Malware

Cisco released a security advisory to address a vulnerability (CVE-2024-20272) in Cisco Unity Connection. A cyber threat actor could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review the Cisco Unity Connection Unauthenticated Arbitrary File Upload Vulnerability advisory and apply the necessary updates.

Read More

Ivanti has released a security update to address an authentication bypass vulnerability (CVE-2023-46805) and a command injection vulnerability (CVE-2024-21887) in all supported versions (9.x and 22.x) of Connect Secure and Policy Secure gateways. A cyber threat actor could exploit these vulnerabilities to take control of an affected system.   Ivanti reports active exploitation of both CVE-2023-46805 and CVE-2024-21887.   CISA urges users and administrators to immediately apply the current workaround in Ivanti’s security update and…

Read More

CISA has published the finalized Microsoft 365 Secure Configuration Baselines, designed to bolster the security and resilience of organizations’ Microsoft 365 (M365) cloud services. This guidance release is accompanied by the updated SCuBAGear tool that assesses organizations’ M365 cloud services per CISA’s recommended baselines. Today’s release incorporates stakeholder input from last year’s public comment period and pilot effort with federal agencies. Changes to the draft Microsoft 365 Secure Configuration Baselines were integrated with the SCuBAGear…

Read More

Today, CISA and the Federal Bureau of Investigation (FBI) released a joint Cybersecurity Advisory (CSA), #StopRansomware: ALPHV Blackcat, to disseminate known ALPHV Blackcat affiliates’ tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) identified through FBI investigations as recently as Dec. 6, 2023. The advisory also provides updates to the FBI FLASH BlackCat/ALPHV Ransomware Indicators of Compromise released April 19, 2022. ALPHV Blackcat affiliates have extensive networks and experience with ransomware and data extortion operations.…

Read More

Today, the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) released a joint Cybersecurity Advisory (CSA), #StopRansomware: Play Ransomware, to disseminate Play ransomware group’s tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) identified through FBI investigations as recently as October 2023. Play ransomware actors employ a double-extortion model, encrypting systems after exfiltrating data and have impacted a wide range…

Read More

Today, CISA released a Cybersecurity Advisory, Enhancing Cyber Resilience: Insights from the CISA Healthcare and Public Health Sector Risk and Vulnerability Assessment, that details findings from our risk and vulnerability assessments of a Health and Public Health (HPH) Sector organization. CISA encourages all critical infrastructure organizations as well as software manufacturers to review the advisory and apply recommendations. The recommendations detail how organizations can harden networks to improve cyber resilience and reduce the likelihood of domain…

Read More

Today, CISA published guidance on How Manufacturers Can Protect Customers by Eliminating Default Passwords as a part of our new Secure by Design (SbD) Alert series. This SbD Alert urges technology manufacturers to proactively eliminate the risk of default password exploitation by implementing principles one and three of the joint guidance, Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Secure by Design Software: Take ownership of customer security outcomes. Build organizational structure and…

Read More

FortiGuard has released security updates to address vulnerabilities in multiple FortiGuard products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories and apply necessary updates: FG-IR-23-196: Double free in cache management FG-IR-22-038: FortiMail, FortiNDR, FortiRecorder, FortiSwitch, FortiVoice – Cross-site scripting forgery (CSRF) in HTTPd CLI console FG-IR-23-138: FortiOS, FortiProxy – Format String Bug in HTTPSd

Read More

CISA released seventeen Industrial Control Systems (ICS) advisories on December 14, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-348-01 Cambium ePMP 5GHz Force 300-25 Radio  ICSA-23-348-02 Johnson Controls Kantech Gen1 ioSmart ICSA-23-348-03 Siemens User Management Component (UMC) ICSA-23-348-04 Siemens LOGO! and SIPLUS LOGO! ICSA-23-348-05 Siemens SIMATIC and SIPLUS Products ICSA-23-348-06 Siemens OPC UA Implementation in SINUMERIK ONE and SINUMERIK MC ICSA-23-348-07 Siemens SIMATIC STEP 7 (TIA Portal)…

Read More

Today, CISA—along with the U.S. Federal Bureau of Investigation (FBI), National Security Agency (NSA), Polish Military Counterintelligence Service (SKW), CERT Polska (CERT.PL), and the UK’s National Cyber Security Centre (NCSC)—released a joint Cybersecurity Advisory (CSA), Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally. Since September 2023, Russian Foreign Intelligence Service (SVR)-affiliated cyber actors (also known as Advanced Persistent Threat 29 (APT 29), the Dukes, CozyBear, and NOBELIUM/Midnight Blizzard) have been targeting servers hosting JetBrains…

Read More