational technology (OT) and industrial control systems (ICS) devices, including those in the Water and Wastewater Systems (WWS) Sector. Exposed and vulnerable OT/ICS systems may allow cyber threat actors to use default credentials, conduct brute force attacks, or use other unsophisticated methods to access these devices and cause harm.   

CISA urges OT/ICS operators in critical infrastructure sectors to apply the recommendations listed in Defending OT Operations Against Ongoing Pro-Russia Hacktivist Activity to defend against this activity. To learn more about secure by design principles and practices, visit CISA's Secure by Design webpage. For more information and guidance on protection against the most common and impactful threats, tactics, techniques, and procedures, visit CISA’s Cross-Sector Cybersecurity Performance Goals.

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2024-7593 Ivanti Virtual Traffic Manager Authentication Bypass Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

CISA released eight Industrial Control Systems (ICS) advisories on September 24, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-24-268-01 OPW Fuel Management Systems SiteSentinel
• ICSA-24-268-02 Alisonic Sibylla
• ICSA-24-268-03 Franklin Fueling Systems TS-550 EVO
• ICSA-24-268-04 Dover Fueling Solutions ProGauge MAGLINK LX CONSOLE
• ICSA-24-268-05 Moxa MXview One
• ICSA-24-268-06 OMNTEC Proteus Tank Monitoring
   
• ICSA-24-156-01 Uniview NVR301-04S2-P4 (Update A)
• ICSA-19-274-01 Interpeak IPnet TCP/IP Stack (Update E)

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

Versa Networks has released an advisory for a vulnerability (CVE-2024-45229) affecting Versa Director. A cyber threat actor could exploit this vulnerability to exercise unauthorized REST APIs.

CISA urges organizations to apply necessary updates, hunt for any malicious activity, report any positive findings to CISA, and review the following for more information:

• Versa Advisory

Ivanti has released a security update to address an admin bypass vulnerability (CVE-2024-8963) affecting Ivanti Cloud Services Appliance (CSA) version 4.6.  A cyber threat actor could exploit this vulnerability in conjunction with CVE-2024-8190–detailed in a Sept. 13 Ivanti security advisory–to take control of an affected system. This vulnerability impacts all versions prior to patch 519.

Ivanti has confirmed limited exploitation and recommends that users upgrade to CSA version 5.0, as version 4.6 is end-of-life and no longer supported. CISA urges users and administrators review the Ivanti security advisory and apply the necessary updates. 

Note: CISA has added CVE-2024-8963 to its Known Exploited Vulnerabilities Catalog, which, per Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the specified due date to protect FCEB networks against active threats.  
 

VMware released a security advisory addressing vulnerabilities in the VMware Cloud Foundation and the vCenter Server. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the following VMware security advisory and apply the necessary updates:

• VCDSA24968

CISA released six Industrial Control Systems (ICS) advisories on September 19, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-24-263-01 Rockwell Automation RSLogix 5 and RSLogix 500
• ICSA-24-263-02 IDEC PLCs
• ICSA-24-263-03 IDEC CORPORATION WindLDR and WindO/I-NV4
• ICSA-24-263-04 MegaSys Computer Technologies Telenium Online Web Application
• ICSA-24-263-05 Kastle Systems Access Control System
   
• ICSA-20-168-01 Treck TCP/IP (Update I)

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2024-27348 Apache HugeGraph-Server Improper Access Control Vulnerability
• CVE-2020-0618 Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability
• CVE-2019-1069 Microsoft Windows Task Scheduler Privilege Escalation Vulnerability
• CVE-2022-21445 Oracle JDeveloper Remote Code Execution Vulnerability
• CVE-2020-14644 Oracle WebLogic Server Remote Code Execution Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Apple released security updates to address vulnerabilities in multiple Apple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. 

CISA encourages users and administrators to review the following advisories and apply necessary updates:

• iOS 18 and iPadOS 18
• iOS 17.7 and iPadOS 17.7
• Safari 18
• macOS Sequoia 15
• macOS Sonoma 14.7
• macOS Ventura 13.7
• tvOS 18
• watchOS 11
• visionOS 2
• Xcode 16

CISA released three Industrial Control Systems (ICS) advisories on September 17, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-24-261-01 Siemens SIMATIC S7-200 SMART Devices
• ICSA-24-261-02 Millbeck Communications Proroute H685t-w
• ICSA-24-261-03 Yokogawa Dual-redundant Platform for Computer (PC2CKM)

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2014-0497 Adobe Flash Player Integer Underflow Vulnerability
• CVE-2013-0643 Adobe Flash Player Incorrect Default Permissions Vulnerability
• CVE-2013-0648 Adobe Flash Player Code Execution Vulnerability
• CVE-2014-0502 Adobe Flash Player Double Free Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.