US-CERT Activity

ACSC Releases Annual Cyber Threat Report

3 days 1 hour ago
Original release date: September 16, 2021

The Australian Cyber Security Centre (ACSC) has released its annual report on key cyber security threats and trends for the 2020–21 financial year.  
 
The report lists the exploitation of the pandemic environment, the disruption of essential services and critical infrastructure, ransomware, the rapid exploitation of security vulnerabilities, and the compromise of business email  as last year’s most significant threats.   
 
CISA encourages users and administrators to review ACSC’s Annual Cyber Threat Report July 2020 to June 2021 and CISA’s Stop Ransomware webpage for more information. 

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

FBI-CISA-CGCYBER Advisory on APT Exploitation of ManageEngine ADSelfService Plus Vulnerability

3 days 3 hours ago
Original release date: September 16, 2021

The Federal Bureau of Investigation (FBI), CISA, and Coast Guard Cyber Command (CGCYBER) have released a Joint Cybersecurity Advisory (CSA) detailing the active exploitation of an authentication bypass vulnerability (CVE-2021-40539) in Zoho ManageEngine ADSelfService Plus—a self-service password management and single sign-on solution. The FBI, CISA, and CGCYBER assess that advanced persistent threat (APT) cyber actors are likely among those exploiting the vulnerability. The exploitation of this vulnerability poses a serious risk to critical infrastructure companies, U.S.-cleared defense contractors, academic institutions, and other entities that use the software.

CISA strongly encourages users and administrators to review Joint FBI-CISA-CGCYBER CSA: APT Actors Exploiting Newly Identified Vulnerability in ManageEngine ADSelfService Plus and immediately implement the recommended mitigations, which include updating to ManageEngine ADSelfService Plus build 6114.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Microsoft Releases Security Update for Azure Linux Open Management Infrastructure

3 days 4 hours ago
Original release date: September 16, 2021 | Last revised: September 17, 2021

(Updated, September 17)

On September 16, 2021, Microsoft released additional guidance on Open Management Infrastructure (OMI) vulnerabilities—CVE-2021-38645, CVE-2021-38649, CVE-2021-38648, and CVE-2021-38647—which impact Azure VM Management Extensions. According to Microsoft, “[c]ustomers must update vulnerable extensions for their Cloud and On-Premises deployments as the updates become available…”

CISA encourages organizations to review Additional Guidance Regarding OMI Vulnerabilities within Azure VM Management Extensions for more information and to:

  • ensure automatic updates are applied 
  • ensure manual updates are applied, as patches are made available
  • restrict external access to Linux systems that expose OMI ports (TCP 5985, 5986, and 1270)

(Original, September 16)

Microsoft has released an update to address a remote code execution vulnerability—CVE-2021-38647—in Azure Linux Open Management Infrastructure (OMI). An attacker could use this vulnerability to take control of an affected system.

CISA encourages users and administrators to review the Microsoft Security Advisory to apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Drupal Releases Multiple Security Updates

3 days 5 hours ago
Original release date: September 16, 2021

Drupal has released security updates to address multiple vulnerabilities affecting Drupal 8.9, 9.1, and 9.2. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the following Drupal security advisories and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Adobe Releases Security Updates for Multiple Products

5 days ago
Original release date: September 14, 2021

Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review Adobe’s Security Bulletins and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Citrix Releases Security Update for ShareFile Storage Zones Controller

5 days ago
Original release date: September 14, 2021

Citrix has released a security update to address a vulnerability affecting Citrix ShareFile storage zones controller. A remote attacker can exploit this vulnerability to take control of an affected system.

CISA recommends users and administrators review Citrix Security Bulletin CTX328123 and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

SAP Releases September 2021 Security Updates 

5 days ago
Original release date: September 14, 2021

SAP has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the SAP Security Notes for September 2021 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Microsoft Releases September 2021 Security Updates

5 days 1 hour ago
Original release date: September 14, 2021

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker can exploit some of these vulnerabilities to take control of an affected system.  

