Malware

Today, CISA released an Open Source Software Security Roadmap to lay out—in alignment with the National Cybersecurity Strategy and the CISA Cybersecurity Strategic Plan—how we will partner with federal agencies, open source software (OSS) consumers, and the OSS community, to secure OSS infrastructure. To that end, the roadmap details four key goals: Establish CISA’s role in supporting the security of OSS, Understand the prevalence of key open source dependencies, Reduce risks to the federal government,…

Read More

Apple has released security updates to address a vulnerability in multiple products. A cyber threat actor could exploit this vulnerability to take control of an affected device. CISA encourages users and administrators to review the following advisories and apply the necessary updates. iOS 15.7.9 and iPadOS 15.7.9 macOS Monterey 12.6.9 macOS Big Sur 11.7.10  

Read More

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A cyber threat actor can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s September 2023 Security Update Guide and apply the necessary updates.  

Read More

Today, CISA, Federal Bureau of Investigation (FBI), and U.S. Cyber Command’s Cyber National Mission Force (CNMF) published a joint Cybersecurity Advisory (CSA), Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475. This CSA provides information on an incident at an Aeronautical Sector organization, with malicious activity occurring as early as January 2023.  CISA, FBI, and CNMF confirmed that nation-state advanced persistent threat (APT) actors exploited CVE-2022-47966 to gain unauthorized access to a public-facing application (Zoho ManageEngine…

Read More

CISA has released actionable guidance for Federal Civilian Executive Branch (FCEB) agencies to help them evaluate and mitigate the risk of volumetric distributed denial-of-service (DDoS) attacks against their websites and related web services. The Capacity Enhancement Guide: Volumetric DDoS Against Web Services Technical Guidance:   Helps agencies prioritize DDoS mitigations based on mission and reputational impact.  Describes DDoS mitigation services so agencies can make risk-informed tradeoff decisions on how to use available resources most effectively. …

Read More

The Cybersecurity and Infrastructure Security Agency (CISA) has released an update to a previously published Cybersecurity Advisory (CSA), Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells. The CSA—originally released to warn network defenders of critical infrastructure organizations about threat actors exploiting CVE-2023-3519, an unauthenticated remote code execution (RCE) vulnerability affecting NetScaler (formerly Citrix) Application Delivery Controller (ADC) and NetScaler Gateway—contains victim information gathered in August 2023. Since July 2023, the Joint Cyber Defense Collaborative (JCDC)…

Read More

VMware has released a security update to address a vulnerability in VMware Tools. A cyber threat actor can exploit this vulnerability to obtain sensitive information. CISA encourages users and administrators to review VMware Security Advisory VMSA-2023-0019 and apply the necessary update.

Read More

Today, the United Kingdom’s National Cyber Security Centre (NCSC-UK), the United States’ Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI), New Zealand’s National Cyber Security Centre (NCSC-NZ), the Canadian Centre for Cyber Security (CCCS), and the Australian Signals Directorate (ASD) published a joint Malware Analysis Report (MAR), on Infamous Chisel, a new mobile malware targeting Android devices that has capabilities to enable unauthorized access to compromised devices,…

Read More

CISA urges users to remain on alert for malicious cyber activity following natural disasters, such as hurricanes, as attackers target disaster victims and concerned citizens by leveraging social engineering tactics, techniques, and procedures (TTPs). Social engineering TTPs include phishing, in which threat actors pose as trustworthy persons/organizations—such as disaster-relief charities—to solicit personal information via email or malicious websites. CISA recommends exercising caution in handling emails with disaster-related subject lines, attachments, or hyperlinks. In addition, be…

Read More

VMware has released security updates to address multiple vulnerabilities in Aria Operations for Networks. A cyber threat actor can exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory VMSA-2023-0018 and apply the necessary updates.

Read More