4188 matches found
CISA Insights: Guidance for MSPs and Small- and Mid-sized Businesses
CISA has released CISA Insights: Guidance for Managed Service Providers MSPs and Small- and Mid-sized Businesses, which provides mitigation and hardening guidance to help these organizations strengthen their defenses against cyberattacks. Many small- and mid-sized businesses use MSPs to manage IT...
Adobe Releases Security Updates for Multiple Products
Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Adobe’s Security Bulletins and apply the necessary updates...
CISA Issues Emergency Directive on Microsoft Windows Print Spooler
CISA has issued Emergency Directive ED 21-04: Mitigate Windows Print Spooler Service Vulnerability addressing CVE-2021-34527. Attackers can exploit this vulnerability to remotely execute code with system level privileges enabling a threat actor to quickly compromise the entire identity...
Kaseya Ransomware Attack: Guidance and Resources
CISA has created a webpage to provide information and guidance for the recent ransomware attack against Kaseya customers that include managed service providers MSPs and customers of those MSPs. CISA encourages affected organizations to review Kaseya Ransomware Attack: Guidance for Affected MSPs a...
Mozilla Releases Security Updates for Firefox
Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Mozilla Security Advisory for Firefox 90 and Firefox E...
Apache Releases Security Advisory for Tomcat
The Apache Software Foundation has released a security advisory to address a vulnerability in multiple versions of Tomcat. An attacker could exploit this vulnerability to obtain sensitive information. CISA encourages users and administrators to review Apache’s security advisory and apply the...
Microsoft Releases July 2021 Security Updates
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s July 2021 Security Update Summary and...
Citrix Releases Security Updates for Virtual Apps and Desktops
Citrix has released security updates to address a vulnerability in multiple versions of Virtual Apps and Desktops. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review Citrix Security Update CTX319750 and apply the...
Mozilla Releases Security Updates for Firefox, Thunderbird
Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Mozilla Security Advisory for Firefox 90...
SAP Releases July 2021 Security Updates
SAP has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the SAP Security Notes for July 2021 and apply the necessary...
SolarWinds Releases Advisory for Serv-U Vulnerability
SolarWinds has released an advisory addressing a vulnerability—CVE-2021-35211—affecting Serv-U Managed File Transfer and Serv-U Secure FTP. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system. Note: this vulnerability does not affect any other...
VMware Releases Security Update
VMware has released a security update to address a vulnerability in VMware ESXi and VMware Cloud Foundation. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory VMSA-2021-0014 and apply the...
Critical ForgeRock Access Management Vulnerability
Malicious cyber actors are actively exploiting a pre-authorization remote code execution vulnerability CVE-2021-35464 in ForgeRock Access Management—a commercial open access management solution that is based on OpenAM, an open-source access management solution. An attacker exploiting this...
Kaseya Provides Security Updates for VSA On-Premises Software Vulnerabilities
Kaseya has released VSA version 9.5.7a for their VSA On-Premises software. This version addresses vulnerabilities that enabled the ransomware attacks on Kaseya’s customers. CISA strongly urges Kaseya customers closely follow the instructions detailed in the Kaseya security notice and contact Kase...
CISA Releases Analysis of FY20 Risk and Vulnerability Assessments
CISA has released an analysis and infographic detailing the findings from the Risk and Vulnerability Assessments RVAs conducted in Fiscal Year FY 2020 across multiple sectors. The analysis details a sample attack path a cyber threat actor could take to compromise an organization with weaknesses...
Cisco Releases Security Updates for Multiple Products
Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. CISA encourages...
CISA Publishes Malware Analysis Report and Updates Alert on DarkSide Ransomware
CISA has published a new Malware Analysis Report MAR on DarkSide Ransomware and updated Alert AA21-131A: DarkSide Ransomware: Best Practices for Preventing Business Disruption from Ransomware Attacks, originally released May 11, 2021. This update adds indicators of compromise associated with a...
