US-CERT Activity

The Australian Cyber Security Centre (ACSC) has released its annual report on key cyber security threats and trends for the 2020–21 financial year.  
 
The report lists the exploitation of the pandemic environment, the disruption of essential services and critical infrastructure, ransomware, the rapid exploitation of security vulnerabilities, and the compromise of business email  as last year’s most significant threats.   
 
CISA encourages users and administrators to review ACSC’s Annual Cyber Threat Report July 2020 to June 2021 and CISA’s Stop Ransomware webpage for more information. 

This product is provided subject to this Notification and this Privacy & Use policy.

The Federal Bureau of Investigation (FBI), CISA, and Coast Guard Cyber Command (CGCYBER) have released a Joint Cybersecurity Advisory (CSA) detailing the active exploitation of an authentication bypass vulnerability (CVE-2021-40539) in Zoho ManageEngine ADSelfService Plus—a self-service password management and single sign-on solution. The FBI, CISA, and CGCYBER assess that advanced persistent threat (APT) cyber actors are likely among those exploiting the vulnerability. The exploitation of this vulnerability poses a serious risk to critical infrastructure companies, U.S.-cleared defense contractors, academic institutions, and other entities that use the software.

CISA strongly encourages users and administrators to review Joint FBI-CISA-CGCYBER CSA: APT Actors Exploiting Newly Identified Vulnerability in ManageEngine ADSelfService Plus and immediately implement the recommended mitigations, which include updating to ManageEngine ADSelfService Plus build 6114.

This product is provided subject to this Notification and this Privacy & Use policy.

(Updated, September 17)

On September 16, 2021, Microsoft released additional guidance on Open Management Infrastructure (OMI) vulnerabilities—CVE-2021-38645, CVE-2021-38649, CVE-2021-38648, and CVE-2021-38647—which impact Azure VM Management Extensions. According to Microsoft, “[c]ustomers must update vulnerable extensions for their Cloud and On-Premises deployments as the updates become available…”

CISA encourages organizations to review Additional Guidance Regarding OMI Vulnerabilities within Azure VM Management Extensions for more information and to:

• ensure automatic updates are applied 
• ensure manual updates are applied, as patches are made available
• restrict external access to Linux systems that expose OMI ports (TCP 5985, 5986, and 1270)

(Original, September 16)

Microsoft has released an update to address a remote code execution vulnerability—CVE-2021-38647—in Azure Linux Open Management Infrastructure (OMI). An attacker could use this vulnerability to take control of an affected system.

CISA encourages users and administrators to review the Microsoft Security Advisory to apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.

Drupal has released security updates to address multiple vulnerabilities affecting Drupal 8.9, 9.1, and 9.2. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the following Drupal security advisories and apply the necessary updates.

• SA-CORE-2021-006
• SA-CORE-2021-007
• SA-CORE-2021-008
• SA-CORE-2021-009
• SA-CORE-2021-010

This product is provided subject to this Notification and this Privacy & Use policy.

Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review Adobe’s Security Bulletins and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Citrix has released a security update to address a vulnerability affecting Citrix ShareFile storage zones controller. A remote attacker can exploit this vulnerability to take control of an affected system.

CISA recommends users and administrators review Citrix Security Bulletin CTX328123 and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.

SAP has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the SAP Security Notes for September 2021 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker can exploit some of these vulnerabilities to take control of an affected system.  

CISA encourages users and administrators to review Microsoft’s September 2021 Security Update Summary and Deployment Information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Google has released Chrome version 93.0.4577.82 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

The New Zealand Computer Emergency Response Team (CERT NZ) has released a guide on ransomware protection for businesses. The guide includes a pair of helpful diagrams that outline different ransomware attack pathways and illustrate where relevant security controls can work to protect or stop an attack.  

CISA encourages users, administrators, and business leaders to review the CERT NZ guide, Protecting from ransomware, for more information as well as recommended prevention and mitigation measures.  

