US-CERT Activity

Zoho Releases Security Advisory for ManageEngine Desktop Central and Desktop Central MSP

17 hours 59 minutes ago
Original release date: January 19, 2022

Zoho has released a security advisory to address an authentication bypass vulnerability (CVE-2021-44757) in ManageEngine Desktop Central and Desktop Central MSP. An attacker could exploit this vulnerability to take control of an affected system.

CISA encourages users and administrators to review the Zoho Vulnerability Notification and the Zoho ManageEngine Desktop Central and ManageEngine Desktop Central MSP security advisories and apply the recommended mitigations immediately.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

CISA Adds 13 Known Exploited Vulnerabilities to Catalog

1 day 16 hours ago
Original release date: January 18, 2022

CISA has added 13 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise.

CVE Number CVE Title Required Action Due Date CVE-2021-32648 October CMS Improper Authentication 2/1/2022 CVE-2021-21315 System Information Library for node.js Command Injection Vulnerability 2/1/2022 CVE-2021-21975 Server Side Request Forgery in vRealize Operations Manager API Vulnerability 2/1/2022 CVE-2021-22991 BIG-IP Traffic Microkernel Buffer Overflow Vulnerability 2/1/2022 CVE-2021-25296 Nagios XI OS Command Injection Vulnerability 2/1/2022 CVE-2021-25297 Nagios XI OS Command Injection Vulnerability 2/1/2022 CVE-2021-25298 Nagios XI OS Command Injection Vulnerability 2/1/2022 CVE-2021-33766 Microsoft Exchange Server Information Disclosure Vulnerability 2/1/2022 CVE-2021-40870 Aviatrix Controller Unrestricted Upload of File Vulnerability 2/1/2022 CVE-2020-11978 Apache Airflow Command Injection Vulnerability 7/18/2022 CVE-2020-13671 Drupal Core Unrestricted Upload of File Vulnerability 7/18/2022 CVE-2020-13927 Apache Airflow Experimental API Authentication Bypass Vulnerability 7/18/2022 CVE-2020-14864 Oracle Corporate Business Intelligence Enterprise Edition Path Traversal Vulnerability 7/18/2022

 

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise. BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the meet the specified criteria.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Oracle Releases January 2022 Critical Patch Update

1 day 20 hours ago
Original release date: January 18, 2022

Oracle has released its Critical Patch Update for January 2022 to address 497 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the Oracle January 2022 Critical Patch Update and apply the necessary updates. 

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

CISA Urges Organizations to Implement Immediate Cybersecurity Measures to Protect Against Potential Threats

1 day 20 hours ago
Original release date: January 18, 2022

In response to recent malicious cyber incidents in Ukraine—including the defacement of government websites and the presence of potentially destructive malware on Ukrainian systems—CISA has published CISA Insights: Implement Cybersecurity Measures Now to Protect Against Potential Critical Threats. The CISA Insights strongly urges leaders and network defenders to be on alert for malicious cyber activity and provides a checklist of concrete actions that every organization—regardless of sector or size—can take immediately to: 

  • Reduce the likelihood of a damaging cyber intrusion, 
  • Detect a potential intrusion, 
  • Ensure the organization is prepared to respond if an intrusion occurs, and 
  • Maximize the organization’s resilience to a destructive cyber incident.

CISA urges senior leaders and network defenders to review the CISA Insights and implement the cybersecurity measures on the checklist.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Microsoft Warns of Destructive Malware Targeting Ukrainian Organizations

3 days 20 hours ago
Original release date: January 16, 2022 | Last revised: January 19, 2022

Microsoft has released a blog post on possible Master Boot Record (MBR) Wiper activity targeting Ukrainian organizations, including Ukrainian government agencies. According to Microsoft, powering down the victim device executes the malware, which overwrites the MBR with a ransom note; however, the ransom note is a ruse because the malware actually destroys the MBR and the targeted files.
 
