NCSC Releases 2021 Annual Review

The United Kingdom UK National Cyber Security Centre NCSC has released its Annual Review 2021, which focuses on its response to evolving and challenging cyber threats. The publication contains highlights of NCSC’s collaboration with trusted cybersecurity partners, including CISA. Examples include...

Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities

CISA, the Federal Bureau of Investigation FBI, the Australian Cyber Security Centre ACSC, and the United Kingdom’s National Cyber Security Centre NCSC have released a joint Cybersecurity Advisory highlighting ongoing malicious cyber activity by an advanced persistent threat APT group that FBI,...

CISA Adds Four Known Exploited Vulnerabilities to Catalog

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, which require remediation from federal civilian executive branch FCEB agencies by December 1, 2021. CISA has evidence that threat actors are actively exploiting the vulnerabilities listed in the table below...

Google Releases Security Updates for Chrome

Google has released Chrome version 96.0.4664.45 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates as...

New Federal Government Cybersecurity Incident and Vulnerability Response Playbooks

The White House, via Executive Order EO 14028: Improving the Nation’s Cybersecurity, tasked CISA, as the operational lead for federal cybersecurity, to “develop a standard set of operational procedures i.e., playbook to be used in planning and conducting cybersecurity vulnerability and incident...

VMware Releases Security Update for Tanzu Application Service for VMs

VMware has released a security update to address a vulnerability in Tanzu Application Service for VMs. A remote attacker could exploit this vulnerability to cause a denial-of-service condition. CISA encourages users and administrators to review VMware Security Advisory VMSA-2021-0026 and apply th...

CISA Releases Advisory on Vulnerabilities in Multiple Data Distribution Service Implementations 

CISA has released an Industrial Control Systems Advisory ICSA related to a public report detailing vulnerabilities found in multiple open-source and proprietary Object Management Group OMG Data-Distribution Service DDS implementations. Successful exploitation of these vulnerabilities could result...

Palo Alto Networks Release Security Updates for PAN-OS

Palo Alto Networks has released security updates to address a vulnerability affecting PAN-OS firewall configurations with GlobalProtect portal and gateway interfaces. These updates address a vulnerability that only affects old versions of PAN-OS 8.1.16 and earlier. An unauthenticated attacker wit...

VMware Releases Security Advisory

VMware has released a security advisory to address a privilege escalation vulnerability in vCenter Server and Cloud Foundation. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory...

Apple Releases Security Update for iCloud for Windows 13

Apple has released a security update to address multiple vulnerabilities in iCloud for Windows 13. An attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Apple security page and apply the necessary update. This...

Security Researchers Reveal Activity Targeting ManageEngine ADSelfService Plus

On September 16, CISA released a joint alert on exploitation of a vulnerability CVE-2021-40539 in ManageEngine ADSelfService Plus. On November 8, security researchers from Palo Alto Networks and Microsoft Threat Intelligence Center MSTIC released separate reports on targeted attacks against...

CISA Releases Security Advisory on Siemens Nucleus Real-Time Operating Systems

CISA has released an Industrial Control Systems ICS advisory detailing multiple vulnerabilities found in Siemens Nucleus Real-Time Operating Systems RTOS and supporting libraries. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages...

Microsoft Releases November 2021 Security Updates

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s November 2021 Security Update Summary and Deploymen...

Adobe Releases Security Updates for Multiple Products

Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessa...

SAP Releases November 2021 Security Updates

SAP has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the SAP Security Notes for November 2021 and apply the...

Citrix Releases Security Updates

Citrix has released security updates to address vulnerabilities affecting multiple versions of Citrix Application Delivery Controller ADC, Gateway, and SD-WAN WANOP. An attacker could exploit these vulnerabilities to cause a denial-of-service condition. CISA encourages users and administrators to...

Samba Releases Security Updates

The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Samba security announcements and...

BrakTooth Proof of Concept Tool Demonstrates Bluetooth Vulnerabilities

On November 1, 2021, researchers publicly released a BrakTooth proof-of-concept PoC tool to test Bluetooth-enabled devices against potential Bluetooth exploits using the researcher’s software tools. BrakTooth—originally disclosed in August 2021—is a family of security vulnerabilities in commercia...

Cisco Releases Security Updates for Multiple Products

Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. CISA encourages...

Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird

Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Mozilla security advisories for Firefox...

FBI Releases PIN on Attacks Using Significant Financial Events for Extortion

The Federal Bureau of Investigation FBI has released a Private Industry Notification PIN on ransomware actors using significant financial events, such as mergers and acquisitions, to target and leverage victim companies. CISA encourages users and administrators to review Ransomware Actors Use...

CISA Issues BOD 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities

CISA has issued Binding Operational Directive BOD 22-01, Reducing the Significant Risk of Known Exploited Vulnerabilities, to establish specific timeframes for federal civilian agencies to remediate vulnerabilities that are being actively exploited by known adversaries. To support this Directive,...

Mozilla Releases Security Updates for Firefox and Firefox ESR

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Mozilla security advisories for Firefox 94 and Firefox...

Google Releases Security Updates for Chrome

Google has released Chrome version 95.0.4638.69 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. Some of these vulnerabilities have been detected in exploits in the wild. CISA encourages users and...

GoCD Authentication Vulnerability

GoCD has released a security update to address a critical authentication vulnerability in GoCD versions 20.6.0 through 21.2.0. GoCD is an open-source Continuous Integration and Continuous Delivery system. A remote attacker could exploit this vulnerability to obtain sensitive information. CISA...

Cisco Releases Security Updates for Multiple Products

Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisory CISA encourages...

