US CERT: Current Activity

Subscribe to US CERT: Current Activity hírcsatorna
A regularly updated summary of the most frequent, high-impact security incidents currently being reported to the US-CERT.
Frissítve: 1 óra 18 perc
2022. január 21.

McAfee Releases Security Update for McAfee Agent for Windows 

Original release date: January 21, 2022

McAfee has released McAfee Agent for Windows version 5.7.5, which addresses vulnerabilities CVE-2021-31854 and CVE-2022-0166. An attacker could exploit these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review McAfee Security Bulletin SB10378 and apply the necessary update. CISA also encourages users and administrators to review the CERT Coordination Center Vulnerability Note VU#287178 for more information.

This product is provided subject to this Notification and this Privacy & Use policy.

2022. január 21.

CISA Adds Four Known Exploited Vulnerabilities to Catalog

Original release date: January 21, 2022

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise.

CVE Number CVE Title Required Action Due Date CVE-2006-1547 Apache Struts 1 ActionForm Denial of Service Vulnerability 07/21/2022 CVE-2012-0391 Apache Struts 2 Improper Input Validation Vulnerability 07/21/2022 CVE-2018-8453 Microsoft Windows Win32k Privilege Escalation Vulnerability 07/21/2022 CVE-2021-35247 SolarWinds Serv-U Improper Input Validation Vulnerability 02/04/2022

 

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise. BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the meet the specified criteria.

This product is provided subject to this Notification and this Privacy & Use policy.

2022. január 20.

F5 Releases January 2022 Quarterly Security Notification

Original release date: January 20, 2022

F5 has released its January 2022 Quarterly Security Notification addressing vulnerabilities affecting multiple versions of BIG-IP, BIG-IQ, and NGINX Controller API Management. A remote attacker could exploit these vulnerabilities to either deny service to, or take control of, an affected system.

CISA encourages users and administrators to review the F5 security advisory and install updated software or apply the necessary mitigations as soon as possible.

This product is provided subject to this Notification and this Privacy & Use policy.

2022. január 20.

Drupal Releases Security Updates

Original release date: January 20, 2022

Drupal has released security updates to address vulnerabilities affecting Drupal 7, 9.2, and 9.3. An attacker could exploit these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the following Drupal security advisories and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

2022. január 20.

Google Releases Security Updates for Chrome

Original release date: January 20, 2022

Google has released Chrome version 97.0.4692.99 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

CISA encourages users and administrators to review the Chrome Release Note and apply the necessary update as soon as possible.

This product is provided subject to this Notification and this Privacy & Use policy.

2022. január 20.

Cisco Releases Security Updates for Multiple Products

Original release date: January 20, 2022

Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

CISA encourages users and administrators to review the following Cisco advisories and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.

2022. január 20.

CISA Releases Final Version of Guidance: IPv6 Considerations for TIC 3.0

Original release date: January 20, 2022

CISA has released the final version of Internet Protocol version 6 (IPv6) Considerations for Trusted Internet Connections (TIC) 3.0. This guidance supports the federal government-wide deployment and use of the modernized network protocol. The final version includes feedback provided during the public comment period that ended in October 2021. See the fact sheet Response to Comments on Guidance: IPv6 Considerations for TIC 3.0 for a comprehensive analysis of comments received. This release is in accordance with Office of Management and Budget (OMB) Memorandum 21-07, which entrusts CISA with enhancing the TIC program to support IPv6 implementation in federal IT systems.

CISA encourages IT decision-makers and administrators in all federal government agencies and organizations to review the Internet Protocol version 6 (IPv6) Considerations for Trusted Internet Connections (TIC) 3.0 for guidance in facilitating IPv6 implementation in federal IT systems.

This product is provided subject to this Notification and this Privacy & Use policy.

2022. január 19.

