Current security issues, vulnerabilities, and exploits

  • NSA Releases Guidance on Zero Trust Security Model
    on February 26, 2021

    Original release date: February 26, 2021The National Security Agency (NSA) has released Cybersecurity Information Sheet: Embracing a Zero Trust Security Model, which provides information about, and recommendations for, implementing Zero Trust within networks. The Zero Trust security model is a coordinated system management strategy that assumes breaches are inevitable or have already occurred. CISA encourages administrators and organizations review NSA’s guidance on Embracing a Zero Trust Security Model to help secure sensitive data, systems, and services. This product is provided subject to this Notification and this Privacy & Use policy.



  • Cisco Releases Security Updates 
    on February 25, 2021

    Original release date: February 25, 2021Cisco has released security updates to address vulnerabilities in Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system.   CISA encourages users and administrators to review the following Cisco Advisories and apply the necessary updates: Cisco Application Services Engine Unauthorized Access Vulnerabilities cisco-sa-case-mvuln-dYrDPC6w Cisco NX-OS Software Unauthenticated Arbitrary File Actions Vulnerability cisco-sa-3000-9000-fileaction-QtLzDRy2 Cisco ACI Multi-Site Orchestrator Application Services Engine Deployment Authentication Bypass Vulnerability cisco-sa-mso-authbyp-bb5GmBQv For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. This product is provided subject to this Notification and this Privacy & Use policy.

  • Mozilla Releases Security Updates for Thunderbird, Firefox ESR, and Firefox
    on February 24, 2021

    Original release date: February 24, 2021Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit these vulnerabilities to take control of an affected system.   CISA encourages users and administrators to review the Mozilla security advisories for Firefox 86, Firefox ESR 78.8, and Thunderbird 78.8 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

  • VMware Releases Multiple Security Updates
    on February 24, 2021

    Original release date: February 24, 2021VMware has released security updates to address multiple vulnerabilities—CVE-2021-21972, CVE-2021-21973, CVE-2021-21974—in ESXi, vCenter Server, and Cloud Foundation. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory VMSA-2021-0002 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

  • CISA Releases Joint Cybersecurity Advisory on Exploitation of Accellion File Transfer Appliance
    on February 24, 2021

    Original release date: February 24, 2021The cybersecurity authorities of Australia, New Zealand, Singapore, the United Kingdom, and the United States have released Joint Cybersecurity Advisory AA21-055A: Exploitation of Accellion File Transfer Appliance. Cyber actors worldwide have exploited vulnerabilities in Accellion File Transfer Appliance to attack multiple federal, and state, local, tribal, and territorial government organizations as well as private industry organizations in the medical, legal, telecommunications, finance, and energy fields. In some instances, the attacker extorted money from victim organizations to prevent public release of information exfiltrated from a compromised Accellion appliance. CISA encourages users and administrators to review AA21-055A: Exploitation of Accellion File Transfer Appliance and MAR-10325064-1.v1 – Accellion FTA for more information. This product is provided subject to this Notification and this Privacy & Use policy.

  • SonicWall Releases Additional Patches
    on February 23, 2021

    Original release date: February 23, 2021SonicWall has released firmware patches for SMA 100 series products in an update to its previous alert from February 3, 2021. A remote attacker could exploit a vulnerability in versions of SMA 10 prior to 10.2.0.5-29sv to take control of an affected system. CISA encourages users and administrators to review the updated SonicWall alert and apply the necessary patches as soon as possible. This product is provided subject to this Notification and this Privacy & Use policy.

  • Cisco Releases Security Updates for AnyConnect Secure Mobility Client
    on February 18, 2021

    Original release date: February 18, 2021Cisco has released security updates to address a vulnerability in Cisco AnyConnect Secure Mobility Client. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review Cisco Security Advisory cisco-sa-anyconnect-dll-hijac-JrcTOQMC and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.