Attacks

CISA is aware of open-source reporting of targeted denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks against multiple organizations in multiple sectors. These attacks can cost an organization time and money and may impose reputational costs while resources and services are inaccessible. If you think you or your business is experiencing a DoS or DDoS attack, it is important to contact the appropriate technical professionals for assistance. Contact your network administrator to confirm whether the service…

Read More

The Homeland Security Systems Engineering and Development Institute, sponsored by the Department of Homeland Security and operated by MITRE, has released the 2023 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses. The CWE Top 25 is calculated by analyzing public vulnerability data in the National Vulnerability Data (NVD) for root cause mappings to CWE weaknesses for the previous two calendar years. These weaknesses lead to serious vulnerabilities in software. An attacker can often…

Read More

CISA released nine Industrial Control Systems (ICS) advisories on June 29, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.  ICSA-23-180-01 Delta Electronics InfraSuite Device Master ICSA-23-180-02 Schneider Electric EcoStruxure ICSA-23-180-03 Ovarro TBox RTUs ICSA-23-180-04 Mitsubishi Electric MELSEC-F Series ICSMA-23-180-01 Medtronic Paceart Optima System ICSA-19-120-01 Rockwell Automation CompactLogix 5370 (Update A) ICSA-20-245-01 Mitsubishi Electric Multiple Products (Update F) ICSA-22-333-05 Mitsubishi Electric FA Engineering Software (Update B) ICSA-23-171-02 Enphase Installer…

Read More

CISA has added eight new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2019-17621 D-Link DIR-859 Router Command Execution Vulnerability CVE-2019-20500 D-Link DWL-2600AP Access Point Command Injection Vulnerability CVE-2021-25487 Samsung Mobile Devices Out-of-Bounds Read Vulnerability CVE-2021-25489 Samsung Mobile Devices Improper Input Validation Vulnerability CVE-2021-25394 Samsung Mobile Devices Race Condition Vulnerability CVE-2021-25395 Samsung Mobile Devices Race Condition Vulnerability CVE-2021-25371 Samsung Mobile Devices Unspecified Vulnerability CVE-2021-25372 Samsung Mobile Devices Improper Boundary Check Vulnerability These types of vulnerabilities are frequent attack…

Read More

Today, CISA, together with the National Security Agency (NSA), released a Cybersecurity Information Sheet (CSI) to provide recommendations and best practices for organizations to strengthen the security of their CI/CD pipelines against the threat of malicious cyber actors (MCAs). Recognizing the various types of security threats that could affect CI/CD operations and taking steps to defend against each one is critical in securing a CI/CD environment. Organizations will find in this guide a list of…

Read More

CISA has released several documents as part of the Secure Cloud Business Applications (SCuBA) project: The Technical Reference Architecture (TRA) document, previously released for public comment on April 19, 2022, is the final version of a security guide that agencies can use to adopt technology for cloud deployment, adaptable solutions, secure architecture, and zero trust frameworks.  The extensible Visibility Reference Framework (eVRF) guidebook provides an overview of the eVRF framework, which enables organizations to identify visibility…

Read More

CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-32434 Apple Multiple Products Integer Overflow Vulnerability CVE-2023-32435 Apple iOS and iPadOS WebKit Memory Corruption Vulnerability CVE-2023-32439 Apple iOS, iPadOS, and macOS WebKit Type Confusion Vulnerability CVE-2023-20867 VMware Tools Authentication Bypass Vulnerability CVE-2023-27992 Mozilla Firefox, Firefox ESR, and Thunderbird Use-After-Free Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view…

Read More

VMware has released a security update to address multiple memory corruption vulnerabilities in vCenter Server and Cloud Foundation. A cyber threat actor could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory VMSA-2023-0014 and apply the necessary updates.

Read More