Zoho Releases Security Advisory for ManageEngine Desktop Central and Desktop Central MSP

Original release date: January 19, 2022

Zoho has released a security advisory to address an authentication bypass vulnerability (CVE-2021-44757) in ManageEngine Desktop Central and Desktop Central MSP. An attacker could exploit this vulnerability to take control of an affected system.

CISA encourages users and administrators to review the Zoho Vulnerability Notification and the Zoho ManageEngine Desktop Central and ManageEngine Desktop Central MSP security advisories and apply the recommended mitigations immediately.

This product is provided subject to this Notification and this Privacy & Use policy.

2022. január 18.

CISA Adds 13 Known Exploited Vulnerabilities to Catalog

Original release date: January 18, 2022

CISA has added 13 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise.

CVE Number CVE Title Required Action Due Date CVE-2021-32648 October CMS Improper Authentication 2/1/2022 CVE-2021-21315 System Information Library for node.js Command Injection Vulnerability 2/1/2022 CVE-2021-21975 Server Side Request Forgery in vRealize Operations Manager API Vulnerability 2/1/2022 CVE-2021-22991 BIG-IP Traffic Microkernel Buffer Overflow Vulnerability 2/1/2022 CVE-2021-25296 Nagios XI OS Command Injection Vulnerability 2/1/2022 CVE-2021-25297 Nagios XI OS Command Injection Vulnerability 2/1/2022 CVE-2021-25298 Nagios XI OS Command Injection Vulnerability 2/1/2022 CVE-2021-33766 Microsoft Exchange Server Information Disclosure Vulnerability 2/1/2022 CVE-2021-40870 Aviatrix Controller Unrestricted Upload of File Vulnerability 2/1/2022 CVE-2020-11978 Apache Airflow Command Injection Vulnerability 7/18/2022 CVE-2020-13671 Drupal Core Unrestricted Upload of File Vulnerability 7/18/2022 CVE-2020-13927 Apache Airflow Experimental API Authentication Bypass Vulnerability 7/18/2022 CVE-2020-14864 Oracle Corporate Business Intelligence Enterprise Edition Path Traversal Vulnerability 7/18/2022

 

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise. BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the meet the specified criteria.

This product is provided subject to this Notification and this Privacy & Use policy.

2022. január 18.

Oracle Releases January 2022 Critical Patch Update

Original release date: January 18, 2022

Oracle has released its Critical Patch Update for January 2022 to address 497 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the Oracle January 2022 Critical Patch Update and apply the necessary updates. 

This product is provided subject to this Notification and this Privacy & Use policy.

2022. január 18.

CISA Urges Organizations to Implement Immediate Cybersecurity Measures to Protect Against Potential Threats

Original release date: January 18, 2022

In response to recent malicious cyber incidents in Ukraine—including the defacement of government websites and the presence of potentially destructive malware on Ukrainian systems—CISA has published CISA Insights: Implement Cybersecurity Measures Now to Protect Against Potential Critical Threats. The CISA Insights strongly urges leaders and network defenders to be on alert for malicious cyber activity and provides a checklist of concrete actions that every organization—regardless of sector or size—can take immediately to: 

  • Reduce the likelihood of a damaging cyber intrusion, 
  • Detect a potential intrusion, 
  • Ensure the organization is prepared to respond if an intrusion occurs, and 
  • Maximize the organization’s resilience to a destructive cyber incident.

CISA urges senior leaders and network defenders to review the CISA Insights and implement the cybersecurity measures on the checklist.

This product is provided subject to this Notification and this Privacy & Use policy.

2022. január 16.

Microsoft Warns of Destructive Malware Targeting Ukrainian Organizations

Original release date: January 16, 2022

Microsoft has released a blog post on possible Master Boot Record (MBR) Wiper activity targeting Ukrainian organizations, including Ukrainian government agencies. According to Microsoft, powering down the victim device executes the malware, which overwrites the MBR with a ransom note; however, the ransom note is a ruse because the malware actually destroys the MBR and the targeted files.
 
