Update to CISA-FBI Joint Cybersecurity Advisory on DarkSide Ransomware

CISA and the Federal Bureau of Investigation FBI have updated Joint Cybersecurity Advisory AA21-131A: DarkSide Ransomware: Best Practices for Preventing Disruption from Ransomware Attacks, originally released May 11, 2021. This update provides a downloadable STIX file of indicators of compromise...

CISA Publishes Eviction Guidance for Networks Affected by SolarWinds and AD/M365 Compromise

CISA has released an analysis report, AR21-134A Eviction Guidance for Networks Affected by the SolarWinds and Active Directory/M365 Compromise. The report provides detailed steps for affected organizations to evict the adversary from compromised on-premises and cloud environments. Additionally,...

WordPress Releases Security Update

WordPress versions between 3.7 and 5.7.1 are affected by a security vulnerability. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 5.7.2. This product is...

Google Releases Security Updates for Chrome

Google has released Chrome version 90.0.4430.212 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates. Th...

Adobe Releases Security Updates for Multiple Products 

Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Adobe’s Security Bulletins and apply the necessary updates...

Microsoft Releases May 2021 Security Updates

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s May 2021 Security Update Summary and Deployme...

Citrix Releases Security Updates for Workspace App for Windows

Citrix has released security updates to address a vulnerability in Citrix Workspace App for Windows. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review Citrix Security Update CTX307794 and apply the necessary...

Juniper Networks Releases Security Updates

Juniper Networks has released security updates to address multiple vulnerabilities in various Juniper products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Juniper's 2021-05 Out-of-Cycle Security...

Joint CISA-FBI Cybersecurity Advisory on DarkSide Ransomware

CISA and the Federal Bureau of Investigation FBI have released a Joint Cybersecurity Advisory CSA on a ransomware-as-a-service RaaS variant—referred to as DarkSide—recently used in a ransomware attack against a critical infrastructure CI company. Cybercriminal groups use DarkSide to gain access t...

Exim Releases Security Update

Exim has released a security update to address multiple vulnerabilities in Exim versions prior to 4.94.2. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Exim 4.94.2 update page and apply t...

Joint NCSC-CISA-FBI-NSA Cybersecurity Advisory on Russian SVR Activity

CISA has joined with the United Kingdom's National Cyber Security Centre NCSC, the Federal Bureau of Investigation FBI, and the National Security Agency NSA, in releasing a Joint Cybersecurity Advisory on Russian Foreign Intelligence Service SVR tactics, techniques, and procedures. Further TTPs...

Mozilla Releases Security Updates for Firefox

Mozilla has released security updates to address vulnerabilities in Firefox. An attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Mozilla Security Advisory for Firefox 88.0.1 and apply the necessary updates...

CISA Releases Analysis Reports on New FiveHands Ransomware

CISA is aware of a recent, successful cyberattack against an organization using a new ransomware variant, known as FiveHands, that has been used to successfully conduct a cyberattack against an organization. CISA has released AR21-126A: FiveHands Ransomware and MAR-10324784-1.v1: FiveHands...

VMware Releases Security Update

VMware has released a security update to address a vulnerability in VMware vRealize Business for Cloud. A remote attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory VMSA-2021-0007 and apply th...

 Cisco Releases Security Updates for Multiple Products 

Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. CISA...

Apple Releases Security Updates

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected device. CISA encourages users and administrators to review the Apple security pages for the following products and apply the...

Ivanti Releases Pulse Secure Security Update

Ivanti has released a security update to address vulnerabilities affecting Pulse Connect Secure PCS software outlined in CVE-2021-22893. An attacker could exploit these vulnerabilities to gain system access and take control of an affected system. In response, CISA released AA21-110A: Exploitation...

Codecov Releases New Detections for Supply Chain Compromise

CISA is aware of a compromise of the Codecov software supply chain in which a malicious threat actor made unauthorized alterations of Codecov’s Bash Uploader script, beginning on January 31, 2021. Upon discovering the compromise on April 1, 2021, Codecov immediately remediated the affected script...

CISA Updates Alert on Pulse Connect Secure

CISA has updated Alert AA21-110A: Exploitation of Pulse Connect Secure Vulnerabilities, originally released April 20. This update adds a new Detection section providing information on Impossible Travel and Transport Layer Security TLS Fingerprinting that may be useful in identifying malicious...

Samba Releases Security Updates

The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Samba Security Announcements for...

CISA Releases ICS Advisory on Real-Time Operating System Vulnerabilities

CISA has released Industrial Control Systems Advisory ICSA-21-119-04 Multiple RTOS to provide notice of multiple vulnerabilities found in real-time operating systems RTOS and supporting libraries. Successful exploitation of these vulnerabilities could result in unexpected behavior such as a crash...

Cisco Releases Security Updates for Multiple Products

Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit one of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. CISA encourages...

ISC Releases Security Advisory for BIND

The Internet Systems Consortium ISC has released a security advisory that addresses a vulnerability affecting multiple versions of ISC Berkeley Internet Name Domain BIND. A remote attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and...

Apple Releases Security Updates

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Apple security pages for the following products and apply the...

Google Releases Security Updates for Chrome

Google has released Chrome version 90.0.4430.93 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates. Thi...

CISA and NIST Release New Interagency Resource: Defending Against Software Supply Chain Attacks

A software supply chain attack—such as the recent SolarWinds Orion attack—occurs when a cyber threat actor infiltrates a software vendor’s network and employs malicious code to compromise the software before the vendor sends it to their customers. The compromised software can then further...

