Malware

DigiCert, a certificate authority (CA) organization, is revoking a subset of transport layer security (TLS) certificates due to a non-compliance issue with domain control verification (DCV). Revocation of these certificates may cause temporary disruptions to websites, services, and applications relying on these certificates for secure communication. DigiCert has notified affected customers and provided instructions on how to replace non-compliant certificates. CISA urges DigiCert customers to check their DigiCert account to view any non-compliant certificates and…

Read More

Today, CISA—in partnership with the Federal Bureau of Investigation (FBI)—released a joint Cybersecurity Advisory, North Korea State-Sponsored Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs. The advisory was coauthored with the following organizations: U.S. Cyber National Mission Force (CNMF); U.S. Department of Defense Cyber Crime Center (DC3); U.S. National Security Agency (NSA); Republic of Korea’s National Intelligence Service (NIS); Republic of Korea’s National Police Agency (NPA); and United Kingdom’s National Cyber…

Read More

Note: CISA will update this Alert with more information as it becomes available. Update 7:30 p.m., EDT, July 19, 2024:  The CrowdStrike guidance is updated with additional guidance regarding impacts to specific environments, e.g., Azure, AWS.  For additional information: Update from the United Kingdom’s National Cyber Security Centre (NCSC-UK) Update from the Australian Cyber Security Centre (ACSC) Update from the Canadian Centre for Cyber Security (CCCS) Threat actors continue to use the widespread IT outage for phishing…

Read More

Ivanti released security updates to address vulnerabilities in Ivanti Endpoint Manager (EPM) and Ivanti Endpoint Manager for Mobile (EPMM). A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.  CISA encourages users and administrators to review the following Ivanti advisories and apply the necessary updates: Security Advisory EPM Security Advisory Ivanti Endpoint Manager for Mobile (EPMM)

Read More

Oracle released its quarterly Critical Patch Update Advisory for July 2024 to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.  CISA encourages users and administrators to review the following Oracle Critical Patch Update Advisory and apply the necessary updates:  July 2024 Critical Patch Update Advisory

Read More

On July 12, AT&T released a public statement on unauthorized access of customer data from a third-party cloud platform. AT&T also provided recommendations and resources for affected customers.     CISA encourages customers to review the following AT&T article for additional information and follow necessary guidance to help protect personal information.    AT&T: Unlawful access of customer data

Read More

Today, CISA released CISA Red Team’s Operations Against a Federal Civilian Executive Branch Organization Highlights the Necessity of Defense-in-Depth in coordination with the assessed organization. This Cybersecurity Advisory (CSA) details key findings and lessons learned from a 2023 assessment, along with the red team’s tactics, techniques, and procedures (TTPs) and associated network defense activity. The CSA also provides recommendations to assist executives, leaders, and network defenders in all organizations with refining their cybersecurity, detection, response,…

Read More

CISA released twenty-one Industrial Control Systems (ICS) advisories on July 11, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-193-01 Siemens Remote Connect Server ICSA-24-193-02 Siemens RUGGEDCOM APE 1808 ICSA-24-193-03 Siemens Teamcenter Visualization and JT2Go ICSA-24-193-04 Siemens Simcenter Femap ICSA-24-193-05 Siemens SCALANCE, RUGGEDCOM, SIPLUS, and SINEC ICSA-24-193-06 Siemens RUGGEDCOM ICSA-24-193-07 Siemens SIMATIC and SIMIT ICSA-24-193-08 Siemens Mendix Encryption Module ICSA-24-193-09 Siemens SINEMA Remote Connect Server ICSA-24-193-10 Siemens JT…

Read More

Today, CISA and FBI are releasing their newest Secure by Design Alert in the series, Eliminating OS Command Injection Vulnerabilities, in response to recent well-publicized threat actor campaigns that exploited OS command injection defects in network edge devices (CVE-2024-20399, CVE-2024-3400, CVE-2024-21887) to target and compromise users. These vulnerabilities allowed unauthenticated malicious actors to remotely execute code on network edge devices. OS command injection vulnerabilities have long been preventable by clearly separating user input from the contents of a…

Read More

Microsoft released security updates to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.   CISA encourages users and administrators to review the following and apply necessary updates:     Microsoft Security Update Guide for July

Read More