Current Activity

CISA Releases Six Industrial Control Systems Advisories

1 day 19 hours ago

CISA released six Industrial Control Systems (ICS) advisories on November 26, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

CISA

CISA Adds One Known Exploited Vulnerability to Catalog

2 days 19 hours ago

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

  • CVE-2023-28461 Array Networks AG and vxAG ArrayOS Improper Authentication Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

CISA

CISA Adds Three Known Exploited Vulnerabilities to Catalog

6 days 19 hours ago

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

  • CVE-2024-44308 Apple Multiple Products Code Execution Vulnerability
  • CVE-2024-44309 Apple Multiple Products Cross-Site Scripting (XSS) Vulnerability
  • CVE-2024-21287 Oracle Agile Product Lifecycle Management (PLM) Incorrect Authorization Vulnerability

Users and administrators are also encouraged to review the Palo Alto Threat Brief: Operation Lunar Peek related to CVE-2024-0012, the Palo Alto Security Bulletin for CVE-2024-0012, and the Palo Alto Security Bulletin for CVE-2024-9474 for additional information. 

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

CISA

CISA Releases Seven Industrial Control Systems Advisories

6 days 19 hours ago

CISA released seven Industrial Control Systems (ICS) advisories on November 21, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

CISA

CISA Releases Insights from Red Team Assessment of a U.S. Critical Infrastructure Sector Organization

6 days 19 hours ago

Today, CISA released Enhancing Cyber Resilience: Insights from CISA Red Team Assessment of a U.S. Critical Infrastructure Sector Organization in coordination with the assessed organization. This cybersecurity advisory details lessons learned and key findings from an assessment, including the Red Team’s tactics, techniques, and procedures (TTPs) and associated network defense activity.

This advisory provides comprehensive technical details of the Red Team’s cyber threat activity, including their attack path to compromise a domain controller and human machine interface (HMI), which serves as a dashboard for operational technology (OT).

CISA encourages all critical infrastructure organizations, network defenders, and software manufacturers to review and implement the recommendations and practices to mitigate the threat posed by malicious cyber actors and to improve their cybersecurity posture.

For more information on the most common and impactful threats, tactics, techniques, and procedures, see CISA’s Cross-Sector Cybersecurity Performance Goals. To learn more about secure by design principles and practices, visit CISA’s Secure by Design webpage.

CISA

CISA and Partners Release Update to BianLian Ransomware Cybersecurity Advisory

1 week ago

Today, CISA, the Federal Bureau of Investigation (FBI), and the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) released updates to #StopRansomware: BianLian Ransomware Group on observed tactics, techniques, and procedures (TTPs) and indicators of compromise attributed to data extortion group, BianLian.

The advisory, originally published May 2023, has been updated with additional TTPs obtained through FBI and ASD’s ACSC investigations and industry threat intelligence as of June 2024.

BianLian is likely based in Russia, with Russia-based affiliates, and has affected organizations in multiple U.S. critical infrastructure sectors since June 2022. They have also targeted Australian critical infrastructure sectors, professional services, and property development.

CISA and partners encourage infrastructure organizations and small- to medium-sized organizations implement mitigations in this advisory to reduce the likelihood and impact of BianLian and other ransomware incidents. These mitigations align with the Cross-Sector Cybersecurity Performance Goals developed by CISA and the National Institute of Standards and Technology.

This advisory is part of CISA’s ongoing #StopRansomware effort. 

CISA

USDA Releases Success Story Detailing the Implementation of Phishing-Resistant Multi-Factor Authentication

1 week ago

Today, the Cybersecurity and Infrastructure Security Agency (CISA) and the U.S. Department of Agriculture (USDA) released Phishing-Resistant Multi-Factor Authentication (MFA) Success Story: USDA’s FIDO Implementation. This report details how USDA successfully implemented phishing-resistant authentication for its personnel in situations where USDA could not exclusively rely on personal identity verification (PIV) cards. 

USDA turned to Fast IDentity Online (FIDO) capabilities, a set of authentication protocols that uses cryptographic keys on user devices, to offer a secure way to authenticate user identities without passwords. USDA’s adoption of FIDO highlights the importance of organizations moving away from password authentication and adopting more secure MFA technologies. 

This report offers examples to help organizations strengthen their cybersecurity posture through use cases, recommended actions, and resources. USDA successfully implemented MFA by adopting a centralized model, making incremental improvements, and addressing specific use cases. Organizations facing challenges with phishing-resistant authentication are encouraged to review this report. 

For more information about phishing-resistant MFA, visit Phishing-Resistant MFA is Key to Peace of Mind and Implementing Phishing-Resistant MFA

CISA

CISA Adds Two Known Exploited Vulnerabilities to Catalog

1 week ago

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

  • CVE-2024-38812 VMware vCenter Server Heap-Based Buffer Overflow Vulnerability
  • CVE-2024-38813 VMware vCenter Server Privilege Escalation Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

CISA

2024 CWE Top 25 Most Dangerous Software Weaknesses

1 week ago

The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the Homeland Security Systems Engineering and Development Institute (HSSEDI), operated by MITRE, has released the 2024 CWE Top 25 Most Dangerous Software Weaknesses. This annual list identifies the most critical software weaknesses that adversaries frequently exploit to compromise systems, steal sensitive data, or disrupt essential services.

