Malware

Today, CISA partnered with the Open Source Security Foundation (OpenSSF) Securing Software Repositories Working Group to publish the Principles for Package Repository Security framework. Recognizing the critical role package repositories play in securing open source software ecosystems, this framework lays out voluntary security maturity levels for package repositories. This publication supports Objective 1.2 of CISA’s Open Source Software Security Roadmap, which states the goal of “working collaboratively [with relevant working groups] to develop security principles…

Read More

VMware released a security advisory to address multiple vulnerabilities in Aria Operations for Networks. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review VMware security advisory VMSA-2024-0002 and apply the necessary updates.

Read More

Today, CISA, the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) released a joint Cybersecurity Advisory (CSA), PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure alongside supplemental Joint Guidance: Identifying and Mitigating Living off the Land Techniques. The following federal agencies and international organizations are additional co-authors on the joint advisory and guidance: U.S. Department of Energy (DOE) U.S. Environmental Protection Agency (EPA) U.S. Transportation Security Administration (TSA) Australian…

Read More

Juniper Networks released a security bulletin to address multiple vulnerabilities affecting Juniper Secure Analytics optional applications. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Juniper Security Bulletin JSA76718 and apply the necessary updates.

Read More

Moby and the Open Container Initiative (OCI) have released updates for multiple vulnerabilities (CVE-2024-23651, CVE-2024-23652, CVE-2024-23653, CVE-2024-21626) affecting Docker-related components, including Moby BuildKit and OCI runc. A cyber threat actor could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the advisories from Moby BuildKit (CVE-2024-23651, CVE-2024-23652, CVE-2024-23653) and OCI runc (CVE-2024-21626), as well as the Snyk blog post about these vulnerabilities and apply the necessary updates.

Read More

Today, CISA and the Federal Bureau of Investigation (FBI) published guidance on Security Design Improvements for SOHO Device Manufacturers as a part of the new Secure by Design (SbD) Alert series that focuses on how manufacturers should shift the burden of security away from customers by integrating security into product design and development. This third publication in CISA’s SbD Alert series examines how manufacturers can eliminate the path threat actors—particularly the People’s Republic of China…

Read More

CISA is releasing this alert to provide cyber defenders with new mitigations to defend against threat actors exploiting Ivanti Connect Secure and Policy Secure Gateways vulnerabilities in Ivanti devices (CVE-2023-46805 and CVE-2024-21887).   Threat actors are continuing to leverage vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways to capture credentials and/or drop webshells that enable further compromise of enterprise networks. Some threat actors have recently developed workarounds to current mitigations and detection methods and…

Read More

Juniper Networks released a security bulletin to address multiple vulnerabilities for J-Web in Junos OS SRX Series and EX Series. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Juniper Bulletin JSA76390 and apply the necessary updates.

Read More

Today, CISA published Guidance on Assembling a Group of Products created by the Software Bill of Materials (SBOM) Tooling & Implementation Working Group, one of the five SBOM community-driven workstreams facilitated by CISA. CISA’s community-driven working groups publish documents and reports to advance and refine SBOM and ultimately promote adoption. Specifically, software producers often need to assemble and test products together before releasing them to customers. These products may contain components that experience version changes over time,…

Read More

Cisco released a security advisory to address a vulnerability (CVE-2024-20253) affecting multiple Unified Communications Products. A cyber threat actor could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review the Cisco Unified Communications Products Remote Code Execution Vulnerability advisory and apply the necessary updates.

Read More