Malware

Fortinet has updated their security advisory addressing a critical FortiManager vulnerability (CVE-2024-47575) to include additional workarounds and indicators of compromise (IOCs). A remote, unauthenticated cyber threat actor could exploit this vulnerability to gain access to sensitive files or take control of an affected system. At this time, all patches have been released. CISA previously added this vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation, as confirmed by Fortinet. CISA strongly encourages users…

Read More

CISA, through the Joint Cyber Defense Collaborative (JCDC), enabled swift, coordinated response and information sharing in the wake of a significant IT outage caused by a CrowdStrike software update. This outage, which impacted government, critical infrastructure, and industry across the globe, led to disruptions in essential services, including air travel, healthcare, and financial operations. Leveraging its unique ability to bring together public and private sector partners, JCDC facilitated virtual engagements with over 1,000 federal agency…

Read More

Cisco released its October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication to address vulnerabilities in Cisco ASA, FMC, and FTD. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.    CISA encourages users and administrators to review the following advisory and apply the necessary updates:   Cisco Event Response: October 2024 Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication

Read More

Today, CISA—along with U.S. and international partners—released joint guidance, Safe Software Deployment: How Software Manufacturers Can Ensure Reliability for Customers. This guide aids software manufacturers in establishing secure software deployment processes to help ensure software is reliable and safe for customers. Additionally, it offers guidance on how to deploy in an efficient manner as part of the software development lifecycle (SDLC). A well-designed software deployment process can help guarantee customers receive new features, security, and reliability…

Read More

Oracle released its quarterly Critical Patch Update Advisory for October 2024 to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.  CISA encourages users and administrators to review the following Oracle Critical Patch Update Advisory and apply the necessary updates:  Oracle Critical Patch Update Advisory – October 2024

Read More

Today, CISA—with the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and international partners—released joint Cybersecurity Advisory Iranian Cyber Actors Brute Force and Credential Access Activity Compromises Critical Infrastructure. This advisory provides known indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) used by Iranian actors to impact organizations across multiple critical infrastructure sectors. Since October 2023, Iranian actors have used brute force and password spraying to compromise user accounts and obtain…

Read More

Today, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) released joint guidance on Product Security Bad Practices, a part of CISA’s Secure by Design initiative. This joint guidance supplies an overview of exceptionally risky product security bad practices for software manufacturers who produce software in support of critical infrastructure or national critical functions.  The bad practices presented in this guidance are organized into three categories: product properties, security features,…

Read More

Today, CISA published the Framing Software Component Transparency, created by the Software Bill of Materials (SBOM) Tooling & Implementation Working Group, one of the five SBOM community-driven workstreams facilitated by CISA. CISA’s community-driven working groups publish documents and reports to advance and refine SBOM and ultimately promote adoption. This resource serves as the detailed foundation of SBOM, defining SBOM concepts and related terms and offering an updated baseline of how software components are to be represented. This…

Read More

CISA has observed cyber threat actors leveraging unencrypted persistent cookies managed by the F5 BIG-IP Local Traffic Manager (LTM) module to enumerate other non-internet facing devices on the network. F5 BIG-IP is a suite of hardware and software solutions designed to manage and secure network traffic. A malicious cyber actor could leverage the information gathered from unencrypted persistence cookies to infer or identify additional network resources and potentially exploit vulnerabilities found in other devices present on the network.…

Read More

As hurricanes and other natural disasters occur, CISA urges individuals to remain on alert for potential malicious cyber activity. Fraudulent emails and social media messages—often containing malicious links or attachments—are common after major natural disasters. Exercise caution in handling emails with hurricane-related subject lines, attachments, or hyperlinks. In addition, be wary of social media pleas, texts, or door-to-door solicitations relating to severe weather events. Before responding, ensure hurricane-related guidance is from trusted sources, such as…

Read More