Current Activity

ASD’s ACSC, CISA, FBI, NSA, and International Partners Release Guidance on Principles of OT Cybersecurity for Critical Infrastructure Organizations

1 month 3 weeks ago

Today, the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC)—in partnership with CISA, U.S. government and international partners—released the guide Principles of Operational Technology Cybersecurity. This guidance provides critical information on how to create and maintain a safe, secure operational technology (OT) environment.

The six principles outlined in this guide are intended to aid organizations in identifying how business decisions may adversely impact the cybersecurity of OT and the specific risks associated with those decisions. Filtering decisions that impact the security of OT will enhance the comprehensive decision-making that promotes security and business continuity.

CISA encourages critical infrastructure organizations review the best practices and implement recommended actions which can help ensure the proper cybersecurity controls are in place to reduce residual risk in OT decisions.

For more information on OT cybersecurity, review our Industrial Control Systems page and the Joint Cybersecurity Advisory Immediate Actions to Reduce Exposure Across Operational Technologies and Control Systems to help critical infrastructure organizations manage and enhance their OT cybersecurity.

CISA

CISA Releases Two Industrial Control Systems Advisories

1 month 3 weeks ago

CISA released two Industrial Control Systems (ICS) advisories on October 1, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

CISA

CISA’s VDP Platform 2023 Annual Report Showcases Success

1 month 3 weeks ago

Today, the Cybersecurity and Infrastructure Security Agency (CISA) released its Vulnerability Disclosure Policy (VDP) Platform 2023 Annual Report, highlighting the service’s remarkable success in 2023, its second full year of operation. Throughout 2023, CISA focused on advocating for the increased agency adoption of the VDP Platform, supporting federal civilian executive branch (FCEB) agencies in identifying vulnerabilities in their systems, and engaging the public security researcher community.

Public security researchers play a vital role in securing our federal government's networks. As part of CISA's persistent and ongoing collaboration with the public security researcher community, CISA issued Binding Operational Directive (BOD) 20-01 in 2020, which requires every FCEB agency to establish a VDP. These VDPs follow industry and community best practices, including giving authorization to participating public security researchers and committing to not pursue legal action for good-faith research. 

CISA's VDP Platform complements BOD 20-01 by giving FCEB agencies an easy way to establish a VDP and to engage with public security researchers. CISA appreciates the contributions by thousands of public security researchers to date and looks forward to continuing to further broaden this collaboration in the future.

To learn more about the VDP Platform, please visit the Vulnerability Disclosure Policy (VDP) Platform webpage and view the VDP 101 video on CISA’s YouTube channel.

CISA

CISA Adds Four Known Exploited Vulnerabilities to Catalog

1 month 3 weeks ago

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

  • CVE-2023-25280 D-Link DIR-820 Router OS Command Injection Vulnerability
  • CVE-2020-15415 DrayTek Multiple Vigor Routers OS Command Injection Vulnerability
  • CVE-2021-4043 Motion Spell GPAC Null Pointer Dereference Vulnerability
  • CVE-2019-0344 SAP Commerce Cloud Deserialization of Untrusted Data Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

CISA

Cisco Releases Security Updates for IOS and IOS XE Software

2 months ago

Cisco released its September 2024 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication to address vulnerabilities in IOS and IOS XE. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.  

CISA encourages users and administrators to review the following and apply the necessary updates: 

CISA

CISA Releases Five Industrial Control Systems Advisories

2 months ago

CISA released five Industrial Control Systems (ICS) advisories on September 26, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

CISA

ASD’s ACSC, CISA, and US and International Partners Release Guidance on Detecting and Mitigating Active Directory Compromises

2 months ago

Today, the Australian Signals Directorate Australian Cyber Security Centre (ASD ACSC), the Cybersecurity and Infrastructure Security Agency (CISA), and other U.S. and international partners released the joint guide Detecting and Mitigating Active Directory Compromises. This guide informs organizations of recommended strategies to mitigate common techniques used by malicious actors to compromise Active Directory.

Active Directory is the most widely used authentication and authorization solution in enterprise information technology (IT) networks globally. Malicious actors routinely target Active Directory as part of efforts to compromise enterprise IT networks by escalating privileges and targeting the highest confidential user objects.  

Responding to and recovering from malicious activity involving Active Directory can be consuming, costly, and disruptive. CISA encourages organizations review the guidance and implement the recommended mitigations to improve Active Directory security.

To learn more about taking a top-down approach to developing secure products, visit CISA’s Secure by Design webpage. 

