US-CERT Activity

Microsoft IOC Detection Tool for Exchange Server Vulnerabilities

18 hours 22 minutes ago
Original release date: March 6, 2021

Microsoft has released an updated script that scans Exchange log files for indicators of compromise (IOCs) associated with the vulnerabilities disclosed on March 2, 2021.

CISA is aware of widespread domestic and international exploitation of these vulnerabilities and strongly recommends organizations run the Test-ProxyLogon.ps1 script—as soon as possible—to help determine whether their systems are compromised. For additional information on the script, see Microsoft’s blog HAFNIUM targeting Exchange Servers with 0-day exploits.

For more information about these vulnerabilities and how to defend against their exploitation, see:

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Microsoft Releases Alternative Mitigations for Exchange Server Vulnerabilities

1 day 8 hours ago
Original release date: March 5, 2021

Microsoft has released alternative mitigation techniques for Exchange Server customers who are not able to immediately apply updates that address vulnerabilities disclosed on March 2, 2021.

CISA and Microsoft encourages organizations to upgrade their on-premises Exchange environments to the latest supported version. If an organization is unable to immediately apply the updates, CISA strongly recommends they apply the alternative mitigations found in Microsoft’s blog on Exchange Server Vulnerabilities Mitigations in the interim.

For more information about these vulnerabilities, see:

 

 

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Update to Alert on Mitigating Microsoft Exchange Server Vulnerabilities

2 days 11 hours ago
Original release date: March 4, 2021

CISA is aware of threat actors using open source tools to search for vulnerable Microsoft Exchange Servers and advises entities to investigate for signs of a compromise from at least September 1, 2020. CISA has updated the Alert on the Microsoft Exchange server vulnerabilities with additional detailed mitigations. 
 
CISA encourages administrators to review the updated Alert and the Microsoft Security Update and apply the necessary updates as soon as possible or disconnect vulnerable Exchange servers from the internet until the necessary patch is made available.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Joint NSA and CISA Guidance on Strengthening Cyber Defense Through Protective DNS

2 days 13 hours ago
Original release date: March 4, 2021

The National Security Agency (NSA) and CISA have released a Joint Cybersecurity Information (CSI) sheet with guidance on selecting a protective Domain Name System (PDNS) service as a key defense against malicious cyber activity. Protective DNS can greatly reduce the effectiveness of ransomware, phishing, botnet, and malware campaigns by blocking known-malicious domains. Additionally organizations can use DNS query logs for incident response and threat hunting activities.

CISA encourages users and administrators to consider the benefits of using a protective DNS service and review NSA and CISA’s CSI sheet on Selecting a Protective DNS Service for more information.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Cisco Releases Security Updates

2 days 16 hours ago
Original release date: March 4, 2021

Cisco has released security updates to address a vulnerability in multiple Cisco products. An attacker could exploit this vulnerability to cause a denial-of-service condition. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

CISA encourages users and administrators to review Cisco Advisory cisco-sa-snort-ethernet-dos-HGXgJH8n and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

VMware Releases Security Update

2 days 16 hours ago
Original release date: March 4, 2021

VMware has released a security update to address a vulnerability in View Planner. An attacker could exploit this vulnerability to take control of an affected system.

CISA encourages users and administrators to review VMware Security Advisory VMSA-2021-0003 and apply the necessary update.  

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

CISA Issues Emergency Directive and Alert on Microsoft Exchange Vulnerabilities

3 days 12 hours ago
Original release date: March 3, 2021

CISA has issued Emergency Directive (ED) 21-02 and Alert AA21-062A addressing critical vulnerabilities in Microsoft Exchange products. Successful exploitation of these vulnerabilities allows an attacker to access on-premises Exchange servers, enabling them to gain persistent system access and control of an enterprise network. 

CISA strongly recommends organizations examine their systems to detect any malicious activity detailed in Alert AA21-062A. Review the following resources for more information:

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Google Releases Security Updates for Chrome

3 days 15 hours ago
Original release date: March 3, 2021

Google has released Chrome version 89.0.4389.72 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. 

CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates. 

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Microsoft Releases Out-of-Band Security Updates for Exchange Server

4 days 9 hours ago
Original release date: March 2, 2021

Microsoft has released out-of-band security updates to address vulnerabilities affecting Microsoft Exchange Server 2013, 2016, and 2019. A remote attacker can exploit three remote code execution vulnerabilities—CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065—to take control of an affected system and can exploit one vulnerability—CVE-2021-26855—to obtain access to sensitive information. These vulnerabilities are being actively exploited in the wild.

CISA encourages users and administrators to review the Microsoft blog post and apply the necessary updates or workarounds.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Apache Releases Security Advisory for Tomcat

4 days 16 hours ago
Original release date: March 2, 2021

The Apache Software Foundation has released a security advisory to address a vulnerability in multiple versions of Apache Tomcat 9.0. An attacker could exploit this vulnerability to access sensitive information.

CISA encourages users and administrators to review the Apache security advisory for CVE-2021-25122 and upgrade to the appropriate version.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

NSA Releases Guidance on Zero Trust Security Model

1 week 1 day ago
Original release date: February 26, 2021

The National Security Agency (NSA) has released Cybersecurity Information Sheet: Embracing a Zero Trust Security Model, which provides information about, and recommendations for, implementing Zero Trust within networks. The Zero Trust security model is a coordinated system management strategy that assumes breaches are inevitable or have already occurred.

CISA encourages administrators and organizations review NSA’s guidance on Embracing a Zero Trust Security Model to help secure sensitive data, systems, and services.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Cisco Releases Security Updates 

1 week 2 days ago
Original release date: February 25, 2021

Cisco has released security updates to address vulnerabilities in Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system.
 
CISA encourages users and administrators to review the following Cisco Advisories and apply the necessary updates:

For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Mozilla Releases Security Updates for Thunderbird, Firefox ESR, and Firefox

1 week 3 days ago
Original release date: February 24, 2021

Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit these vulnerabilities to take control of an affected system.
 
CISA encourages users and administrators to review the Mozilla security advisories for Firefox 86, Firefox ESR 78.8, and Thunderbird 78.8 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

VMware Releases Multiple Security Updates

1 week 3 days ago
Original release date: February 24, 2021

VMware has released security updates to address multiple vulnerabilities—CVE-2021-21972, CVE-2021-21973, CVE-2021-21974—in ESXi, vCenter Server, and Cloud Foundation. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review VMware Security Advisory VMSA-2021-0002 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

CISA Releases Joint Cybersecurity Advisory on Exploitation of Accellion File Transfer Appliance

1 week 3 days ago
Original release date: February 24, 2021

The cybersecurity authorities of Australia, New Zealand, Singapore, the United Kingdom, and the United States have released Joint Cybersecurity Advisory AA21-055A: Exploitation of Accellion File Transfer Appliance. Cyber actors worldwide have exploited vulnerabilities in Accellion File Transfer Appliance to attack multiple federal, and state, local, tribal, and territorial government organizations as well as private industry organizations in the medical, legal, telecommunications, finance, and energy fields. In some instances, the attacker extorted money from victim organizations to prevent public release of information exfiltrated from a compromised Accellion appliance.

CISA encourages users and administrators to review AA21-055A: Exploitation of Accellion File Transfer Appliance and MAR-10325064-1.v1 – Accellion FTA for more information.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

SonicWall Releases Additional Patches

1 week 4 days ago
Original release date: February 23, 2021

SonicWall has released firmware patches for SMA 100 series products in an update to its previous alert from February 3, 2021. A remote attacker could exploit a vulnerability in versions of SMA 10 prior to 10.2.0.5-29sv to take control of an affected system.

CISA encourages users and administrators to review the updated SonicWall alert and apply the necessary patches as soon as possible.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA
Checked
2 hours 43 minutes ago
A regularly updated summary of the most frequent, high-impact security incidents currently being reported to the US-CERT.
Subscribe to US-CERT Activity feed