Organizations are strongly encouraged to review this list and use it to inform their software security strategies. Prioritizing these weaknesses in development and procurement processes helps prevent vulnerabilities at the core of the software lifecycle.

Addressing these weaknesses is integral to CISA’s Secure by Design and Secure by Demand initiatives, which advocate for building and procuring secure technology solutions:

  • Secure by Design: Encourages software manufacturers to implement security best practices throughout the design and development phases. By proactively addressing common weaknesses found in the CWE Top 25, manufacturers can deliver inherently secure products that reduce risk to end users. Learn more about Secure by Design here.
  • Secure by Demand: Provides guidelines for organizations to drive security improvements when procuring software. Leveraging the CWE Top 25, customers can establish security expectations and ensure that their software vendors are committed to mitigating high-risk weaknesses from the outset. Explore how you can integrate Secure by Demand principles here.

Recommendations for Stakeholders:

  • For Developers and Product Teams: Review the 2024 CWE Top 25 to identify high-priority weaknesses and adopt Secure by Design practices in your development processes.
  • For Security Teams: Incorporate the CWE Top 25 into your vulnerability management and application security testing practices to assess and mitigate the most critical weaknesses.
  • For Procurement and Risk Managers: Use the CWE Top 25 as a benchmark when evaluating vendors, and apply Secure by Demand guidelines to ensure that your organization is investing in secure products.

By following CISA’s initiatives, organizations can reduce vulnerabilities and strengthen application and infrastructure security. Incorporating the 2024 CWE Top 25 into cybersecurity and procurement strategies will enhance overall resilience.

For further details, refer to the full 2024 CWE Top 25 list here.

CISA

CISA Adds Three Known Exploited Vulnerabilities to Catalog

1 week 2 days ago

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

  • CVE-2024-1212 Progress Kemp LoadMaster OS Command Injection Vulnerability
  • CVE-2024-0012 Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability
  • CVE-2024-9474 Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability

Users and administrators are also encouraged to review the Palo Alto Threat Brief: Operation Lunar Peek related to CVE-2024-0012, the Palo Alto Security Bulletin for CVE-2024-0012, and the Palo Alto Security Bulletin for CVE-2024-9474 for additional information. 

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

CISA

CISA Adds Two Known Exploited Vulnerabilities to Catalog

1 week 6 days ago

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

  • CVE-2024-9463 Palo Alto Networks Expedition OS Command Injection Vulnerability
  • CVE-2024-9465 Palo Alto Networks Expedition SQL Injection Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

CISA

CISA Releases Nineteen Industrial Control Systems Advisories

1 week 6 days ago

CISA released nineteen Industrial Control Systems (ICS) advisories on November 14, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

CISA

Palo Alto Networks Emphasizes Hardening Guidance

2 weeks ago

Updated November 15, 2024

Palo Alto Networks (PAN) has updated their informational bulletin, noting they "observed threat activity exploiting an unauthenticated remote command execution vulnerability against a limited number of firewall management interfaces which are exposed to the Internet."

CISA continues to urge users and administrators to review the following for more information, follow PAN’s guidance for hardening network devices, review PAN’s instruction for accessing organization’s scan results for internet-facing management interfaces, and take immediate action if required:

End of Update

Palo Alto Networks (PAN) has released an important informational bulletin on securing management interfaces after becoming aware of claims of an unverified remote code execution vulnerability via the PAN-OS management interface.

CISA urges users and administrators to review the following for more information, follow PAN’s guidance for hardening network devices, review PAN’s instruction for accessing organization’s scan results for internet-facing management interfaces, and take immediate action if required:

CISA

Adobe Releases Security Updates for Multiple Products

2 weeks 1 day ago

Adobe released security updates to address multiple vulnerabilities in Adobe software. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.    

CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates:  

CISA

Fortinet Releases Security Updates for Multiple Products

2 weeks 1 day ago

Fortinet has released security updates to address vulnerabilities in multiple products, including FortiOS. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the following advisories and apply necessary updates:

CISA

CISA Adds Five Known Exploited Vulnerabilities to Catalog

2 weeks 1 day ago

CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

  • CVE-2021-26086 Atlassian Jira Server and Data Center Path Traversal Vulnerability
  • CVE-2014-2120 Cisco Adaptive Security Appliance (ASA) Cross-Site Scripting (XSS) Vulnerability
  • CVE-2021-41277 Metabase GeoJSON API Local File Inclusion Vulnerability
  • CVE-2024-43451 Microsoft Windows NTLMv2 Hash Disclosure Spoofing Vulnerability
  • CVE-2024-49039 Microsoft Windows Task Scheduler Privilege Escalation Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

CISA

Citrix Releases Security Updates for NetScaler and Citrix Session Recording

2 weeks 1 day ago

Citrix released security updates to address multiple vulnerabilities in NetScaler ADC, NetScaler Gateway, and Citrix Session Recording. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.  

 CISA encourages users and administrators to review the following and apply necessary updates:   

CISA
Checked
4 minutes 22 seconds ago
Subscribe to Current Activity feed