US-Cert Current Activity

Subscribe to US-Cert Current Activity feed
Updated: 53 min 50 sec ago

CISA Releases Insights from Red Team Assessment of a U.S. Critical Infrastructure Sector Organization

14 hours 16 min ago

Today, CISA released Enhancing Cyber Resilience: Insights from CISA Red Team Assessment of a U.S. Critical Infrastructure Sector Organization in coordination with the assessed organization. This cybersecurity advisory details lessons learned and key findings from an assessment, including the Red Team’s tactics, techniques, and procedures (TTPs) and associated network defense activity.

This advisory provides comprehensive technical details of the Red Team’s cyber threat activity, including their attack path to compromise a domain controller and human machine interface (HMI), which serves as a dashboard for operational technology (OT).

CISA encourages all critical infrastructure organizations, network defenders, and software manufacturers to review and implement the recommendations and practices to mitigate the threat posed by malicious cyber actors and to improve their cybersecurity posture.

For more information on the most common and impactful threats, tactics, techniques, and procedures, see CISA’s Cross-Sector Cybersecurity Performance Goals. To learn more about secure by design principles and practices, visit CISA’s Secure by Design webpage.

Categories: US-CERT Feed

CISA Releases Seven Industrial Control Systems Advisories

14 hours 16 min ago

CISA released seven Industrial Control Systems (ICS) advisories on November 21, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

Categories: US-CERT Feed

CISA Adds Three Known Exploited Vulnerabilities to Catalog

14 hours 16 min ago

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

  • CVE-2024-44308 Apple Multiple Products Code Execution Vulnerability
  • CVE-2024-44309 Apple Multiple Products Cross-Site Scripting (XSS) Vulnerability
  • CVE-2024-21287 Oracle Agile Product Lifecycle Management (PLM) Incorrect Authorization Vulnerability

Users and administrators are also encouraged to review the Palo Alto Threat Brief: Operation Lunar Peek related to CVE-2024-0012, the Palo Alto Security Bulletin for CVE-2024-0012, and the Palo Alto Security Bulletin for CVE-2024-9474 for additional information. 

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Categories: US-CERT Feed

CISA and Partners Release Update to BianLian Ransomware Cybersecurity Advisory

Wed, 11/20/2024 - 7:00am

Today, CISA, the Federal Bureau of Investigation (FBI), and the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) released updates to #StopRansomware: BianLian Ransomware Group on observed tactics, techniques, and procedures (TTPs) and indicators of compromise attributed to data extortion group, BianLian.

The advisory, originally published May 2023, has been updated with additional TTPs obtained through FBI and ASD’s ACSC investigations and industry threat intelligence as of June 2024.

BianLian is likely based in Russia, with Russia-based affiliates, and has affected organizations in multiple U.S. critical infrastructure sectors since June 2022. They have also targeted Australian critical infrastructure sectors, professional services, and property development.

CISA and partners encourage infrastructure organizations and small- to medium-sized organizations implement mitigations in this advisory to reduce the likelihood and impact of BianLian and other ransomware incidents. These mitigations align with the Cross-Sector Cybersecurity Performance Goals developed by CISA and the National Institute of Standards and Technology.

This advisory is part of CISA’s ongoing #StopRansomware effort. 

Categories: US-CERT Feed

Apple Releases Security Updates for Multiple Products

Wed, 11/20/2024 - 7:00am

Apple released security updates to address vulnerabilities in multiple Apple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the following advisories and apply necessary updates:

Categories: US-CERT Feed

2024 CWE Top 25 Most Dangerous Software Weaknesses

Wed, 11/20/2024 - 7:00am

The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the Homeland Security Systems Engineering and Development Institute (HSSEDI), operated by MITRE, has released the 2024 CWE Top 25 Most Dangerous Software Weaknesses. This annual list identifies the most critical software weaknesses that adversaries frequently exploit to compromise systems, steal sensitive data, or disrupt essential services.

Organizations are strongly encouraged to review this list and use it to inform their software security strategies. Prioritizing these weaknesses in development and procurement processes helps prevent vulnerabilities at the core of the software lifecycle.