CISA Releases Security Advisory for Philips Vue PAC Products
CISA has released an Industrial Controls Systems ICS Medical Advisory detailing multiple vulnerabilities in multiple Philips Clinical Collaboration Platform Portal officially registered as Vue PACS products. An attacker could exploit some of these vulnerabilities to take control of an affected...
Microsoft Releases Out-of-Band Security Updates for PrintNightmare
Microsoft has released out-of-band security updates to address a remote code execution RCE vulnerability—known as PrintNightmare CVE-2021-34527—in the Windows Print spooler service. According to the CERT Coordination Center CERT/CC, “The Microsoft Windows Print Spooler service fails to restrict...
CISA-FBI Guidance for MSPs and their Customers Affected by the Kaseya VSA Supply-Chain Ransomware Attack
CISA and the Federal Bureau of Investigation FBI continue to respond to the recent supply-chain ransomware attack leveraging a vulnerability in Kaseya VSA software against multiple managed service providers MSPs and their customers. CISA and FBI strongly urge affected MSPs and their customers to...
Kaseya VSA Supply-Chain Ransomware Attack
CISA is taking action to understand and address the recent supply-chain ransomware attack against Kaseya VSA and the multiple managed service providers MSPs that employ VSA software. CISA encourages organizations to review the Kaseya advisory and immediately follow their guidance to shutdown VSA...
NSA-CISA-NCSC-FBI Joint Cybersecurity Advisory on Russian GRU Brute Force Campaign
The National Security Agency NSA, Cybersecurity and Infrastructure Security Agency CISA, Federal Bureau of Investigation FBI, and the UK’s National Cyber Security Centre NCSC have released Joint Cybersecurity Advisory CSA: Russian GRU Conducting Global Brute Force Campaign to Compromise Enterpris...
CISA’s CSET Tool Sets Sights on Ransomware Threat
CISA has released a new module in its Cyber Security Evaluation Tool CSET: the Ransomware Readiness Assessment RRA. CSET is a desktop software tool that guides network defenders through a step-by-step process to evaluate their cybersecurity practices on their networks. CSET—applicable to both...
PrintNightmare, Critical Windows Print Spooler Vulnerability
Updated July 2, 2021 For new information and mitigations, see Microsoft's updated guidance for the Print spooler vulnerability CVE-2021-34527. Updated July 1, 2021 See Microsoft's new guidance for the Print spooler vulnerability CVE-2021-34527 and apply the necessary workarounds. Original post Ju...
CISA Begins Cataloging Bad Practices that Increase Cyber Risk
In a blog post by Executive Assistant Director EAD Eric Goldstein, CISA announced the creation of a catalog to document bad cybersecurity practices that are exceptionally risky for any organization and especially dangerous for those supporting designated Critical Infrastructure or National Critic...
Citrix Releases Security Updates for Hypervisor
Citrix has released security updates to address vulnerabilities in Hypervisor. An attacker could exploit these vulnerabilities to cause a denial-of-service condition. CISA encourages users and administrators to review Citrix Security Update CTX316325 and apply the necessary updates. This product ...
VMware Releases Security Updates
VMware has released security updates to address vulnerabilities in the VMware Carbon Black App Control management server as well as VMware Tools for Windows, VMware Remote Console for Windows, and VMware App Volumes. An attacker could exploit these vulnerabilities to take control of an affected...
Google Releases Security Updates for Chrome
Google has released Chrome version 91.0.4472.114 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. One of these vulnerabilities—CVE-2021-30554—has been detected in exploits in the wild. CISA encourages users a...
Cisco Releases Security Updates for Multiple Products
Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. CISA encourages...
Apple Releases Security Updates for iOS 12.5.4
Apple has released security updates to address vulnerabilities in iOS 12.5.4. An attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Apple security update and apply the necessary updates. This product is provid...
CISA Releases Advisory on ZOLL Defibrillator Dashboard
CISA has released an Industrial Controls Systems ICS Medical Advisory on multiple vulnerabilities in the ZOLL Defibrillator Dashboard. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the ICS...
