4188 matches found
Malicious Cyber Activity Targeting Critical SAP Applications
SAP systems running outdated or misconfigured software are exposed to increased risks of malicious attacks. SAP applications help organizations manage critical business processes—such as enterprise resource planning, product lifecycle management, customer relationship management, and supply chain...
VMware Releases Security Update
VMware has released a security update to address a vulnerability in VMware Carbon Black Cloud Workload appliance. A remote attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory VMSA-2021-005 and...
FBI-CISA Joint Advisory on Exploitation of Fortinet FortiOS Vulnerabilities
The Federal Bureau of Investigation FBI and CISA have released a Joint Cybersecurity Advisory CSA to warn users and administrators of the likelihood that advanced persistent threat APT actors are actively exploiting known Fortinet FortiOS vulnerabilities CVE-2018-13379, CVE-2020-12812, and...
VMware Releases Security Updates
VMware has released security updates to address multiple vulnerabilities affecting vRealize Operations, Cloud Foundation, and vRealize Suite Lifecycle Manager. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and...
CISA Releases Supplemental Guidance on Emergency Directive for Microsoft Exchange Server Vulnerabilities
CISA has issued supplemental direction to Emergency Directive ED 21-02: Mitigate Microsoft Exchange On-Premises Product Vulnerabilities providing additional forensic triage and server hardening, requirements for federal agencies. Specifically, this update directs federal departments and agencies ...
Citrix Releases Security Updates for Hypervisor
Citrix has released security updates to address vulnerabilities in Hypervisor formerly XenServer. An attacker could exploit some of these vulnerabilities to cause a denial-of-service condition. CISA encourages users and administrators to review Citrix Security Update CTX306565 and apply the...
Google Releases Security Updates for Chrome
Google has released Chrome version 89.0.4389.114 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates. Th...
CISA Releases Supplemental Direction on Emergency Directive for Microsoft Exchange Server Vulnerabilities
CISA has issued supplemental direction to Emergency Directive ED 21-02: Mitigate Microsoft Exchange On-Premises Product Vulnerabilities providing additional forensic triage and server hardening, requirements for federal agencies. Specifically, this update directs federal departments and agencies ...
OpenSSL Releases Security Update
OpenSSL has released a security update to address vulnerabilities affecting versions 1.1.1–1.1.1j. An attacker could exploit these vulnerabilities to cause a denial-of-service condition. CISA encourages users and administrators to review the OpenSSL Security Advisory and apply the necessary updat...
Apple Releases Security Updates
Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected device. CISA encourages users and administrators to review the Apple security pages for the following products and apply the...
Webshells Observed in Post-Compromised Exchange Servers
CISA has added two new Malware Analysis Reports MARs to Alert AA21-062A: Mitigate Microsoft Exchange Server Vulnerabilities. Each new MAR AR21-084A and AR21-084B identifies a webshell observed in post-compromised Microsoft Exchange Servers. After successful exploiting a Microsoft Exchange Server...
Cisco Releases Security Updates
Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Cisco Security Advisories page and apply the necessary...
Samba Releases Security Updates
The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Samba Security Announcements for...
Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird
Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Mozilla security advisories for...
Adobe Releases Security Updates for ColdFusion
Adobe has released security updates to address a vulnerability affecting ColdFusion. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review Adobe Security Bulletin APSB21-16 and apply the necessary updates. This produ...
Cisco Releases Security Updates
Cisco has released security updates to address a vulnerability in Cisco Small Business routers. A remote attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review Cisco Advisory cisco-sa-rv-132w134w-overflow-Pptt4H2p and...
Using CHIRP to Detect Post-Compromise Threat Activity in On-Premises Environments
CISA Hunt and Incident Response Program CHIRP is a new forensics collection tool that CISA developed to help network defenders find indicators of compromise IOCs associated with the SolarWinds and Active Directory/M365 Compromise. CHIRP is freely available on the CISA GitHub repository. Similar t...