CISA

CISA Warns of Hurricane-Related Scams

2 months ago

As Hurricane Helene approaches, CISA urges users to remain on alert for potential malicious cyber activity. Fraudulent emails and social media messages—often containing malicious links or attachments—are common after major natural disasters. Exercise caution in handling emails with hurricane-related subject lines, attachments, or hyperlinks. In addition, be wary of social media pleas, texts, or door-to-door solicitations relating to severe weather events. 

CISA encourages users to review the following resources to avoid falling victim to malicious cyber activity: 

CISA

Threat Actors Continue to Exploit OT/ICS through Unsophisticated Means

2 months ago

CISA continues to respond to active exploitation of internet-accessible operational technology (OT) and industrial control systems (ICS) devices, including those in the Water and Wastewater Systems (WWS) Sector. Exposed and vulnerable OT/ICS systems may allow cyber threat actors to use default credentials, conduct brute force attacks, or use other unsophisticated methods to access these devices and cause harm.   

CISA urges OT/ICS operators in critical infrastructure sectors to apply the recommendations listed in Defending OT Operations Against Ongoing Pro-Russia Hacktivist Activity to defend against this activity. To learn more about secure by design principles and practices, visit CISA's Secure by Design webpage. For more information and guidance on protection against the most common and impactful threats, tactics, techniques, and procedures, visit CISA’s Cross-Sector Cybersecurity Performance Goals.

CISA

CISA Adds One Known Exploited Vulnerability to Catalog

2 months ago

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

  • CVE-2024-7593 Ivanti Virtual Traffic Manager Authentication Bypass Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

CISA

CISA Releases Eight Industrial Control Systems Advisories

2 months ago

CISA released eight Industrial Control Systems (ICS) advisories on September 24, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

CISA

Versa Networks Releases Advisory for a Vulnerability in Versa Director, CVE-2024-45229

2 months 1 week ago

Versa Networks has released an advisory for a vulnerability (CVE-2024-45229) affecting Versa Director. A cyber threat actor could exploit this vulnerability to exercise unauthorized REST APIs.

CISA urges organizations to apply necessary updates, hunt for any malicious activity, report any positive findings to CISA, and review the following for more information:

CISA

Ivanti Releases Admin Bypass Security Update for Cloud Services Appliance

2 months 1 week ago

Ivanti has released a security update to address an admin bypass vulnerability (CVE-2024-8963) affecting Ivanti Cloud Services Appliance (CSA) version 4.6.  A cyber threat actor could exploit this vulnerability in conjunction with CVE-2024-8190–detailed in a Sept. 13 Ivanti security advisory–to take control of an affected system. This vulnerability impacts all versions prior to patch 519.

Ivanti has confirmed limited exploitation and recommends that users upgrade to CSA version 5.0, as version 4.6 is end-of-life and no longer supported. CISA urges users and administrators review the Ivanti security advisory and apply the necessary updates. 

Note: CISA has added CVE-2024-8963 to its Known Exploited Vulnerabilities Catalog, which, per Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the specified due date to protect FCEB networks against active threats.  
 

CISA

CISA Releases Six Industrial Control Systems Advisories

2 months 1 week ago

CISA released six Industrial Control Systems (ICS) advisories on September 19, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

CISA

CISA Adds Five Known Exploited Vulnerabilities to Catalog

2 months 1 week ago

CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

  • CVE-2024-27348 Apache HugeGraph-Server Improper Access Control Vulnerability
  • CVE-2020-0618 Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability
  • CVE-2019-1069 Microsoft Windows Task Scheduler Privilege Escalation Vulnerability
  • CVE-2022-21445 Oracle JDeveloper Remote Code Execution Vulnerability
  • CVE-2020-14644 Oracle WebLogic Server Remote Code Execution Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

CISA

Apple Releases Security Updates for Multiple Products

2 months 1 week ago

Apple released security updates to address vulnerabilities in multiple Apple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. 

CISA encourages users and administrators to review the following advisories and apply necessary updates:

CISA

CISA Releases Three Industrial Control Systems Advisories

2 months 1 week ago

CISA released three Industrial Control Systems (ICS) advisories on September 17, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

CISA

CISA Adds Four Known Exploited Vulnerabilities to Catalog

2 months 1 week ago

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

  • CVE-2014-0497 Adobe Flash Player Integer Underflow Vulnerability
  • CVE-2013-0643 Adobe Flash Player Incorrect Default Permissions Vulnerability
  • CVE-2013-0648 Adobe Flash Player Code Execution Vulnerability
  • CVE-2014-0502 Adobe Flash Player Double Free Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

CISA
Checked
2 hours 17 minutes ago
Subscribe to Current Activity feed