CISA Current Activity
CISA Adds One Known Exploited Vulnerability to Catalog
Fri, 01 Jul 2022 15:00:00 +0000
Original release date: July 1, 2022

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column, which will sort by descending dates.

Note: CISA previously added and then removed today’s addition, CVE-2022-26925, to the KEV Catalog after determining that remediations associated with this vulnerability would break certificate authentication for many federal agencies. Details:

  • CVE-2022-26925 was mitigated by Microsoft’s June 2022 Patch Tuesday update. 
  • The Microsoft update also includes remediations for CVE-2022-26923 and CVE-2022-26931, which change the way certificates are mapped to accounts in Active Directory. These changes break certificate authentication for many federal agencies.
  • For this reason, CISA has also published a Knowledge Article that provides critical steps that must be followed to prevent service outages. Agencies should review this Knowledge Article carefully before beginning the mitigation process.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise. BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.    
  
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the specified criteria.    

This product is provided subject to this Notification and this Privacy & Use policy.

#StopRansomware: MedusaLocker
Thu, 30 Jun 2022 17:00:00 +0000
Original release date: June 30, 2022

CISA, the Federal Bureau of Investigation (FBI), the Department of the Treasury (Treasury), and the Financial Crimes Enforcement Network (FinCEN) have released a joint Cybersecurity Advisory (CSA), #StopRansomware: MedusaLocker, to provide information on MedusaLocker ransomware. MedusaLocker actors target vulnerabilities in Remote Desktop Protocol (RDP) to access victims’ networks. Note: this joint #StopRansomware CSA is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors.

CISA, FBI, Treasury and FinCEN encourage network defenders to examine their current cybersecurity posture and apply the recommended mitigations in this joint CSA, which include:

  • Prioritize remediating known exploited vulnerabilities.
  • Train users to recognize and report phishing attempts.
  • Enable and enforce multifactor authentication.

See #StopRansomware: MedusaLocker to learn about MedusaLocker actors' tactics, techniques, and procedures and the recommended mitigations. Additionally, review the U.S. government resource StopRansomware.gov for more guidance on ransomware protection, detection, and response. 

This product is provided subject to this Notification and this Privacy & Use policy.

Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird
Wed, 29 Jun 2022 15:00:00 +0000
Original release date: June 29, 2022

Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system.  

CISA encourages users and administrators to review the Mozilla security advisories for Firefox 102, Firefox ESR 91.11, and Thunderbird 91.11 and 102 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA Releases Guidance on Switching to Modern Auth in Exchange Online before October 1
Tue, 28 Jun 2022 18:51:59 +0000
Original release date: June 28, 2022

 CISA has released guidance on switching from Basic Authentication (“Basic Auth”) in Microsoft Exchange Online to Modern Authentication ("Modern Auth") before Microsoft begins permanently disabling Basic Auth on October 1, 2022. Basic Auth is a legacy authentication method that does not support multifactor authentication (MFA), which is a requirement for Federal Civilian Executive Branch (FCEB) agencies per Executive Order 14028, “Improving the Nation’s Cybersecurity”. Although this guidance is tailored to FCEB agencies, CISA urges all organizations to switch to Modern Auth before October 1 and enable MFA
 
CISA recommends all organizations review Switch to Modern Authentication in Exchange Online Before Basic Authentication Deprecation and prioritize moving to Modern Auth. For more information, CISA recommends reviewing Microsoft’s Deprecation of Basic Authentication in Exchange Online documentation and the associated Exchange Team blog post, Basic Authentication Deprecation in Exchange Online.

This product is provided subject to this Notification and this Privacy & Use policy.

2022 CWE Top 25 Most Dangerous Software Weaknesses
Tue, 28 Jun 2022 14:00:00 +0000
Original release date: June 28, 2022

The Homeland Security Systems Engineering and Development Institute, sponsored by CISA and operated by MITRE, has released the 2022 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses list. The list uses data from the National Vulnerability Database to compile the most frequent and critical errors that can lead to serious vulnerabilities in software. An attacker can often exploit these vulnerabilities to take control of an affected system, obtain sensitive information, or cause a denial-of-service condition. This year’s list also incorporates updated weakness data for recent Common Vulnerabilities and Exposure records in the dataset that are part of CISA’s Known Exploited Vulnerabilities Catalog.

CISA encourages users and administrators to review the 2022 CWE Top 25 Most Dangerous Software Weaknesses and evaluate recommended mitigations to determine those most suitable to adopt.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA Adds Eight Known Exploited Vulnerabilities to Catalog  
Mon, 27 Jun 2022 15:00:00 +0000
Original release date: June 27, 2022

CISA has added eight new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column, which will sort by descending dates.     

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise. BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the specified criteria.     

This product is provided subject to this Notification and this Privacy & Use policy.

Citrix Releases Security Updates for Hypervisor
Fri, 24 Jun 2022 14:49:20 +0000
Original release date: June 24, 2022

Citrix has released security updates to address vulnerabilities that could affect Hypervisor. An attacker could exploit one of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review Citrix Security Update CTX460064 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Malicious Cyber Actors Continue to Exploit Log4Shell in VMware Horizon Systems
Thu, 23 Jun 2022 18:00:00 +0000
Original release date: June 23, 2022

 CISA and the United States Coast Guard Cyber Command (CGCYBER) have released a joint Cybersecurity Advisory (CSA) to warn network defenders that cyber threat actors, including state-sponsored advanced persistent threat (APT) actors, have continued to exploit CVE-2021-44228 (Log4Shell) in VMware Horizon® and Unified Access Gateway (UAG) servers to obtain initial access to organizations that did not apply available patches. The CSA provides information—including tactics, techniques, and procedures and indicators of compromise—derived from two related incident response engagements and malware analysis of samples discovered on the victims’ networks.

CISA and CGCYBER encourage users and administrators to update all affected VMware Horizon and UAG systems to the latest versions. If updates or workarounds were not promptly applied following VMware’s release of updates for Log4Shell, treat all affected VMware systems as compromised. See joint CSA Malicious Cyber Actors Continue to Exploit Log4Shell in VMware Horizon Systems for more information and additional recommendations.
 

This product is provided subject to this Notification and this Privacy & Use policy.

CISA Releases Cloud Security Technical Reference Architecture
Thu, 23 Jun 2022 13:00:00 +0000
Original release date: June 23, 2022

CISA has released its Cloud Security (CS) Technical Reference Architecture (TRA) to guide federal civilian departments and agencies in securely migrating to the cloud. Co-authored by CISA, the United States Digital Service, and the Federal Risk and Authorization Management Program, the CS TRA defines and clarifies considerations for shared services, cloud migration, and cloud security posture management as it fulfills a key mandate in delivering on Executive Order 14028, Improving the Nation's Cybersecurity.

CISA encourages federal program and project managers involved in cloud migration to review and implement the CS TRA

This product is provided subject to this Notification and this Privacy & Use policy.

Google Releases Security Updates for Chrome
Wed, 22 Jun 2022 15:00:00 +0000
Original release date: June 22, 2022

Google has released Chrome version 103.0.5060.53 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. 

CISA encourages users and administrators to review the Chrome Release Note and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.

Feed Fetched by RSS Dog.