CISA recommends network defenders review the Microsoft blog for tactics, techniques, and procedures, as well as indicators of compromise related to this activity. CISA additionally recommends network defenders review recent Cybersecurity Advisories and the CISA Insights, Preparing For and Mitigating Potential Cyber Threats.

 

 

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Ivanti Updates Log4j Advisory with Security Updates for Multiple Products  

5 days 19 hours ago
Original release date: January 14, 2022

Ivanti has updated its Log4j Advisory with security updates for multiple products to address CVE-2021-44228. An unauthenticated attacker could exploit this vulnerability to take control of an affected system.

CISA encourages users and administrators to review the Ivanti security advisories pages for Avalanche; File Director; and MobileIron Core, MobileIron Sentry (Core/Cloud), and MobileIron Core Connector and apply the necessary updates and workarounds.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Juniper Networks Releases Security Updates for Multiple Products

6 days 18 hours ago
Original release date: January 13, 2022

Juniper Networks has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the Juniper Networks security advisories page and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Citrix Releases Security Updates for Hypervisor 

6 days 18 hours ago
Original release date: January 13, 2022

Citrix has released security updates to address vulnerabilities in Hypervisor. An attacker could exploit these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review Citrix Security Update CTX335432 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Apple Releases Security Updates for iOS and iPadOS

6 days 18 hours ago
Original release date: January 13, 2022

Apple has released security updates to address a vulnerability affecting iOS 15.2.1 and iPadOS 15.2.1. An attacker could exploit this vulnerability to cause a denial-of-service condition. 

CISA encourages users and administrators to review the Apple security page for iOS 15.2.1 and iPadOS 15.2.1 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Cisco Releases Security Updates for Multiple Products

6 days 18 hours ago
Original release date: January 13, 2022

Cisco has released security updates to address a vulnerability affecting Cisco Unified Contact Center Management Portal (Unified CCMP) and Cisco Unified Contact Center Domain Manager (Unified CCDM). A remote attacker could exploit this vulnerability to take control of an affected system. 

CISCA encourages users and administrators to review Cisco Security Advisory cisco-sa-ccmp-priv-esc-JzhTFLm4 and apply the necessary updates.
 

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

CNMF Identifies and Discloses Malware used by Iranian APT MuddyWater

1 week ago
Original release date: January 12, 2022

U.S. Cyber Command’s Cyber National Mission Force (CNMF) has identified multiple open-source tools used by an Iranian advanced persistent threat (APT) group known as MuddyWater. According to CNMF, “MuddyWater has been seen using a variety of techniques to maintain access to victim networks. These include side-loading DLLs in order to trick legitimate programs into running malware and obfuscating PowerShell scripts to hide command and control functions.” U.S. Cyber Command has released malware samples attributed to MuddyWater to the malware aggregation tool and repository, VirusTotal.

CISA encourages users and administrators to review U.S. Cyber Command’s press release, Iranian intel cyber suite of malware uses open source tools, as well as their VirusTotal page for more information.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Adobe Releases Security Updates for Multiple Products

1 week 1 day ago
Original release date: January 11, 2022

Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates.

Acrobat and Reader APSB22-01
Illustrator APSB22-02
Bridge APSB22-03
InCopy APSB22-04
InDesign APSB22-05

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Citrix Releases Security Update for Workspace App for Linux

1 week 1 day ago
Original release date: January 11, 2022

Citrix has released a security update to address a vulnerability in Workspace App for Linux. An attacker could exploit this vulnerability to take control of an affected system.

CISA encourages users and administrators to review Citrix Security Update CTX338435 and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

SAP Releases January 2022 Security Updates

1 week 1 day ago
Original release date: January 11, 2022

SAP has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the SAP Security Notes for January 2022 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Microsoft Releases January 2022 Security Updates

1 week 1 day ago
Original release date: January 11, 2022

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review Microsoft’s January 2022 Security Update 
Summary
 and Deployment Information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird

1 week 1 day ago
Original release date: January 11, 2022

Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system.  