FBI-DHS-CISA Joint Advisory on Russian Foreign Intelligence Service Cyber Operations

The Federal Bureau of Investigation FBI, Department of Homeland Security, and CISA have released a Joint Cybersecurity Advisory CSA addressing Russian Foreign Intelligence Service SVR cyber actors—also known as Advanced Persistent Threat 29 APT 29, the Dukes, CozyBear, and Yttrium—continued...

CISA Incident Response to SUPERNOVA Malware

CISA has released AR21-112A: CISA Identifies SUPERNOVA Malware During Incident Response to provide analysis of a compromise in an organization’s enterprise network by an advance persistent threat actor. This report provides tactics, techniques, and procedures CISA observed during the incident...

Drupal Releases Security Updates

Drupal has released security updates to address a vulnerability affecting Drupal 7, 8.9, 9.0, and 9.1. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review Drupal Advisory SA-CORE-2021-002 and apply the necessary...

SonicWall Releases Patches for Email Security Products

CISA is aware of three vulnerabilities affecting SonicWall Email Security products: CVE-2021-20021, CVE-2021-20022, and CVE-2021-20023. A remote attacker could exploit these vulnerabilities to take control of an affected system. According to SonicWall, "In at least one known case, these...

Google Releases Security Updates for Chrome

Google has released Chrome version 90.0.4430.85 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates. Thi...

Mozilla Releases Security Update for Firefox, Firefox ESR, and Thunderbird

Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Mozilla Security Advisories for Firefox 88...

Oracle Releases April 2021 Critical Patch Update

Oracle has released its Critical Patch Update for April 2021 to address 384 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Oracle April 2021...

CISA Releases Alert on Exploitation of Pulse Connect Secure Vulnerabilities

CISA is aware of ongoing exploitation of Ivanti Pulse Connect Secure vulnerabilities compromising U.S. government agencies, critical infrastructure entities, and private sector organizations. In response, CISA has released Alert AA21-110A: Exploitation of Pulse Connect Secure Vulnerabilities, as...

VMware Releases Security Update

VMware has released a security update to address a vulnerability affecting NSX-T. An attacker can exploit this vulnerability to take control of an affected system CISA encourages users and administrators to review VMSA-2021-0006 and apply the necessary update and workaround. This product is...

CISA Issues Emergency Directive on Pulse Connect Secure

CISA has issued Emergency Directive ED 21-03, as well as Alert AA21-110A, to address the exploitation of vulnerabilities affecting Pulse Connect Secure PCS software. An attacker could exploit these vulnerabilities to gain persistent system access and take control of the enterprise network operati...

WordPress Releases Security and Maintenance Update

WordPress versions 4.7-5.7 are affected by multiple vulnerabilities. An attacker could exploit one of these vulnerabilities to take control of an affected website. CISA encourages users and administrators to review the WordPress Security and Maintenance Release and upgrade to WordPress 5.7.1. Thi...

NSA-CISA-FBI Joint Advisory on Russian SVR Targeting U.S. and Allied Networks

CISA, the National Security Agency NSA, and the Federal Bureau of Investigation FBI have released a Joint Cybersecurity Advisory CSA on Russian Foreign Intelligence Service SVR actors scanning for and exploiting vulnerabilities to compromise U.S. and allied networks, including national security a...

Juniper Networks Releases Security Updates

Juniper Networks has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Juniper Security Advisories webpage and apply the...

Google Releases Security Updates for Chrome

Google has updated the stable channel for Chrome to 90.0.4430.72 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the Chrome release and apply the necessary...

CISA and CNMF Analysis of SolarWinds-related Malware

CISA and the Department of Defense DoD Cyber National Mission Force CNMF have analyzed additional SolarWinds-related malware variants—referred to as SUNSHUTTLE and SOLARFLARE. One of the analyzed files was identified as a China Chopper webshell server-side component that was observed on a network...

NAME:WRECK DNS Vulnerabilities

Cybersecurity researchers from Forescout and JSOF have released a report on a set of nine vulnerabilities—referred to as NAME:WRECK—affecting Domain Name System DNS implementations. NAME:WRECK affects at least four common TCP/IP stacks—FreeBSD, IPNet, NetX, and Nucleus NET—that are used in Intern...

Threat Actors Targeting Cybersecurity Researchers

Google and Microsoft recently published reports on advanced persistent threat APT actors targeting cybersecurity researchers. The APT actors are using fake social media profiles and legitimate-looking websites to lure security researchers into visiting malicious websites to steal information,...

SAP Releases April 2021 Security Updates

SAP has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the SAP Security Notes for April 2021 and apply the necessary...

Apply Microsoft April 2021 Security Update to Mitigate Newly Disclosed Microsoft Exchange Vulnerabilities

Microsoft's April 2021 Security Update mitigates significant vulnerabilities affecting on-premises Exchange Server 2013, 2016, and 2019. An attacker could exploit these vulnerabilities to gain access and maintain persistence on the target host. CISA strongly urges organizations to apply Microsoft...

Adobe Releases Security Updates

Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary...

Google Releases Security Updates for Chrome

Google has updated the stable channel for Chrome to 89.0.4389.128 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the Chrome release and apply the necessary...

Updates on Microsoft Exchange Server Vulnerabilities

CISA has added two new Malware Analysis Reports MARs to Alert AA21-062A: Mitigate Microsoft Exchange Server Vulnerabilities. MAR-10331466-1.v1: China Chopper Webshell identifies a China Chopper webshell observed in post-compromised Microsoft Exchange Servers. After successfully exploiting a...

Using Aviary to Analyze Post-Compromise Threat Activity in M365 Environments

Aviary is a new dashboard that CISA and partners developed to help visualize and analyze outputs from its Sparrow detection tool released in December 2020. Sparrow helps network defenders detect possible compromised accounts and applications in Azure/Microsoft O365 environments. CISA created...

Cisco Releases Security Updates for Multiple Products

Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. CISA encourages...