For additional resources related to the prevention and mitigation of ransomware, see https://www.stopransomware.gov as well as the CISA-MS-ISAC Joint Ransomware Guide.

Stopransomware.gov is the U.S. Government’s official one-stop location for resources to tackle ransomware more effectively.

This product is provided subject to this Notification and this Privacy & Use policy.

Apple has released security updates to address vulnerabilities—CVE-2021-30858 and CVE-2021-30860—in multiple products.  An attacker could exploit these vulnerabilities to take control of an affected device. CISA is aware of public reporting that these vulnerabilities may have been exploited in the wild.

CISA encourages users and administrators to review the security update pages for the following products and apply the necessary updates.

• macOS Big Sur 11.6
• macOS Catalina
• watchOS 7.6.2
• iOS 14.8 and iPadOS 14.8
• Safari 14.1.2
   

This product is provided subject to this Notification and this Privacy & Use policy.

CISA will host its fourth annual National Cybersecurity Summit on Wednesdays during the month of October. The 2021 Summit will be held as a series of four virtual events bringing stakeholders together in a forum for meaningful conversation:

• Oct. 6 - Assembly Required: The Pieces of the Vulnerability Management Ecosystem 
• Oct. 13 - Collaborating for the Collective Defense 
• Oct. 20 - Team Awesome: The Cyber Workforce 
• Oct. 27 - The Cyber/Physical Convergence

Register for this free summit and read more about the presentations at CISA.gov/cybersummit2021.

This product is provided subject to this Notification and this Privacy & Use policy.

WordPress 5.4-5.8 are affected by multiple vulnerabilities. An attacker could exploit these vulnerabilities to take control of an affected website.

CISA encourages users and administrators to review the WordPress Security and Maintenance Release and upgrade to WordPress 5.8.1.

This product is provided subject to this Notification and this Privacy & Use policy.

Citrix has released security updates to address vulnerabilities in Hypervisor. An attacker could exploit these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review Citrix Security Update CTX325319 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

CISA encourages users and administrators to review the following Cisco advisories and apply the necessary updates:

• Cisco IOS XR Software for ASR 9000 Series Routers Denial of Service Vulnerability cisco-sa-npspin-QypwdhFD
• Cisco IOS XR Software IP Service Level Agreements and Two-Way Active Measurement Protocol Denial of Service Vulnerability cisco-sa-ipsla-ZA3SRrpP
• Cisco IOS XR Software Arbitrary File Read and Write Vulnerability cisco-sa-iosxr-scp-inject-QwZOCv2
• Cisco IOS XR Software Authenticated User Privilege Escalation Vulnerabilities cisco-sa-iosxr-privescal-dZYMrKf

This product is provided subject to this Notification and this Privacy & Use policy.

Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the Mozilla security advisories for Firefox 92, Firefox ESR 78.14, and Thunderbird 78.14.

This product is provided subject to this Notification and this Privacy & Use policy.

Zoho has released a security update on a vulnerability (CVE-2021-40539) affecting ManageEngine ADSelfService Plus builds 6113 and below. CVE-2021-40539 has been detected in exploits in the wild. A remote attacker could exploit this vulnerability to take control of an affected system. ManageEngine ADSelfService Plus is a self-service password management and single sign-on solution for Active Directory and cloud apps. Additionally, CISA strongly urges organizations ensure ADSelfService Plus is not directly accessible from the internet.

CISA encourages users and administrators to review the Zoho advisory for more information and to update to ADSelfService Plus build 6114.

This product is provided subject to this Notification and this Privacy & Use policy.

Microsoft has released mitigations and workarounds to address a remote code execution vulnerability (CVE-2021-40444) in Microsoft Windows. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system. This vulnerability has been detected in exploits in the wild. 

CISA encourages users and administrators to review Microsoft’s advisory and to implement the mitigations and workarounds.

This product is provided subject to this Notification and this Privacy & Use policy.