CISA encourages users and administrators to review the Mozilla security advisories for [Firefox 96], [Firefox ESR 91.5], and [Thunderbird 91.5] and apply the necessary updates. 

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Samba Releases Security Update

1 week 1 day ago
Original release date: January 11, 2022

The Samba Team has released a security update to address a vulnerability in multiple versions of Samba. An attacker could exploit this vulnerability to take control of an affected system.

CISA encourages users and administrators to review Samba Security Announcement CVE-2021-43566 and apply the necessary update. 

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

CISA, FBI, and NSA Release Cybersecurity Advisory on Russian Cyber Threats to U.S. Critical Infrastructure

1 week 1 day ago
Original release date: January 11, 2022

CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have released a joint Cybersecurity Advisory (CSA) that provides an overview of Russian state-sponsored cyber operations, including commonly observed tactics, techniques, and procedures. The CSA also provides detection actions, incident response guidance, and mitigations. CISA, the FBI, and NSA are releasing the joint CSA to help the cybersecurity community reduce the risk presented by Russian state-sponsored cyber threats.  

CISA, the FBI, and NSA encourage the cybersecurity community—especially critical infrastructure network defenders—to adopt a heightened state of awareness, conduct proactive threat hunting, and implement the mitigations identified in the joint CSA. CISA recommends network defenders review CISA's Russia Cyber Threat Overview and Advisories page for more information on Russian state-sponsored malicious cyber activity. CISA recommends critical infrastructure leaders review CISA Insights: Preparing For and Mitigating Potential Cyber Threats for steps to proactively strengthen their organization’s operational resiliency against sophisticated threat actors, including nation-states and their proxies. 

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

CISA Adds 15 Known Exploited Vulnerabilities to Catalog

1 week 2 days ago
Original release date: January 10, 2022

CISA has added 15 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise.

CVE Number CVE Title

Remediation
Due Date

CVE-2021-22017 VMware vCenter Server Improper Access Control Vulnerability 1/24/2022 CVE-2021-36260   Hikvision Improper Input Validation Vulnerability 1/24/2022 CVE-2021-27860 FatPipe WARP, IPVPN, and MPVPN Privilege Escalation vulnerability 1/24/2022 CVE-2020-6572 Google Chrome prior to 81.0.4044.92 Use-After-Free Vulnerability 7/10/2022 CVE-2019-1458 Microsoft Win32K Elevation of Privilege Vulnerability 7/10/2022 CVE-2013-3900 Microsoft WinVerify Trust Function Remote Code Execution Vulnerability 7/10/2022 CVE-2019-2725 Oracle WebLogic Server, Injection Vulnerability 7/10/2022 CVE-2019-9670 Synacor Zimbra Collaboration Suite Improper Restriction of XML External Entity Reference Vulnerability 7/10/2022 CVE-2018-13382 Fortinet FortiOS and FortiProxy Improper Authorization Vulnerability 7/10/2022 CVE-2018-13383 Fortinet FortiOS and FortiProxy Improper Authorization Vulnerability 7/10/2022 CVE-2019-1579 Palo Alto Networks PAN-OS Remote Code Execution Vulnerability     7/10/2022 CVE-2019-10149 Exim Mail Transfer Agent (MTA) Improper Input Validation Vulnerability 7/10/2022 CVE-2015-7450     IBM WebSphere Application Server and Server Hy Server Hypervisor Edition Remote Code Execution Vulnerability 7/10/2022 CVE-2017-1000486 Primetek Primefaces Application Remote Code Execution Vulnerability 7/10/2022 CVE-2019-7609 Elastic Kibana Remote Code Execution Vulnerability 7/10/2022

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise. BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the meet the specified criteria

This product is provided subject to this Notification and this Privacy & Use policy.

CISA
Checked
43 minutes 20 seconds ago
A regularly updated summary of the most frequent, high-impact security incidents currently being reported to the US-CERT.
Subscribe to US-CERT Activity feed