CISA recommends network defenders review the Microsoft blog for tactics, techniques, and procedures, as well as indicators of compromise related to this activity. CISA additionally recommends network defenders review recent Cybersecurity Advisories and the CISA Insights, Preparing For and Mitigating Potential Cyber Threats.

 

 

This product is provided subject to this Notification and this Privacy & Use policy.

2022. január 14.

Ivanti Updates Log4j Advisory with Security Updates for Multiple Products  

Original release date: January 14, 2022

Ivanti has updated its Log4j Advisory with security updates for multiple products to address CVE-2021-44228. An unauthenticated attacker could exploit this vulnerability to take control of an affected system.

CISA encourages users and administrators to review the Ivanti security advisories pages for Avalanche; File Director; and MobileIron Core, MobileIron Sentry (Core/Cloud), and MobileIron Core Connector and apply the necessary updates and workarounds.

This product is provided subject to this Notification and this Privacy & Use policy.

2022. január 13.

Juniper Networks Releases Security Updates for Multiple Products

Original release date: January 13, 2022

Juniper Networks has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the Juniper Networks security advisories page and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

2022. január 13.

Citrix Releases Security Updates for Hypervisor 

Original release date: January 13, 2022

Citrix has released security updates to address vulnerabilities in Hypervisor. An attacker could exploit these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review Citrix Security Update CTX335432 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

2022. január 13.

Apple Releases Security Updates for iOS and iPadOS

Original release date: January 13, 2022

Apple has released security updates to address a vulnerability affecting iOS 15.2.1 and iPadOS 15.2.1. An attacker could exploit this vulnerability to cause a denial-of-service condition. 

CISA encourages users and administrators to review the Apple security page for iOS 15.2.1 and iPadOS 15.2.1 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

2022. január 13.

Cisco Releases Security Updates for Multiple Products

Original release date: January 13, 2022

Cisco has released security updates to address a vulnerability affecting Cisco Unified Contact Center Management Portal (Unified CCMP) and Cisco Unified Contact Center Domain Manager (Unified CCDM). A remote attacker could exploit this vulnerability to take control of an affected system. 

CISCA encourages users and administrators to review Cisco Security Advisory cisco-sa-ccmp-priv-esc-JzhTFLm4 and apply the necessary updates.
 

This product is provided subject to this Notification and this Privacy & Use policy.

2022. január 12.

CNMF Identifies and Discloses Malware used by Iranian APT MuddyWater

Original release date: January 12, 2022

U.S. Cyber Command’s Cyber National Mission Force (CNMF) has identified multiple open-source tools used by an Iranian advanced persistent threat (APT) group known as MuddyWater. According to CNMF, “MuddyWater has been seen using a variety of techniques to maintain access to victim networks. These include side-loading DLLs in order to trick legitimate programs into running malware and obfuscating PowerShell scripts to hide command and control functions.” U.S. Cyber Command has released malware samples attributed to MuddyWater to the malware aggregation tool and repository, VirusTotal.

CISA encourages users and administrators to review U.S. Cyber Command’s press release, Iranian intel cyber suite of malware uses open source tools, as well as their VirusTotal page for more information.

This product is provided subject to this Notification and this Privacy & Use policy.

2022. január 12.

Adobe Releases Security Updates for Multiple Products

Original release date: January 11, 2022

Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates.

Acrobat and Reader APSB22-01
Illustrator APSB22-02
Bridge APSB22-03
InCopy APSB22-04
InDesign APSB22-05

This product is provided subject to this Notification and this Privacy & Use policy.

2022. január 11.

Citrix Releases Security Update for Workspace App for Linux

Original release date: January 11, 2022

Citrix has released a security update to address a vulnerability in Workspace App for Linux. An attacker could exploit this vulnerability to take control of an affected system.

CISA encourages users and administrators to review Citrix Security Update CTX338435 and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.