Google Releases Security Updates for Chrome
Google has released Chrome version 91.0.4472.101 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. One of these vulnerabilities—CVE-2021-30551—has been detected in exploits in the wild. CISA encourages users a...
CISA Addresses the Rise in Ransomware Targeting Operational Technology Assets
CISA has published the Rising Ransomware Threat to OT Assets fact sheet in response to the recent increase in ransomware attacks targeting operational technology OT assets and control systems. The guidance: provides steps to prepare for, mitigate against, and respond to attacks; details how the...
Adobe Releases Security Updates for Multiple Products
Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Adobe’s Security Bulletins and apply the necessary updates...
SAP Releases June 2021 Security Updates
SAP has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the SAP Security Notes for June 2021 and apply the necessary...
Microsoft Releases June 2021 Security Updates
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s June 2021 Security Update Summary and...
Unpatched VMware vCenter Software
CISA is aware of the likelihood that cyber threat actors are attempting to exploit CVE-2021-21985, a remote code execution vulnerability in VMware vCenter Server and VMware Cloud Foundation. Although patches were made available on May 25, 2021, unpatched systems remain an attractive target and...
Cisco Releases Security Updates for Multiple Products
Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. CISA encourages...
Mozilla Releases Security Updates for Firefox
Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Mozilla Security Advisory for Firefox 89 and Firefox E...
Cisco Releases Security Updates for Multiple Products
Cisco has released security updates to address a vulnerability in multiple Cisco products. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review the following Cisco advisory and apply the necessary updates: Lasso SAM...
CISA Releases Best Practices for Mapping to MITRE ATT&CK®
As part of an effort to encourage a common language in threat actor analysis, CISA has released Best Practices for MITRE ATT&CK® Mapping. The guide shows analysts—through instructions and examples—how to map adversary behavior to the MITRE ATT&CK framework. CISA created this guide in partnership...
Joint CISA-FBI Cybersecurity Advisory on Sophisticated Spearphishing Campaign
CISA and the Federal Bureau of Investigation FBI are responding to an ongoing spearphishing campaign targeting government organizations, intergovernmental organizations, and non-governmental organizations. A sophisticated cyber threat actor leveraged a compromised end-user account from Constant...
FBI Update on Exploitation of Fortinet FortiOS Vulnerabilities
The Federal Bureau of Investigation FBI has released an FBI FLASH, APT Actors Exploiting Fortinet Vulnerabilities to Gain Access for Malicious Activity, which describes advanced persistent threat APT actors exploiting known Fortinet FortiOS vulnerabilities. APT actors may exploit these...
Drupal Releases Security Updates
Drupal has released security updates to address a vulnerability affecting Drupal 8.9, 9.0, and 9.1. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review Drupal Advisory SA-CORE-2021-003 and apply the necessary updat...
Microsoft Announces New Campaign from NOBELIUM
The Microsoft Threat Intelligence Center MSTIC has released information on the uncovering of a widespread malicious email campaign undertaken by the activity group that Microsoft tracks as NOBELIUM. NOBELIUM was initially identified in November 2020, during an intrusion at a major cybersecurity...
Updates to Alert on Pulse Connect Secure
CISA has updated Alert AA21-110A: Exploitation of Pulse Connect Secure Vulnerabilities to include new threat actor techniques, tactics, and procedures TTPs, indicators of compromise IOCs, and updated mitigations. CISA encourages users and administrators to review AA21-110A and the following...
Google Releases Security Updates for Chrome
Google has released Chrome version 91.0.4472.77 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates. Thi...
VMware Releases Security Updates
VMware has released security updates to address multiple vulnerabilities in vCenter Server and Cloud Foundation. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory...
Apple Releases Security Updates
Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected device. CISA encourages users and administrators to review the Apple security pages for the following products and apply the...
Cisco Releases Security Updates for Multiple Products
Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. CISA...