Addressing these weaknesses is integral to CISA’s Secure by Design and Secure by Demand initiatives, which advocate for building and procuring secure technology solutions:

  • Secure by Design: Encourages software manufacturers to implement security best practices throughout the design and development phases. By proactively addressing common weaknesses found in the CWE Top 25, manufacturers can deliver inherently secure products that reduce risk to end users. Learn more about Secure by Design here.
  • Secure by Demand: Provides guidelines for organizations to drive security improvements when procuring software. Leveraging the CWE Top 25, customers can establish security expectations and ensure that their software vendors are committed to mitigating high-risk weaknesses from the outset. Explore how you can integrate Secure by Demand principles here.

Recommendations for Stakeholders:

  • For Developers and Product Teams: Review the 2024 CWE Top 25 to identify high-priority weaknesses and adopt Secure by Design practices in your development processes.
  • For Security Teams: Incorporate the CWE Top 25 into your vulnerability management and application security testing practices to assess and mitigate the most critical weaknesses.
  • For Procurement and Risk Managers: Use the CWE Top 25 as a benchmark when evaluating vendors, and apply Secure by Demand guidelines to ensure that your organization is investing in secure products.

By following CISA’s initiatives, organizations can reduce vulnerabilities and strengthen application and infrastructure security. Incorporating the 2024 CWE Top 25 into cybersecurity and procurement strategies will enhance overall resilience.

For further details, refer to the full 2024 CWE Top 25 list here.

Categories: US-CERT Feed

CISA Adds Two Known Exploited Vulnerabilities to Catalog

Wed, 11/20/2024 - 7:00am

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

  • CVE-2024-38812 VMware vCenter Server Heap-Based Buffer Overflow Vulnerability
  • CVE-2024-38813 VMware vCenter Server Privilege Escalation Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Categories: US-CERT Feed

USDA Releases Success Story Detailing the Implementation of Phishing-Resistant Multi-Factor Authentication

Wed, 11/20/2024 - 7:00am

Today, the Cybersecurity and Infrastructure Security Agency (CISA) and the U.S. Department of Agriculture (USDA) released Phishing-Resistant Multi-Factor Authentication (MFA) Success Story: USDA’s FIDO Implementation. This report details how USDA successfully implemented phishing-resistant authentication for its personnel in situations where USDA could not exclusively rely on personal identity verification (PIV) cards. 

USDA turned to Fast IDentity Online (FIDO) capabilities, a set of authentication protocols that uses cryptographic keys on user devices, to offer a secure way to authenticate user identities without passwords. USDA’s adoption of FIDO highlights the importance of organizations moving away from password authentication and adopting more secure MFA technologies. 

This report offers examples to help organizations strengthen their cybersecurity posture through use cases, recommended actions, and resources. USDA successfully implemented MFA by adopting a centralized model, making incremental improvements, and addressing specific use cases. Organizations facing challenges with phishing-resistant authentication are encouraged to review this report. 

For more information about phishing-resistant MFA, visit Phishing-Resistant MFA is Key to Peace of Mind and Implementing Phishing-Resistant MFA

Categories: US-CERT Feed

CISA Releases One Industrial Control Systems Advisory

Tue, 11/19/2024 - 7:00am

CISA released one Industrial Control Systems (ICS) advisory on November 19, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

Categories: US-CERT Feed

CISA Adds Three Known Exploited Vulnerabilities to Catalog

Mon, 11/18/2024 - 7:00am

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

  • CVE-2024-1212 Progress Kemp LoadMaster OS Command Injection Vulnerability
  • CVE-2024-0012 Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability
  • CVE-2024-9474 Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability

Users and administrators are also encouraged to review the Palo Alto Threat Brief: Operation Lunar Peek related to CVE-2024-0012 for additional information. 

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Categories: US-CERT Feed

CISA Adds Two Known Exploited Vulnerabilities to Catalog

Thu, 11/14/2024 - 7:00am

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

  • CVE-2024-9463 Palo Alto Networks Expedition OS Command Injection Vulnerability
  • CVE-2024-9465 Palo Alto Networks Expedition SQL Injection Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Categories: US-CERT Feed

CISA Releases Nineteen Industrial Control Systems Advisories

Thu, 11/14/2024 - 7:00am

CISA released nineteen Industrial Control Systems (ICS) advisories on November 14, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

Categories: US-CERT Feed

Palo Alto Networks Emphasizes Hardening Guidance

Wed, 11/13/2024 - 7:00am

Palo Alto Networks (PAN) has released an important informational bulletin on securing management interfaces after becoming aware of claims of an unverified remote code execution vulnerability via the PAN-OS management interface.

