CISA Current Activity
Using Aviary to Analyze Post-Compromise Threat Activity in M365 Environments
Thu, 08 Apr 2021 19:00:00 +0000
Original release date: April 8, 2021

Aviary is a new dashboard that CISA and partners developed to help visualize and analyze outputs from its Sparrow detection tool released in December 2020. Sparrow helps network defenders detect possible compromised accounts and applications in Azure/Microsoft O365 environments. CISA created Sparrow to support hunts for threat activity following the SolarWinds compromise. Aviary—a Splunk-based dashboard—facilitates analysis of Sparrow data outputs.

CISA encourages network defenders wishing to use Aviary to facilitate their analysis of output from Sparrow to review CISA Alert: AA21-008A: Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments. Note: CISA has updated the Sparrow tool section of AA21-008A with instructions on using the Aviary tool.

CISA recommends the following resources for additional information:

 

This product is provided subject to this Notification and this Privacy & Use policy.

Cisco Releases Security Updates for Multiple Products
Thu, 08 Apr 2021 14:24:58 +0000
Original release date: April 8, 2021

Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.
 
CISA encourages users and administrators to review the following Cisco Advisory and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.

Malicious Cyber Activity Targeting Critical SAP Applications
Tue, 06 Apr 2021 13:00:00 +0000
Original release date: April 6, 2021

SAP systems running outdated or misconfigured software are exposed to increased risks of malicious attacks. SAP applications help organizations manage critical business processes—such as enterprise resource planning, product lifecycle management, customer relationship management, and supply chain management.  

On April 6 2021, security researchers from Onapsis, in coordination with SAP, released an alert detailing observed threat actor activity and techniques that could lead to full control of unsecured SAP applications. Impacted organizations could experience:

  • theft of sensitive data, 
  • financial fraud, 
  • disruption of mission-critical business processes,
  • ransomware, and
  • halt of all operations. 

CISA recommends operators of SAP systems review the Onapsis Alert Active Cyberattacks on Mission-Critical SAP Applications for more information and apply necessary updates and mitigations. 

See CISA’s previous alerts on SAP:

This product is provided subject to this Notification and this Privacy & Use policy.

VMware Releases Security Update
Fri, 02 Apr 2021 15:09:21 +0000
Original release date: April 2, 2021

VMware has released a security update to address a vulnerability in VMware Carbon Black Cloud Workload appliance. A remote attacker could exploit this vulnerability to take control of an affected system.

CISA encourages users and administrators to review VMware Security Advisory VMSA-2021-005 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

FBI-CISA Joint Advisory on Exploitation of Fortinet FortiOS Vulnerabilities
Fri, 02 Apr 2021 13:35:36 +0000
Original release date: April 2, 2021

The Federal Bureau of Investigation (FBI) and CISA have released a Joint Cybersecurity Advisory (CSA) to warn users and administrators of the likelihood that advanced persistent threat (APT) actors are actively exploiting known Fortinet FortiOS vulnerabilities CVE-2018-13379, CVE-2020-12812, and CVE-2019-5591. APT actors may use these vulnerabilities or other common exploitation techniques to gain initial access to multiple government, commercial, and technology services. Gaining initial access pre-positions the APT actors to conduct future attacks.

CISA encourages users and administrators to review Joint CSA AA21-092A: APT Actors Exploit Vulnerabilities to Gain Initial Access for Future Attacks and implement the recommended mitigations.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA Releases Supplemental Direction on Emergency Directive for Microsoft Exchange Server Vulnerabilities
Wed, 31 Mar 2021 17:00:00 +0000
Original release date: March 31, 2021

CISA has issued supplemental direction to Emergency Directive (ED) 21-02: Mitigate Microsoft Exchange On-Premises Product Vulnerabilities providing additional forensic triage and server hardening, requirements for federal agencies. Specifically, this update directs federal departments and agencies to run newly developed tools —Microsoft’s Test-ProxyLogon.ps1 script and Safety Scanner MSERT—to investigate whether their Microsoft Exchange Servers have been compromised.  

Although the Emergency Directive only applies to Federal Civilian Executive Branch agencies, CISA encourages state and local governments, critical infrastructure entities, and other private sector organizations to review the supplemental direction and the following resources for additional information:

This product is provided subject to this Notification and this Privacy & Use policy.

Google Releases Security Updates for Chrome
Wed, 31 Mar 2021 14:26:45 +0000
Original release date: March 31, 2021

Google has released Chrome version 89.0.4389.114 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.
 
CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

VMware Releases Security Updates
Wed, 31 Mar 2021 14:25:09 +0000
Original release date: March 31, 2021

VMware has released security updates to address multiple vulnerabilities affecting vRealize Operations, Cloud Foundation, and vRealize Suite Lifecycle Manager. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review VMware Security Advisory VMSA-2021-004 and apply the necessary updates or workarounds.

This product is provided subject to this Notification and this Privacy & Use policy.

Citrix Releases Security Updates for Hypervisor
Wed, 31 Mar 2021 14:23:33 +0000
Original release date: March 31, 2021

Citrix has released security updates to address vulnerabilities in Hypervisor (formerly XenServer). An attacker could exploit some of these vulnerabilities to cause a denial-of-service condition.

CISA encourages users and administrators to review Citrix Security Update CTX306565 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Apple Releases Security Updates 
Fri, 26 Mar 2021 20:40:24 +0000
Original release date: March 26, 2021

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected device. 

CISA encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates. 

•    watchOS 7.3.3
•    iOS 12.5.2 
•    iOS 14.4.2 and iPadOS 14.4.2 

This product is provided subject to this Notification and this Privacy & Use policy.

Feed Fetched by RSS Dog.