Verify Your Valentine

This Valentine’s Day, before you go looking for love in all the wrong chat rooms, CISA reminds users to be wary of internet romance scams. At first, cyber criminals promise the reward of romance after adopting an alias to appear as a potential partner. Once your heart is hooked on hope, they turn...

Compromise of U.S. Water Treatment Facility

In response to recent events where unidentified cyber actors obtained unauthorized access to the supervisory control and data acquisition SCADA system at a U.S. drinking water treatment facility, CISA, the Federal Bureau of Investigation, the Environmental Protection Agency, and the Multi-State...

Microsoft Launches Phase 2 Mitigation for Netlogon Remote Code Execution Vulnerability (CVE-2020-1472)

Microsoft addressed a critical remote code execution vulnerability affecting the Netlogon protocol CVE-2020-1472 on August 11, 2020. Beginning with the February 9, 2021 Security Update release, Domain Controllers will be placed in enforcement mode. This will require all Windows and non-Windows...

Adobe Releases Security Updates

Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessa...

Apple Releases Security Updates

Apple has released security updates to address vulnerabilities in macOS Big Sur 11.2, macOS Catalina 10.15.7, and macOS Mojave 10.14.6. An attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Apple security upda...

Microsoft Releases February 2021 Security Updates

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s February 2021 Security Update Summary and...

Microsoft Warns of Windows Win32k Privilege Escalation

Microsoft has released a security advisory to address an escalation of privileges vulnerability, CVE-2021-1732, in Microsoft Win32k. A local attacker can exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild. CISA encourages user...

Mozilla Releases Security Updates for Firefox and Firefox ESR

Mozilla has released security updates addressing a vulnerability affecting Firefox and Firefox ESR. An attacker can take advantage of this vulnerability to take control of an affected system. CISA encourages users and administrators to review the Mozilla security advisory for Firefox 85.0.1 and...

NCIJTF Releases Ransomware Factsheet

The National Cyber Investigative Joint Task Force NCIJTF has released a joint-sealed ransomware factsheet to address current ransomware threats and provide information on prevention and mitigation techniques. The Ransomware Factsheet was developed by an interagency group of subject matter experts...

Google Releases Security Updates for Chrome

Google has released Chrome Version 88.0.4324.150 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the Chrome Release and apply the necessary updates. This...

Cisco Releases Security Updates

Cisco has released security updates to address vulnerabilities in Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Cisco Advisories and apply the necessary updates. For...

Google Releases Security Updates for Chrome

Google has released Chrome version 88.0.4324.146 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that that an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the Chrome Release and apply the necessary...

Zero-Day Vulnerability in SonicWall SMA 100 Series Version 10.x Products

CISA is aware of a vulnerability in SonicWall Secure Mobile Access SMA 100 series products. SMA 100 series products provide an organization’s employees with remote access to internal resources. SonicWall security and engineering teams have confirmed a zero-day vulnerability that was reported by a...

Apple Releases Security Updates

Apple has released security updates to address vulnerabilities in macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Apple...

Sudo Heap-Based Buffer Overflow Vulnerability — CVE-2021-3156

Sudo has released an advisory addressing a heap-based buffer overflow vulnerability—CVE-2021-3156—affecting sudo legacy versions 1.8.2 through 1.8.31p2 and stable versions 1.9.0 through 1.9.5p1. Sudo is a utility included in many Unix- and Linux-based operating systems that allows a user to run...

Data Privacy Day

January 28 is Data Privacy Day DPD, an annual effort promoting data privacy awareness and education. This year’s DPD events, sponsored by the National Cyber Security Alliance NCSA, focus on how to Own Your Privacy. The NCSA teaches users how to protect valuable data online, while encouraging...

Apple Releases Security Updates

Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users to review the Apple security pages for the following products and apply the necessary...

Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird

Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Mozilla Security Advisories for Firefox 85,...

CISA Malware Analysis on Supernova

CISA has released a malware analysis report on Supernova malware affecting unpatched SolarWinds Orion software. The report contains indicators of compromise IOCs and analyzes several malicious artifacts. Supernova is not part of the SolarWinds supply chain attack described in Alert AA20-352A. CIS...

FTC Reports Scammers Impersonating FTC

The Federal Trade Commission FTC has released information on scammers attempting to impersonate the FTC. The scammers operate an FTC-spoofed website that claims to provide instant cash payments and tries to trick consumers into disclosing their financial information. The real FTC does not require...

Oracle Releases January 2021 Security Bulletin

Oracle has released its Critical Patch Update for January 2021 to address 329 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Oracle January 2021...

Drupal Releases Security Updates

Drupal has released security updates to address a vulnerability affecting Drupal. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review Drupal Advisory SA-CORE-2021-001 and apply the necessary updates or mitigations...

CERT/CC and CISA Report Multiple Vulnerabilities in Dnsmasq

CISA and the CERT Coordination Center CERT/CC are aware of multiple vulnerabilities affecting Dnsmasq version 2.82 and prior. Dnsmasq is a widely-used, open-source software that provides Domain Name Service forwarding and caching and is common in Internet-of-Things IoT and other embedded devices....

Google Releases Security Updates for Chrome

Google has released Chrome version 88.0.4324.96 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the Chrome Release and apply the necessary updates. This...

Cisco Releases Advisories for Multiple Products

Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. CISA encourages...

Apache Releases Security Advisory for Tomcat

The Apache Software Foundation has released a security advisory to address a vulnerability affecting multiple versions of Apache Tomcat. An attacker could exploit this vulnerability to obtain sensitive information. CISA encourages users and administrators to review the Apache security advisory fo...

