Insights

CISA released eleven Industrial Control Systems (ICS) advisories on August 15, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-228-01 Siemens SCALANCE M-800, RUGGEDCOM RM1224 ICSA-24-228-02 Siemens INTRALOG WMS ICSA-24-228-03 Siemens Teamcenter Visualization and JT2Go ICSA-24-228-04 Siemens SINEC Traffic Analyzer ICSA-24-228-05 Siemens LOGO! V8.3 BM Devices ICSA-24-228-06 Siemens SINEC NMS ICSA-24-228-07 Siemens Location Intelligence ICSA-24-228-08 Siemens COMOS ICSA-24-228-09 Siemens NX ICSA-24-228-10 AVEVA Historian Web Server ICSA-24-228-11 PTC Kepware…

Ivanti released security updates to address multiple vulnerabilities in Ivanti Avalanche, Neurons for ITSM, and Virtual Traffic Manager (vTM).  A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. Ivanti advises users to reduce their attack surface and follow industry best practices by adhering to Ivanti’s network configuration guidance to restrict access to the management interface.  CISA encourages users and administrators to review the following Ivanti advisories and…

CISA released ten Industrial Control Systems (ICS) advisories on August 13, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-226-01 AVEVA SuiteLink Server ICSA-24-226-02 Rockwell Automation AADvance Standalone OPC-DA Server ICSA-24-226-03 Rockwell Automation GuardLogix/ControlLogix 5580 Controller  ICSA-24-226-04 Rockwell Automation Pavilion8 ICSA-24-226-05 Rockwell Automation DataMosaix Private Cloud ICSA-24-226-06 Rockwell Automation FactoryTalk View Site Edition ICSA-24-226-07 Rockwell Automation Micro850/870 ICSA-24-226-08 Ocean Data Systems Dream Report ICSA-24-226-09 Rockwell Automation ControlLogix, GuardLogix…

Microsoft released security updates to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following and apply necessary updates: Microsoft Security Update Guide for August

In recent incidents, CISA has seen malicious cyber actors acquire system configuration files by leveraging available protocols or software on devices, such as abusing the legacy Cisco Smart Install feature. CISA recommends organizations disable Smart Install and review NSA’s Smart Install Protocol Misuse advisory and Network Infrastructure Security Guide for configuration guidance.  CISA also continues to see weak password types used on Cisco network devices. A Cisco password type is the type of algorithm used…

Today, CISA—in partnership with the Federal Bureau of Investigation (FBI)—released an update to joint Cybersecurity Advisory #StopRansomware: Royal Ransomware, #StopRansomware: BlackSuit (Royal) Ransomware. The updated advisory provides network defenders with recent and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) associated with BlackSuit and legacy Royal activity. FBI investigations identified these TTPs and IOCs as recently as July 2024. BlackSuit ransomware attacks have spread across numerous critical infrastructure sectors including, but…