Attacks

The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) have released a joint Cybersecurity Advisory (CSA), Enhanced Monitoring to Detect APT Activity Targeting Outlook Online, to provide guidance to agencies and critical infrastructure organizations on enhancing monitoring in Microsoft Exchange Online environments.  In June 2023, a Federal Civilian Executive Branch (FCEB) agency observed unexpected events in Microsoft 365 (M365) audit logs. After reporting the incident to Microsoft, network defenders deemed the…

Read More

Mozilla has released a security update to address a vulnerability in Firefox and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review Mozilla Security Advisory MFSA 2023-26 and apply the necessary update.

Read More

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s July 2023 Security Update Guide and Deployment Information and apply the necessary updates.

Read More

Adobe has released security updates to address vulnerabilities affecting ColdFusion and InDesign. An attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Adobe security releases APSB23-38 and APSB23-40 and apply the necessary updates.

Read More

CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-32046 Microsoft Windows MSHTML Platform Privilege Escalation Vulnerability CVE-2023-32049 Microsoft Windows Defender SmartScreen Security Feature Bypass Vulnerability CVE-2023-35311 Microsoft Outlook Security Feature Bypass Vulnerability CVE-2023-36874 Microsoft Windows Error Reporting Service Privilege Escalation Vulnerability CVE-2022-31199 Netwrix Auditor Insecure Object Deserialization Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To…

Read More

Fortinet has released a security update to address a critical vulnerability (CVE-2023-33308) affecting FortiOS and FortiProxy. A remote attacker can exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review the Fortinet security release FG-IR-23-183 and apply the necessary updates.

Read More

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2021-29256 Arm Mali GPU Kernel Driver Use-After-Free Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view other newly added vulnerabilities in the catalog, click on the arrow in the “Date Added to Catalog” column—which will sort by descending dates. Binding Operational Directive (BOD)…

Read More

Progress Software has released a Service Pack to address three newly disclosed vulnerabilities (CVE-2023-36934, CVE-2023-36932, CVE-2023-36933) in MOVEit Transfer. A cyber threat actor could exploit some of these vulnerabilities to obtain sensitive information.  CISA encourages users to review Progress Software’s MOVEit Transfer article and apply product updates as applicable for security improvements.

Read More

Today, the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigations (FBI), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Canadian Centre for Cyber Security (CCCS) released a joint Cybersecurity Advisory (CSA), Increased Truebot Activity Infects U.S. and Canada Based Networks, to help organizations detect and protect against newly identified Truebot malware variants. Based on confirmation from open-source reporting and analytical findings of Truebot variants, the four organizations assess cyber threat actors…

Read More

Mozilla has released security advisories to address vulnerabilities in Thunderbird, Firefox, and Firefox ESR. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.  CISA encourages users and administrators to review the following advisories and apply the necessary updates: Security Vulnerabilities fixed in Firefox 115 Mozilla Foundation Security Advisory 2023-24 Security Vulnerabilities fixed in Firefox ESR 102.13 Mozilla Foundation Security Advisory 2023-23 Security Vulnerabilities fixed in Thunderbird 102.13…

Read More