CISA encourages users and administrators to review Microsoft’s September 2021 Security Update Summary and Deployment Information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Google Releases Security Updates for Chrome

5 days 4 hours ago
Original release date: September 14, 2021

Google has released Chrome version 93.0.4577.82 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

CERT NZ Releases Ransomware Protection Guide for Businesses

5 days 5 hours ago
Original release date: September 14, 2021

The New Zealand Computer Emergency Response Team (CERT NZ) has released a guide on ransomware protection for businesses. The guide includes a pair of helpful diagrams that outline different ransomware attack pathways and illustrate where relevant security controls can work to protect or stop an attack.  

CISA encourages users, administrators, and business leaders to review the CERT NZ guide, Protecting from ransomware, for more information as well as recommended prevention and mitigation measures.  

For additional resources related to the prevention and mitigation of ransomware, see https://www.stopransomware.gov as well as the CISA-MS-ISAC Joint Ransomware Guide.

Stopransomware.gov is the U.S. Government’s official one-stop location for resources to tackle ransomware more effectively.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Apple Releases Security Updates to Address CVE-2021-30858 and CVE-2021-30860

5 days 23 hours ago
Original release date: September 13, 2021

Apple has released security updates to address vulnerabilities—CVE-2021-30858 and CVE-2021-30860—in multiple products.  An attacker could exploit these vulnerabilities to take control of an affected device. CISA is aware of public reporting that these vulnerabilities may have been exploited in the wild.

CISA encourages users and administrators to review the security update pages for the following products and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

CISA's Annual National Cybersecurity Summit

6 days 4 hours ago
Original release date: September 13, 2021

CISA will host its fourth annual National Cybersecurity Summit on Wednesdays during the month of October. The 2021 Summit will be held as a series of four virtual events bringing stakeholders together in a forum for meaningful conversation:

  • Oct. 6 - Assembly Required: The Pieces of the Vulnerability Management Ecosystem 
  • Oct. 13 - Collaborating for the Collective Defense 
  • Oct. 20 - Team Awesome: The Cyber Workforce 
  • Oct. 27 - The Cyber/Physical Convergence

Register for this free summit and read more about the presentations at CISA.gov/cybersummit2021.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Citrix Releases Security Updates for Hypervisor

1 week 3 days ago
Original release date: September 9, 2021

Citrix has released security updates to address vulnerabilities in Hypervisor. An attacker could exploit these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review Citrix Security Update CTX325319 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Cisco Releases Security Updates for Multiple Products

1 week 3 days ago
Original release date: September 9, 2021

Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

CISA encourages users and administrators to review the following Cisco advisories and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird

1 week 4 days ago
Original release date: September 8, 2021

Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the Mozilla security advisories for Firefox 92, Firefox ESR 78.14, and Thunderbird 78.14.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Zoho Releases Security Update for ADSelfService Plus

1 week 4 days ago
Original release date: September 7, 2021 | Last revised: September 8, 2021

Zoho has released a security update on a vulnerability (CVE-2021-40539) affecting ManageEngine ADSelfService Plus builds 6113 and below. CVE-2021-40539 has been detected in exploits in the wild. A remote attacker could exploit this vulnerability to take control of an affected system. ManageEngine ADSelfService Plus is a self-service password management and single sign-on solution for Active Directory and cloud apps. Additionally, CISA strongly urges organizations ensure ADSelfService Plus is not directly accessible from the internet.

CISA encourages users and administrators to review the Zoho advisory for more information and to update to ADSelfService Plus build 6114.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Microsoft Releases Mitigations and Workarounds for CVE-2021-40444

1 week 4 days ago
Original release date: September 7, 2021

Microsoft has released mitigations and workarounds to address a remote code execution vulnerability (CVE-2021-40444) in Microsoft Windows. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system. This vulnerability has been detected in exploits in the wild. 

CISA encourages users and administrators to review Microsoft’s advisory and to implement the mitigations and workarounds.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA
Checked
49 minutes 31 seconds ago
A regularly updated summary of the most frequent, high-impact security incidents currently being reported to the US-CERT.
Subscribe to US-CERT Activity feed