Malware

Today, as part of the Ransomware Vulnerability Warning Pilot (RVWP), CISA launched two new resources for combating ransomware campaigns: A “Known to be Used in Ransomware Campaigns” column in the KEV Catalog that identifies KEVs associated with ransomware campaigns. A “Misconfigurations and Weaknesses Known to be Used in Ransomware Campaigns” table on StopRansomware.gov that identifies misconfigurations and weaknesses associated with ransomware campaigns. The table features a column that identifies the Cyber Performance Goal (CPG) action for each misconfiguration…

Read More

Today, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released a joint Cybersecurity Advisory (CSA), #StopRansomware: AvosLocker Ransomware (Update) to disseminate known indicators of compromise (IOCs), tactics, techniques, and procedures (TTPs), and detection methods associated with the AvosLocker variant identified through FBI investigations as recently as May 2023. This release updates the March 17, 2022 joint CSA, Indicators of Compromise Associated with AvosLocker ransomware, released by FBI, CISA, and the…

Read More

Citrix has released security updates to address vulnerabilities affecting multiple products. A malicious cyber actor can exploit one of these vulnerabilities take control of an affected system. CISA encourages users and administrators to review the following Citrix security bulletins and apply the necessary updates: NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-4966 and CVE-2023-4967  Citrix Hypervisor Multiple Security Updates

Read More

Researchers and vendors have disclosed a denial-of-service (DoS) vulnerability in HTTP/2 protocol. The vulnerability (CVE-2023-44487), known as Rapid Reset, has been exploited in the wild in August 2023 through October 2023. CISA recommends organizations that provide HTTP/2 services apply patches when available and consider configuration changes and other mitigations discussed in the references below. For more information on Rapid Reset, see: Cloudflare: HTTP/2 Rapid Reset: deconstructing the record-breaking attack Google: How it works: The novel…

Read More

Today, CISA, the Federal Bureau of Investigation, the National Security Agency, and the U.S. Department of the Treasury released guidance on improving the security of open source software (OSS) in operational technology (OT) and industrial control systems (ICS). In alignment with CISA’s recently released Open Source Security Roadmap, the guidance provides recommendations to OT/ICS organizations on: Supporting OSS development and maintenance, Managing and patching vulnerabilities in OT/ICS environments, and Using the Cross-Sector Cybersecurity Performance Goals…

Read More

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A cyber threat actor can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s October 2023 Security Update Guide and apply the necessary updates.  

Read More

Apple has released security updates to address vulnerabilities in iOS and iPadOS. A cyber threat actor could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisory and apply the necessary updates: iOS 17.0.3 and iPadOS 17.0.3.

Read More

Atlassian released a security advisory to address a vulnerability affecting Confluence Data Center and Confluence Server. A remote cyber threat actor could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review the following advisory and apply the necessary updates: CVE-2023-22515 – Privilege Escalation Vulnerability in Confluence Data Center and Server.

Read More

Today, the National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) released a joint cybersecurity advisory (CSA), NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations, which provides the most common cybersecurity misconfigurations in large organizations, and details the tactics, techniques, and procedures (TTPs) actors use to exploit these misconfigurations. The misconfigurations in the CSA illustrate a trend of systemic weaknesses in many large organizations, including those with mature cyber…

Read More

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation: CVE-2023-42793 Arm Mali GPU Kernel Driver Use-After-Free Vulnerability CVE-2023-28229 Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view other newly added vulnerabilities in the catalog, click on the arrow in the “Date Added to Catalog” column—which will sort…

Read More