CISA urges users and administrators to review the following for more information, follow PAN’s guidance for hardening network devices, review PAN’s instruction for accessing organization’s scan results for internet-facing management interfaces, and take immediate action if required:

Categories: US-CERT Feed

Fortinet Releases Security Updates for Multiple Products

Tue, 11/12/2024 - 7:00am

Fortinet has released security updates to address vulnerabilities in multiple products, including FortiOS. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the following advisories and apply necessary updates:

Categories: US-CERT Feed

Microsoft Releases November 2024 Security Updates

Tue, 11/12/2024 - 7:00am

Microsoft released security updates to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the following and apply necessary updates:

Categories: US-CERT Feed

Adobe Releases Security Updates for Multiple Products

Tue, 11/12/2024 - 7:00am

Adobe released security updates to address multiple vulnerabilities in Adobe software. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.    

CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates:  

Categories: US-CERT Feed

Ivanti Releases Security Updates for Multiple Products

Tue, 11/12/2024 - 7:00am

Ivanti released security updates to address vulnerabilities in Ivanti Endpoint Manager (EPM), Ivanti Avalanche, Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti Security Access Client.

CISA encourages users and administrators to review the following Ivanti security advisories and apply the necessary guidance and updates:

Categories: US-CERT Feed

CISA Adds Five Known Exploited Vulnerabilities to Catalog

Tue, 11/12/2024 - 7:00am

CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

  • CVE-2021-26086 Atlassian Jira Server and Data Center Path Traversal Vulnerability
  • CVE-2014-2120 Cisco Adaptive Security Appliance (ASA) Cross-Site Scripting (XSS) Vulnerability
  • CVE-2021-41277 Metabase GeoJSON API Local File Inclusion Vulnerability
  • CVE-2024-43451 Microsoft Windows NTLMv2 Hash Disclosure Spoofing Vulnerability
  • CVE-2024-49039 Microsoft Windows Task Scheduler Privilege Escalation Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Categories: US-CERT Feed

JCDC’s Collaborative Efforts Enhance Cybersecurity for the 2024 Olympic and Paralympic Games

Tue, 11/12/2024 - 7:00am

The Cybersecurity and Infrastructure Security Agency (CISA), through the Joint Cyber Defense Collaborative (JCDC), enabled proactive coordination and information sharing to bolster cybersecurity ahead of the 2024 Olympic and Paralympic Games in Paris. Recognizing the potential for cyber threats targeting the Games, CISA worked to strengthen U.S. private sector ties and facilitate connections with key French counterparts to promote collective defense measures.

Utilizing its role as a key facilitator between public and private sector partners, JCDC established monitoring channels and launched cyber threat information-sharing forums to prepare for significant incidents. Throughout the Games, JCDC industry partners remained vigilant, promptly alerting CISA to any potential impacts on Olympic and Paralympic activities. This allowed CISA to provide prompt updates and share critical information with the French Agence Nationale de la Sécurité des Systèmes d'Information to aid swift response efforts.

This collaboration underscores JCDC’s essential role in uniting global partners to defend against cyber challenges that threaten national security and international events. The partnership highlights the value of voluntary information sharing to build trust and strengthen the protection of critical infrastructure in an evolving threat landscape. For more information about JCDC’s initiatives, visit the JCDC Success Stories webpage and CISA.gov/JCDC

Categories: US-CERT Feed

Citrix Releases Security Updates for NetScaler and Citrix Session Recording

Tue, 11/12/2024 - 7:00am

Citrix released security updates to address multiple vulnerabilities in NetScaler ADC, NetScaler Gateway, and Citrix Session Recording. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.  

 CISA encourages users and administrators to review the following and apply necessary updates:   

Categories: US-CERT Feed

Pages