Attacks

CISA released ten Industrial Control Systems (ICS) advisories on August 13, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-226-01 AVEVA SuiteLink Server ICSA-24-226-02 Rockwell Automation AADvance Standalone OPC-DA Server ICSA-24-226-03 Rockwell Automation GuardLogix/ControlLogix 5580 Controller  ICSA-24-226-04 Rockwell Automation Pavilion8 ICSA-24-226-05 Rockwell Automation DataMosaix Private Cloud ICSA-24-226-06 Rockwell Automation FactoryTalk View Site Edition ICSA-24-226-07 Rockwell Automation Micro850/870 ICSA-24-226-08 Ocean Data Systems Dream Report ICSA-24-226-09 Rockwell Automation ControlLogix, GuardLogix…

Read More

Microsoft released security updates to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following and apply necessary updates: Microsoft Security Update Guide for August

Read More

In recent incidents, CISA has seen malicious cyber actors acquire system configuration files by leveraging available protocols or software on devices, such as abusing the legacy Cisco Smart Install feature. CISA recommends organizations disable Smart Install and review NSA’s Smart Install Protocol Misuse advisory and Network Infrastructure Security Guide for configuration guidance.  CISA also continues to see weak password types used on Cisco network devices. A Cisco password type is the type of algorithm used…

Read More

Today, CISA—in partnership with the Federal Bureau of Investigation (FBI)—released an update to joint Cybersecurity Advisory #StopRansomware: Royal Ransomware, #StopRansomware: BlackSuit (Royal) Ransomware. The updated advisory provides network defenders with recent and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) associated with BlackSuit and legacy Royal activity. FBI investigations identified these TTPs and IOCs as recently as July 2024. BlackSuit ransomware attacks have spread across numerous critical infrastructure sectors including, but…

Read More

Today, CISA and the Federal Bureau of Investigation (FBI) have released Secure by Demand Guide: How Software Customers Can Drive a Secure Technology Ecosystem to help organizations drive a secure technology ecosystem by ensuring their software manufacturers prioritize secure technology from the start. An organization’s acquisition staff often has a general understanding of the core cybersecurity requirements for a particular technology acquisition. However, they frequently don’t assess whether a given supplier has practices and policies…

Read More

DigiCert, a certificate authority (CA) organization, is revoking a subset of transport layer security (TLS) certificates due to a non-compliance issue with domain control verification (DCV). Revocation of these certificates may cause temporary disruptions to websites, services, and applications relying on these certificates for secure communication. DigiCert has notified affected customers and provided instructions on how to replace non-compliant certificates. CISA urges DigiCert customers to check their DigiCert account to view any non-compliant certificates and…

Read More

Today, CISA—in partnership with the Federal Bureau of Investigation (FBI)—released a joint Cybersecurity Advisory, North Korea State-Sponsored Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs. The advisory was coauthored with the following organizations: U.S. Cyber National Mission Force (CNMF); U.S. Department of Defense Cyber Crime Center (DC3); U.S. National Security Agency (NSA); Republic of Korea’s National Intelligence Service (NIS); Republic of Korea’s National Police Agency (NPA); and United Kingdom’s National Cyber…

Read More

Note: CISA will update this Alert with more information as it becomes available. Update 7:30 p.m., EDT, July 19, 2024:  The CrowdStrike guidance is updated with additional guidance regarding impacts to specific environments, e.g., Azure, AWS.  For additional information: Update from the United Kingdom’s National Cyber Security Centre (NCSC-UK) Update from the Australian Cyber Security Centre (ACSC) Update from the Canadian Centre for Cyber Security (CCCS) Threat actors continue to use the widespread IT outage for phishing…

Read More

Ivanti released security updates to address vulnerabilities in Ivanti Endpoint Manager (EPM) and Ivanti Endpoint Manager for Mobile (EPMM). A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.  CISA encourages users and administrators to review the following Ivanti advisories and apply the necessary updates: Security Advisory EPM Security Advisory Ivanti Endpoint Manager for Mobile (EPMM)

Read More

Oracle released its quarterly Critical Patch Update Advisory for July 2024 to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.  CISA encourages users and administrators to review the following Oracle Critical Patch Update Advisory and apply the necessary updates:  July 2024 Critical Patch Update Advisory

Read More