US CERT: Current Activity

Subscribe to US CERT: Current Activity hírcsatorna
A regularly updated summary of the most frequent, high-impact security incidents currently being reported to the US-CERT.
Frissítve: 1 óra 45 perc
2021. szeptember 24.

VMware vCenter Server Vulnerability CVE-2021-22005 Under Active Exploit

Original release date: September 24, 2021

On September 21, 2021, VMware disclosed that its vCenter Server is affected by an arbitrary file upload vulnerability—CVE-2021-22005—in the Analytics service. A malicious cyber actor with network access to port 443 can exploit this vulnerability to execute code on vCenter Server.

On September 24, 2021, VMware confirmed reports that CVE-2021-22005 is being exploited in the wild. Security researchers are also reporting mass scanning for vulnerable vCenter Servers and publicly available exploit code. Due to the availability of exploit code, CISA expects widespread exploitation of this vulnerability.

To mitigate CVE-2021-22005, CISA strongly urges critical infrastructure entities and other organizations with affected vCenter Server versions to take the following actions.

This product is provided subject to this Notification and this Privacy & Use policy.

2021. szeptember 24.

Google Releases Security Updates for Chrome

Original release date: September 24, 2021

Google has released Chrome version 94.0.4606.61 for Windows, Mac, and Linux. This version addresses a vulnerability—CVE-2021-37973—that an attacker could exploit to take control of an affected system. An exploit for this vulnerability exists in the wild.

CISA encourages users and administrators to review the Chrome Release Note and apply the necessary update as soon as possible.

This product is provided subject to this Notification and this Privacy & Use policy.

2021. szeptember 24.

Apple Releases Security Updates

Original release date: September 23, 2021

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit these vulnerabilities to take control of an affected system. These vulnerabilities have been detected in exploits in the wild.

CISA encourages users and administrators to review the Apple security page for iOS 12.5.5 and Security Update 2021-006 Catalina and apply the necessary updates as soon as possible.

This product is provided subject to this Notification and this Privacy & Use policy.

2021. szeptember 23.

Cisco Releases Security Updates for Multiple Products

Original release date: September 23, 2021

Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the Cisco Security Advisories page and apply the necessary updates.                                                                                

This product is provided subject to this Notification and this Privacy & Use policy.

2021. szeptember 23.

CISA Releases Guidance: IPv6 Considerations for TIC 3.0

Original release date: September 23, 2021

The federal government has prioritized the transition of federal networks to Internet Protocol version 6 (IPv6) since the release of Office of Management and Budget (OMB) Memorandum 05-22 in 2005. In 2020, OMB renewed its focus on IPv6 through the publication of OMB Memorandum 21-07. That memorandum specifically entrusts CISA with enhancing the Trusted Internet Connections (TIC) program to fully support the implementation of IPv6 in federal IT systems. 

In accordance with this OMB mandate, CISA has issued IPv6 Considerations for TIC 3.0 to provide federal agencies with guidance to help them use IPv6 to secure their networks by:

  • Providing IPv6 protocol information to enable a general understanding,
  • Informing agencies of their responsibilities concerning OMB M-21-07,
  • Aligning TIC 3.0 security objectives and security capabilities with IPv6, and
  • Offering awareness and guidance regarding IPv6 security considerations.

CISA encourages IT decision-makers and administrators in all federal government agencies and organizations to review IPv6 Considerations for TIC 3.0 to facilitate advancing IPv6 networks and ensuring future growth and innovation in internet services and technology.

This product is provided subject to this Notification and this Privacy & Use policy.

2021. szeptember 22.

CISA, FBI, and NSA Release Joint Cybersecurity Advisory on Conti Ransomware 

Original release date: September 22, 2021

CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have released a joint Cybersecurity Advisory (CSA) alerting organizations of increased Conti ransomware attacks. Malicious cyber actors use Conti ransomware to steal sensitive files from domestic and international organizations, encrypt the targeted organizations’ servers and workstations, and demand a ransom payment from the victims.

CISA, FBI, and NSA encourage network defenders to examine their current cybersecurity posture and apply the recommended mitigations in the joint CSA, which include:  

  • Updating your operating system and software, 
  • Requiring multi-factor authentication, and  
  • Implementing network segmentation.

Additionally, review the U.S. government resource StopRansomware.gov for more guidance on ransomware protection, detection, and response.

This product is provided subject to this Notification and this Privacy & Use policy.

2021. szeptember 22.

Google Releases Security Updates for Chrome

Original release date: September 22, 2021

Google has released Chrome version 94.0.4606.54  for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates.                                                                              

This product is provided subject to this Notification and this Privacy & Use policy.

2021. szeptember 21.

NETGEAR Releases Security Updates for RCE Vulnerability

Original release date: September 21, 2021

NETGEAR has released security updates to address a remote code execution vulnerability—CVE-2021-40847—in multiple NETGEAR routers. A remote attacker could exploit this vulnerability to take control of an affected system.