TTP Table for Detecting APT Activity Related to SolarWinds and Active Directory/M365 Compromise
CISA has released a table of tactics, techniques, and procedures TTPs used by the advanced persistent threat APT actor involved with the recent SolarWinds and Active Directory/M365 compromise. The table uses the MITRE ATT&CK framework to identify APT TTPs and includes detection recommendations...
CISA-FBI Joint Advisory on TrickBot Malware
CISA and the Federal Bureau of Investigation FBI have released a Joint Cybersecurity Advisory CSA on TrickBot malware. A sophisticated group of cyber criminals are using phishing emails claiming to contain proof of traffic violations to lure victims into downloading TrickBot. TrickBot is a highly...
Microsoft Releases Exchange On-premises Mitigation Tool
Microsoft has released the Exchange On-premises Mitigation Tool EOMT.ps1 that can automate portions of both the detection and patching process. Microsoft stated the following along with the release: "the tool is intended to help customers who do not have dedicated security or IT teams to apply...
Google Releases Security Updates for Chrome
Google has released Chrome version 89.0.4389.90 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates. Thi...
Updates on Microsoft Exchange Server Vulnerabilities
CISA has added seven Malware Analysis Reports MARs to Alert AA21-062A: Mitigate Microsoft Exchange Server Vulnerabilities. Each MAR identifies a webshell associated with exploitation of the vulnerabilities in Microsoft Exchange Server products. After successful exploiting a Microsoft Exchange...
F5 Security Advisory for RCE Vulnerabilities in BIG-IP, BIG-IQ
F5 has released a security advisory to address remote code execution RCE vulnerabilities—CVE-2021-22986, CVE-2021-22987—impacting BIG-IP and BIG-IQ devices. An attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators review the F...
Microsoft Releases March 2021 Security Updates
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s March 2021 Security Update Summary and...
FBI-CISA Joint Advisory on Compromise of Microsoft Exchange Server
CISA and the Federal Bureau of Investigation FBI have released a Joint Cybersecurity Advisory CSA to address recently disclosed vulnerabilities in Microsoft Exchange Server. CISA and FBI assess that adversaries could exploit these vulnerabilities to compromise networks, steal information, encrypt...
Guidance on Remediating Networks Affected by the SolarWinds and Active Directory/M365 Compromise
Since December 2020, CISA has been responding to a significant cybersecurity incident involving an advanced persistent threat APT actor targeting networks of multiple U.S. government agencies, critical infrastructure entities, and private sector organizations. The APT actor added malicious code t...
Apple Releases Security Updates
Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Apple security pages for the following products and apply the...
SAP Releases March 2021 Security Updates
SAP has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the SAP Security Notes for March 2021 and apply the necessary...
Adobe Releases Security Updates
Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessa...
CISA Strongly Urges All Organizations to Immediately Address Microsoft Exchange Vulnerabilities
CISA has published a Remediating Microsoft Exchange Vulnerabilities web page that strongly urges all organizations to immediately address the recent Microsoft Exchange Server product vulnerabilities. As exploitation of these vulnerabilities is widespread and indiscriminate, CISA strongly advises...
Microsoft IOC Detection Tool for Exchange Server Vulnerabilities
Microsoft has released an updated script that scans Exchange log files for indicators of compromise IOCs associated with the vulnerabilities disclosed on March 2, 2021. CISA is aware of widespread domestic and international exploitation of these vulnerabilities and strongly recommends organizatio...
Microsoft Releases Alternative Mitigations for Exchange Server Vulnerabilities
Microsoft has released alternative mitigation techniques for Exchange Server customers who are not able to immediately apply updates that address vulnerabilities disclosed on March 2, 2021. CISA and Microsoft encourages organizations to upgrade their on-premises Exchange environments to the lates...
VMware Releases Security Update
VMware has released a security update to address a vulnerability in View Planner. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory VMSA-2021-0003 and apply the necessary update. This...
Update to Alert on Mitigating Microsoft Exchange Server Vulnerabilities
CISA is aware of threat actors using open source tools to search for vulnerable Microsoft Exchange Servers and advises entities to investigate for signs of a compromise from at least September 1, 2020. CISA has updated the Alert on the Microsoft Exchange server vulnerabilities with additional...