NSA Releases Guidance on Encrypted DNS in Enterprise Environments  

The National Security Agency NSA has released an information sheet with guidance on adopting encrypted Domain Name System DNS over Hypertext Transfer Protocol over Transport Layer Security HTTPS, referred to as DNS over HTTPS DoH. When configured appropriately, strong enterprise DNS controls can...

RCE Vulnerability Affecting Microsoft Defender

Microsoft has released a security advisory to address a remote code execution vulnerability, CVE-2021-1647, in Microsoft Defender. A remote attacker can exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild. CISA encourages users...

Juniper Networks Releases Security Updates for Multiple Products

Juniper Networks has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to cause take control of an affected system. CISA encourages users and administrators to review the Juniper Networks security advisories...

Cisco Releases Security Updates for Multiple Products

Cisco has released security updates to address vulnerabilities in Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities see the Cisco Security Advisories page. CISA encourages user...

Attackers Exploit Poor Cyber Hygiene to Compromise Cloud Security Environments

CISA is aware of several recent successful cyberattacks against various organizations’ cloud services. Threat actors used a variety of tactics and techniques, including phishing and brute force logins, to attempt to exploit weaknesses in cloud security practices. In response, CISA has released...

Adobe Releases Security Updates for Multiple Products

Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessa...

NSA Cybersecurity Directorate Releases 2020 Year in Review

The National Security Agency NSA Cybersecurity Directorate has released its 2020 Year in Review, outlining key milestones and mission outcomes achieved during NSA Cybersecurity’s first full year of existence. Highlights include NSA Cybersecurity’s contributions to the 2020 elections, Operation Wa...

Mozilla Releases Security Update for Thunderbird

Mozilla has released a security update to address a vulnerability in Thunderbird. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review the Mozilla Security Advisory for Thunderbird 78.6.1 and apply the necessary...

Microsoft Releases January 2021 Security Updates

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s January 2021 Security Update Summary and...

SAP Releases January 2021 Security Updates

SAP has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the SAP Security Notes for January 2021 and apply the necessa...

Microsoft Releases Security Updates for Edge

Microsoft has released a security update to address multiple vulnerabilities in Edge Chromium-based. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the latest entry for Microsoft Security Advisory...

MS-ISAC Releases Cybersecurity Advisory on Zyxel Firewalls and AP Controllers

The Multi-State Information Sharing and Analysis Center MS-ISAC has released an advisory on a vulnerability in Zyxel firewalls and AP controllers. A remote attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review the MS-IS...

CISA Releases New Alert on Post-Compromise Threat Activity in Microsoft Cloud Environments and Tools to Help Detect This Activity

CISA has evidence of post-compromise advanced persistent threat APT activity in the cloud environment. Specifically, CISA has seen an APT actor using compromised applications in a victim’s Microsoft 365 M365/Azure environment and using additional credentials and Application Programming Interface...

Mozilla Releases Security Updates for Firefox, Firefox for Android, and Firefox ESR

Mozilla has released security updates to address a vulnerability in Firefox, Firefox for Android, and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review the Mozilla Security Advisory and apply the...

Google Releases Security Updates for Chrome

Google has released Chrome version 87.0.4280.141 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the Chrome Release and apply the necessary updates. This...

CISA Updates Emergency Directive 21-01 Supplemental Guidance and Activity Alert on SolarWinds Orion Compromise

CISA has released Emergency Directive ED 21-01 Supplemental Guidance version 3: Mitigate SolarWinds Orion Code Compromise, providing guidance that supersedes Required Action 4 of ED 21-01 and Supplemental Guidance versions 1 and 2. Federal agencies without evidence of adversary follow-on activity...

NSA Releases Guidance on Eliminating Obsolete TLS Protocol Configurations

The National Security Agency NSA has released a Cybersecurity Information CSI sheet on eliminating obsolete Transport Layer Security TLS configurations. The information sheet identifies strategies to detect obsolete cipher suites and key exchange mechanisms, discusses recommended TLS...

CISA Releases Free Detection Tool for Azure/M365 Environment

CISA has created a free tool for detecting unusual and potentially malicious activity that threatens users and applications in an Azure/Microsoft O365 environment. The tool is intended for use by incident responders and is narrowly focused on activity that is endemic to the recent identity- and...

CISA Releases CISA Insights and Creates Webpage on Ongoing APT Cyber Activity

CISA is tracking a known compromise involving SolarWinds Orion products that are currently being exploited by a malicious actor. An advanced persistent threat APT actor is responsible for compromising the SolarWinds Orion software supply chain, as well as widespread abuse of commonly used...

CISA Updates Alert and Releases Supplemental Guidance on Emergency Directive for SolarWinds Orion Compromise

CISA has updated AA20-352A: Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations, originally released December 17. This update states that CISA has evidence of, and is currently investigating, initial access vectors in addition to...

NSA Releases Cybersecurity Advisory on Detecting Abuse of Authentication Mechanisms

The National Security Agency NSA has released a cybersecurity advisory on detecting abuse of authentication mechanisms. This advisory describes tactics, techniques, and procedures used by malicious cyber actors to access protected data in the cloud and provides guidance on defending against and...

Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird

Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Mozilla Security Advisories for Firefox...

Apple Releases Security Updates for Multiple Products

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Apple security pages for the following products and apply the...

Active Exploitation of SolarWinds Software

The Cybersecurity and Infrastructure Security Agency CISA is aware of active exploitation of SolarWinds Orion Platform software versions 2019.4 HF 5 through 2020.2.1 HF 1, released between March 2020 and June 2020. CISA encourages affected organizations to read the SolarWinds and FireEye advisori...