2021 CWE Most Important Hardware Weaknesses

The Homeland Security Systems Engineering and Development Institute, sponsored by the Department of Homeland Security and operated by MITRE, has released the 2021 Common Weakness Enumeration CWE Most Important Hardware Weaknesses List. The 2021 Hardware List is a compilation of the most frequent...

ISC Releases Security Advisory for BIND

The Internet Systems Consortium ISC has released a security advisory that addresses a vulnerability affecting multiple versions of the ISC Berkeley Internet Name Domain BIND. A remote attacker could exploit this vulnerability to cause a denial-of-service condition. CISA encourages users and...

NSA-CISA Series on Securing 5G Cloud Infrastructures

The National Security Agency NSA and CISA have published the first of a four-part series, Security Guidance for 5G Cloud Infrastructures. Security Guidance for 5G Cloud Infrastructures – Part I: Prevent and Detect Lateral Movement provides recommendations for mitigating lateral movement attempts ...

FBI Releases Indicators of Compromise Associated with Ranzy Locker Ransomware

The Federal Bureau of Investigation FBI has released a Flash report detailing indicators of compromise IOCs associated with attacks using Ranzy Locker, a ransomware variant first identified targeting victims in the United States in late 2020. CISA encourages users and administrators to review the...

Adobe Releases Security Updates for Multiple Products

Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Adobe’s Security Bulletins and apply the necessary updates...

Apple Releases Security Updates for Multiple Products

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Apple security pages for the following products and apply the...

NOBELIUM Attacks on Cloud Services and other Technologies

Microsoft has released a blog on NOBELIUM attacks on cloud services and other technologies. CISA urges users and administrators to review NOBELIUM targeting delegated administrative privileges to facilitate broader attacks and apply the necessary mitigations. This product is provided subject to...

Critical RCE Vulnerability in Discourse 

Discourse—an open source discussion platform—has released a security advisory to address a critical remote code execution RCE vulnerability CVE-2021-41163 in Discourse versions 2.7.8 and earlier. CISA urges developers to update to patched versions 2.7.9 or later or apply the necessary workarounds...

Malware Discovered in Popular NPM Package, ua-parser-js

Versions of a popular NPM package named ua-parser-js was found to contain malicious code. ua-parser-js is used in apps and websites to discover the type of device or browser a person is using from User-Agent data. A computer or device with the affected software installed or running could allow a...

Cisco Releases Security Updates for IOS XE SD-WAN Software

Cisco has released security updates to address a vulnerability in IOS XE SD-WAN Software. An authenticated local attacker could exploit this vulnerability to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. CISA...

GPS Daemon (GPSD) Rollover Bug

Critical Infrastructure CI owners and operators, and other users who obtain Coordinated Universal Time UTC from Global Positioning System GPS devices, should be aware of a GPS Daemon GPSD bug in GPSD versions 3.20 released December 31, 2019 through 3.22 released January 8, 2021. On October 24,...

Google Releases Security Updates for Chrome

Google has released Chrome version 95.0.4638.54 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the Chrome Release Note and apply the necessary update as so...

Oracle Releases October 2021 Critical Patch Update

Oracle has released its Critical Patch Update for October 2021 to address 419 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Oracle October 2021...

CISA, FBI, and NSA Release Joint Cybersecurity Advisory on BlackMatter Ransomware

CISA, the Federal Bureau of Investigation FBI, and the National Security Agency NSA have released joint Cybersecurity Advisory CSA: BlackMatter Ransomware. Since July 2021, malicious cyber actors have used BlackMatter ransomware to target multiple U.S. critical infrastructure entities, including ...

Apache Releases Security Advisory for Tomcat  

The Apache Software Foundation has released a security advisory to address a vulnerability in multiple versions of Tomcat. An attacker could exploit this vulnerability to cause a denial of service condition. CISA encourages users and administrators to review Apache’s security advisory for...

Ongoing Cyber Threats to U.S. Water and Wastewater Systems Sector Facilities

CISA, the Federal Bureau of Investigation FBI, the Environmental Protection Agency EPA, and the National Security Agency NSA have released a joint Cybersecurity Advisory CSA that details ongoing cyber threats to U.S. Water and Wastewater Systems WWS Sector. This activity—which includes cyber...

Juniper Networks Releases Security Updates for Multiple Products

Juniper Networks has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Juniper Networks security advisories page an...

Google Releases Security Updates for Chrome

Google has updated the Stable channel to 94.0.4606.81 for Windows, Mac and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the Chrome Release and apply the necessary updates. Thi...

Adobe Releases Security Updates for Multiple Products

Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessa...

Microsoft Releases October 2021 Security Updates

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s October 2021 Security Update Summary and Deployment...

Apple Releases Security Update to Address CVE-2021-30883

Apple has released a security update to address a vulnerability—CVE-2021-30883—in multiple products. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability has been detected in exploits in the wild. CISA encourages users to review the Apple security...

NSA Releases Guidance on Avoiding the Dangers of Wildcard TLS Certificates and ALPACA Techniques

The National Security Agency NSA has released a Cybersecurity Information CSI sheet with guidance to help secure the Department of Defense, National Security Systems, and Defense Industrial Base organizations from poorly implemented wildcard Transport Layer Security TLS certificates and the...

CISA Releases Guidance: TIC 3.0 Remote User Use Case

In coordination with the Office of Management and Budget OMB, the Federal Chief Information Security Officer Council FCISO Trusted Internet Connections TIC Subcommittee, and the General Services Administration, CISA has released Trusted Internet Connections 3.0 Remote User Use Case. The Remote Us...

Cisco Releases Security Updates for Multiple Products

Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. CISA encourages...