Joint NSA and CISA Guidance on Strengthening Cyber Defense Through Protective DNS
The National Security Agency NSA and CISA have released a Joint Cybersecurity Information CSI sheet with guidance on selecting a protective Domain Name System PDNS service as a key defense against malicious cyber activity. Protective DNS can greatly reduce the effectiveness of ransomware, phishin...
Cisco Releases Security Updates
Cisco has released security updates to address a vulnerability in multiple Cisco products. An attacker could exploit this vulnerability to cause a denial-of-service condition. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. CISA encourages users and...
CISA Issues Emergency Directive and Alert on Microsoft Exchange Vulnerabilities
CISA has issued Emergency Directive ED 21-02 and Alert AA21-062A addressing critical vulnerabilities in Microsoft Exchange products. Successful exploitation of these vulnerabilities allows an attacker to access on-premises Exchange servers, enabling them to gain persistent system access and contr...
Google Releases Security Updates for Chrome
Google has released Chrome version 89.0.4389.72 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates. Thi...
Microsoft Releases Out-of-Band Security Updates for Exchange Server
Microsoft has released out-of-band security updates to address vulnerabilities affecting Microsoft Exchange Server 2013, 2016, and 2019. A remote attacker can exploit three remote code execution vulnerabilities—CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065—to take control of an affected syst...
Apache Releases Security Advisory for Tomcat
The Apache Software Foundation has released a security advisory to address a vulnerability in multiple versions of Apache Tomcat 9.0. An attacker could exploit this vulnerability to access sensitive information. CISA encourages users and administrators to review the Apache security advisory for...
NSA Releases Guidance on Zero Trust Security Model
The National Security Agency NSA has released Cybersecurity Information Sheet: Embracing a Zero Trust Security Model, which provides information about, and recommendations for, implementing Zero Trust within networks. The Zero Trust security model is a coordinated system management strategy that...
Cisco Releases Security Updates
Cisco has released security updates to address vulnerabilities in Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Cisco Advisories and apply the necessary updates: Cisco...
VMware Releases Multiple Security Updates
VMware has released security updates to address multiple vulnerabilities—CVE-2021-21972, CVE-2021-21973, CVE-2021-21974—in ESXi, vCenter Server, and Cloud Foundation. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and...
Mozilla Releases Security Updates for Thunderbird, Firefox ESR, and Firefox
Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Mozilla security advisories for Firefox 86,...
CISA Releases Joint Cybersecurity Advisory on Exploitation of Accellion File Transfer Appliance
The cybersecurity authorities of Australia, New Zealand, Singapore, the United Kingdom, and the United States have released Joint Cybersecurity Advisory AA21-055A: Exploitation of Accellion File Transfer Appliance. Cyber actors worldwide have exploited vulnerabilities in Accellion File Transfer...
SonicWall Releases Additional Patches
SonicWall has released firmware patches for SMA 100 series products in an update to its previous alert from February 3, 2021. A remote attacker could exploit a vulnerability in versions of SMA 10 prior to 10.2.0.5-29sv to take control of an affected system. CISA encourages users and administrator...
Cisco Releases Security Updates for AnyConnect Secure Mobility Client
Cisco has released security updates to address a vulnerability in Cisco AnyConnect Secure Mobility Client. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review Cisco Security Advisory...
North Korean Malicious Cyber Activity: AppleJeus
CISA, the Federal Bureau of Investigation, and the Department of the Treasury have released a Joint Cybersecurity Advisory and seven Malware Analysis Reports MARs on the North Korean government’s dissemination of malware that facilitates the theft of cryptocurrency—referred to by the U.S...
Google Releases Security Updates for Chrome
Google has released Chrome version 88.0.4324.182 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the Chrome Release and apply the necessary updates. This...
VMware Releases Security Update
VMware has released a security update to address a vulnerability in vSphere Replication. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory VMSA-2021-0001 and apply the necessary update...