US-Cert Current Activity

Subscribe to US-Cert Current Activity feed
Updated: 57 min 26 sec ago

Fortinet Releases Security Updates for FortiManager

Fri, 12/20/2024 - 7:00am

Fortinet released a security update to address a vulnerability in FortiManager. A remote cyber threat actor could exploit this vulnerability to take control of an affected system.

Users and administrators are encouraged to review the following Fortinet Security Bulletin and apply the necessary updates:

Categories: US-CERT Feed

CISA Adds One Known Exploited Vulnerability to Catalog

Thu, 12/19/2024 - 7:00am

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

  • CVE-2024-12356 BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) Command Injection Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Categories: US-CERT Feed

CISA Releases Eight Industrial Control Systems Advisories

Thu, 12/19/2024 - 7:00am

CISA released eight Industrial Control Systems (ICS) advisories on December 19, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

Categories: US-CERT Feed

CISA Releases Best Practice Guidance for Mobile Communications

Wed, 12/18/2024 - 7:00am

Today, CISA released Mobile Communications Best Practice Guidance. The guidance was crafted in response to identified cyber espionage activity by People’s Republic of China (PRC) government-affiliated threat actors targeting commercial telecommunications infrastructure, specifically addressing “highly targeted” individuals who are in senior government or senior political positions and likely to possess information of interest to these threat actors.

Highly targeted individuals should assume that all communications between mobile devices—including government and personal devices—and internet services are at risk of interception or manipulation.

CISA strongly urges highly targeted individuals to immediately review and apply the best practices provided in the guidance to protect mobile communications, including consistent use of end-to-end encryption.

Categories: US-CERT Feed

CISA Adds Four Known Exploited Vulnerabilities to Catalog

Wed, 12/18/2024 - 7:00am

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

  • CVE-2018-14933 NUUO NVRmini Devices OS Command Injection Vulnerability
  • CVE-2022-23227 NUUO NVRmini 2 Devices Missing Authentication Vulnerability
  • CVE-2019-11001 Reolink Multiple IP Cameras OS Command Injection Vulnerability
  • CVE-2021-40407 Reolink RLC-410W IP Camera OS Command Injection Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Categories: US-CERT Feed

CISA Issues BOD 25-01, Implementing Secure Practices for Cloud Services

Tue, 12/17/2024 - 7:00am

Today, CISA issued Binding Operational Directive (BOD) 25-01, Implementing Secure Practices for Cloud Services to safeguard federal information and information systems. This Directive requires federal civilian agencies to identify specific cloud tenants, implement assessment tools, and align cloud environments to CISA’s Secure Cloud Business Applications (SCuBA) secure configuration baselines. 

Recent cybersecurity incidents highlight the significant risks posed by misconfigurations and weak security controls, which attackers can use to gain unauthorized access, exfiltrate data, or disrupt services. As part of CISA and the broad U.S. government's effort to move the federal civilian enterprise to a more defensible posture, this Directive will further reduce the attack surface of the federal government networks.

The new Directive can be found at Binding Operational Directive (BOD) 25-01. To learn more about CISA Directives, visit Cybersecurity Directives webpage.

Categories: US-CERT Feed

CISA Releases Five Industrial Control Systems Advisories

Tue, 12/17/2024 - 7:00am

CISA released five Industrial Control Systems (ICS) advisories on December 17, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

Categories: US-CERT Feed

CISA and ONCD Release Playbook for Strengthening Cybersecurity in Federal Grant Programs for Critical Infrastructure

Tue, 12/17/2024 - 7:00am

Today, CISA and the Office of the National Cyber Director (ONCD) published Playbook for Strengthening Cybersecurity in Federal Grant Programs for Critical Infrastructure to assist grant-making agencies to incorporate cybersecurity into their grant programs and assist grant-recipients to build cyber resilience into their grant-funded infrastructure projects. 

This guide is for federal grant program managers, critical infrastructure owners and operators, and organizations such as state, local, tribal, and territorial governments who subaward grant program funds, and grant program recipients. The guide includes:

  • Recommended actions to incorporate cybersecurity into grant programs throughout the grant management lifecycle.
  • Model language for grant program managers and sub-awarding organizations to incorporate into Notices of Funding Opportunity (NOFOs) and Terms & Conditions. 
  • Templates for recipients to leverage when developing a Cyber Risk Assessment and Project Cybersecurity Plan.
  • Comprehensive list of cybersecurity resources available to support grant recipient project execution.

CISA encourages organizations to review and apply recommended actions to secure the nation’s critical infrastructure and enhance resilience.