CISA encourages users and administrators to review NETGEAR’s Security Advisory and update to the latest firmware. Given the increase in telework, CISA recommends that CISOs consider the risk that these vulnerabilities present to business networks. Review CISA’s Tip on Home Network Security for more information.

This product is provided subject to this Notification and this Privacy & Use policy.

2021. szeptember 21.

VMware Releases Security Updates

Original release date: September 21, 2021

VMware has released security updates to address multiple vulnerabilities in vCenter Server and Cloud Foundation. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review VMware Security Advisory VMSA-2021-0020 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

2021. szeptember 21.

Apple Releases Security Updates for Multiple Products

Original release date: September 21, 2021

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.

2021. szeptember 16.

ACSC Releases Annual Cyber Threat Report

Original release date: September 16, 2021

The Australian Cyber Security Centre (ACSC) has released its annual report on key cyber security threats and trends for the 2020–21 financial year.  
 
The report lists the exploitation of the pandemic environment, the disruption of essential services and critical infrastructure, ransomware, the rapid exploitation of security vulnerabilities, and the compromise of business email  as last year’s most significant threats.   
 
CISA encourages users and administrators to review ACSC’s Annual Cyber Threat Report July 2020 to June 2021 and CISA’s Stop Ransomware webpage for more information. 

This product is provided subject to this Notification and this Privacy & Use policy.

2021. szeptember 16.

FBI-CISA-CGCYBER Advisory on APT Exploitation of ManageEngine ADSelfService Plus Vulnerability

Original release date: September 16, 2021

The Federal Bureau of Investigation (FBI), CISA, and Coast Guard Cyber Command (CGCYBER) have released a Joint Cybersecurity Advisory (CSA) detailing the active exploitation of an authentication bypass vulnerability (CVE-2021-40539) in Zoho ManageEngine ADSelfService Plus—a self-service password management and single sign-on solution. The FBI, CISA, and CGCYBER assess that advanced persistent threat (APT) cyber actors are likely among those exploiting the vulnerability. The exploitation of this vulnerability poses a serious risk to critical infrastructure companies, U.S.-cleared defense contractors, academic institutions, and other entities that use the software.

CISA strongly encourages users and administrators to review Joint FBI-CISA-CGCYBER CSA: APT Actors Exploiting Newly Identified Vulnerability in ManageEngine ADSelfService Plus and immediately implement the recommended mitigations, which include updating to ManageEngine ADSelfService Plus build 6114.

This product is provided subject to this Notification and this Privacy & Use policy.

2021. szeptember 16.

Microsoft Releases Security Update for Azure Linux Open Management Infrastructure

Original release date: September 16, 2021

Microsoft has released an update to address a remote code execution vulnerability in Azure Linux Open Management Infrastructure (OMI). An attacker could use this vulnerability to take control of an affected system.

CISA encourages users and administrators to review the Microsoft Security Advisory to apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.

2021. szeptember 16.

Drupal Releases Multiple Security Updates

Original release date: September 16, 2021

Drupal has released security updates to address multiple vulnerabilities affecting Drupal 8.9, 9.1, and 9.2. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the following Drupal security advisories and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

2021. szeptember 14.

Adobe Releases Security Updates for Multiple Products

Original release date: September 14, 2021

Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review Adobe’s Security Bulletins and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

2021. szeptember 14.

Citrix Releases Security Update for ShareFile Storage Zones Controller

Original release date: September 14, 2021

Citrix has released a security update to address a vulnerability affecting Citrix ShareFile storage zones controller. A remote attacker can exploit this vulnerability to take control of an affected system.

CISA recommends users and administrators review Citrix Security Bulletin CTX328123 and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.

2021. szeptember 14.

SAP Releases September 2021 Security Updates 

Original release date: September 14, 2021

SAP has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the SAP Security Notes for September 2021 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

2021. szeptember 14.

Microsoft Releases September 2021 Security Updates

Original release date: September 14, 2021

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker can exploit some of these vulnerabilities to take control of an affected system.  

CISA encourages users and administrators to review Microsoft’s September 2021 Security Update Summary and Deployment Information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

2021. szeptember 14.

Google Releases Security Updates for Chrome

Original release date: September 14, 2021

Google has released Chrome version 93.0.4577.82 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

2021. szeptember 14.

CERT NZ Releases Ransomware Protection Guide for Businesses

Original release date: September 14, 2021

The New Zealand Computer Emergency Response Team (CERT NZ) has released a guide on ransomware protection for businesses. The guide includes a pair of helpful diagrams that outline different ransomware attack pathways and illustrate where relevant security controls can work to protect or stop an attack.  

CISA encourages users, administrators, and business leaders to review the CERT NZ guide, Protecting from ransomware, for more information as well as recommended prevention and mitigation measures.  

For additional resources related to the prevention and mitigation of ransomware, see https://www.stopransomware.gov as well as the CISA-MS-ISAC Joint Ransomware Guide.

Stopransomware.gov is the U.S. Government’s official one-stop location for resources to tackle ransomware more effectively.

This product is provided subject to this Notification and this Privacy & Use policy.