Categories: US-CERT Feed

CISA Adds One Known Exploited Vulnerability to Catalog

Tue, 12/17/2024 - 7:00am

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

  • CVE-2024-55956 Cleo Multiple Products Unauthenticated File Upload Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Categories: US-CERT Feed

CISA Adds Two Known Exploited Vulnerabilities to Catalog

Mon, 12/16/2024 - 7:00am

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

  • CVE-2024-20767 Adobe ColdFusion Improper Access Control Vulnerability
  • CVE-2024-35250 Microsoft Windows Kernel-Mode Driver Untrusted Pointer Dereference Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Categories: US-CERT Feed

CISA Requests Public Comment for Draft National Cyber Incident Response Plan Update

Mon, 12/16/2024 - 7:00am

Today, CISA—through the Joint Cyber Defense Collaborative and in coordination with the Office of the National Cyber Director (ONCD)—released the National Cyber Incident Response Plan Update Public Comment Draft. The draft requests public comment on the National Cyber Incident Response Plan (NCIRP)—public comment period begins today and concludes on January 15, 2025. 

Since initial publication in 2016, CISA conducted broad and extensive engagement and information exchanges with public and private sector partners, interagency partners, federal Sector Risk Management Agencies (SRMAs), and regulators to build upon the successes of the inaugural NCIRP. The draft NCIRP update describes a national approach to coordinating significant cyber incident detection and response. 

The draft update considers the evolution in the cyber threat landscape and lessons learned from historical incidents. The text also addresses the vital role that the private sector, state and local governments (including tribal and territorial), and federal agencies hold in responding to cyber incidents.

CISA is seeking more perspectives to help strengthen the NCIRP and invites stakeholders from across the public and private sectors to share their knowledge and experiences, further informing our findings and contributing to this revision. Public comments may be posted via the Federal Register.

Categories: US-CERT Feed

CISA Adds One Known Exploited Vulnerability to Catalog

Fri, 12/13/2024 - 7:00am

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

  •  CVE-2024-50623 Cleo Multiple Products Unrestricted File Upload Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Categories: US-CERT Feed

CISA and EPA Release Joint Fact Sheet Detailing Risks Internet-Exposed HMIs Pose to WWS Sector

Fri, 12/13/2024 - 7:00am

Today, CISA and the Environmental Protection Agency (EPA) released Internet-Exposed HMIs Pose Cybersecurity Risks to Water and Wastewater Systems. This joint fact sheet provides Water and Wastewater Systems (WWS) facilities with recommendations for limiting the exposure of Human Machine Interfaces (HMIs) and securing them against malicious cyber activity.

HMIs enable operational technology owners and operators to read supervisory control and data acquisition systems connected to programmable logic controllers. Threat actors can exploit exposed HMIs at WWS Sector utilities without cybersecurity controls, resulting in operational impacts and forcing victims to revert to manual operations (see Defending OT Operations Against Ongoing Pro-Russia Hacktivist Activity).

EPA and CISA strongly encourage WWS Sector organizations review and implement the mitigations in this fact sheet to harden remote access to HMIs. Visit our Water and Wastewater Systems page for additional resources to help protect the WWS Sector.

Categories: US-CERT Feed

Apple Releases Security Updates for Multiple Products

Thu, 12/12/2024 - 7:00am

Apple released security updates to address vulnerabilities in multiple Apple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the following advisories and apply necessary updates:

Categories: US-CERT Feed

CISA Releases Ten Industrial Control Systems Advisories

Thu, 12/12/2024 - 7:00am

CISA released ten Industrial Control Systems (ICS) advisories on December 12, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

Categories: US-CERT Feed

Ivanti Releases Security Updates for Multiple Products

Tue, 12/10/2024 - 7:00am

Ivanti released security updates to address vulnerabilities in Ivanti Cloud Service Application, Ivanti Desktop and Server Management (DSM), Ivanti Connect Secure and Police Secure, Ivanti Sentry, and Ivanti Patch SDK.

CISA encourages users and administrators to review the following Ivanti security advisories and apply the necessary guidance and updates:

Categories: US-CERT Feed

Microsoft Releases December 2024 Security Updates

Tue, 12/10/2024 - 7:00am

Microsoft released security updates to address vulnerabilities in multiple Microsoft products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the following and apply necessary updates:

Categories: US-CERT Feed

Adobe Releases Security Updates for Multiple Products

Tue, 12/10/2024 - 7:00am

Adobe released security updates to address vulnerabilities in multiple Adobe software products including Adobe Acrobat, Adobe Illustrator, and Adobe InDesign. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.     

 CISA encourages users and administrators to review the following Adobe Security Bulletin and apply necessary updates:   

Categories: US-CERT Feed

CISA Adds One Known Exploited Vulnerability to Catalog

Tue, 12/10/2024 - 7:00am

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

  • CVE-2024-49138 Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Categories: US-CERT Feed

CISA Releases Seven Industrial Control Systems Advisories

Tue, 12/10/2024 - 7:00am

CISA released seven Industrial Control Systems (ICS) advisories on December 10, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

Categories: US-CERT Feed

Pages