Current Security Issues, Vulnerabilities, and Exploits
Current CISA Security Alerts
- NSA, FBI, CISA, and Japanese Partners Release Advisory on PRC-Linked Cyber Actorson September 27, 2023
Today, the U.S. National Security Agency (NSA), Federal Bureau of Investigation (FBI), and Cybersecurity and Infrastructure Security Agency (CISA), along with the Japan National Police Agency (NPA) and the Japan National Center of Incident Readiness and Strategy for Cybersecurity (NISC) released joint Cybersecurity Advisory (CSA) People's Republic of China-Linked Cyber Actors Hide in Router Firmware. The CSA details activity by cyber actors, known as BlackTech, linked to the People’s Republic of China (PRC). The advisory provides BlackTech tactics, techniques, and procedures (TTPs) and urges multinational corporations to review all subsidiary connections, verify access, and consider implementing zero trust models to limit the extent of a potential BlackTech compromise. BlackTech has demonstrated capabilities in modifying router firmware without detection and exploiting routers’ domain-trust relationships to pivot from international subsidiaries to headquarters in Japan and the United States, which are the primary targets. CISA strongly recommends organizations review the advisory and implement the detection and mitigation techniques described to protect devices and networks. For additional guidance, see People’s Republic of China State-Sponsored Cyber Actors Exploit Network Providers and Devices and visit CISA’s China Cyber Threat Overview and Advisories page.
- Mozilla Releases Security Advisories for Thunderbird and Firefoxon September 27, 2023
Mozilla has released security updates to address vulnerabilities for Thunderbird 115.3, Firefox ESR 115.3, and Firefox 118. A cyber threat actor could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Mozilla security advisories for Thunderbird 115.3, Firefox ESR 115.3 and Firefox 118 for more information and apply the necessary updates.
- CISA Releases Six Industrial Control Systems Advisorieson September 26, 2023
CISA released six Industrial Control Systems (ICS) advisories on September 26, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-269-01 Suprema BioStar 2 ICSA-23-269-02 Hitachi Energy Asset Suite 9 ICSA-23-269-03 Mitsubishi Electric FA Engineering Software ICSA-23-269-04 Advantech EKI-1524-CE series ICSA-23-269-05 Baker Hughes Bently Nevada 3500 ICSA-23-024-02 SOCOMEC MODULYS GP (UPDATE A) CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations.
- CISA Adds Three Known Exploited Vulnerabilities to Catalogon September 25, 2023
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-41991 Apple Multiple Products Improper Certificate Validation Vulnerability CVE-2023-41992 Apple Multiple Products Kernel Privilege Escalation Vulnerability CVE-2023-41993 Apple Multiple Products WebKit Code Execution Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view other newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column—which will sort by descending dates. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
- Apple Releases Security Updates for Multiple Productson September 22, 2023
Apple has released security updates to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected device. CISA encourages users and administrators to review the following advisories and apply the necessary updates. iOS 17.0.1 and iPadOS 17.0.1 iOS 16.7 and iPadOS 16.7 watchOS 10.0.1 watchOS 9.6.3 Safari 16.6.1 macOS Ventura 13.6 macOS Monterey 12.7
- ISC Releases Security Advisories for BIND 9on September 21, 2023
The Internet Systems Consortium (ISC) has released security advisories to address vulnerabilities affecting ISC’s Berkeley Internet Name Domain (BIND) 9. A malicious cyber actor could exploit these vulnerabilities to cause denial-of-service conditions. CISA encourages users and administrators to review the following ISC advisories and apply necessary updates or workarounds: CVE-2023-4236: named may terminate unexpectedly under high DNS-over-TLS query load CVE-2023-3341: A stack exhaustion flaw in control channel code may cause named to terminate unexpectedly
- CISA Releases Six Industrial Control Systems Advisorieson September 21, 2023
CISA released six Industrial Control Systems (ICS) advisories on September 21, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-264-01 Real Time Automation 460 Series ICSA-23-264-02 Siemens Spectrum Power 7 ICSA-23-264-03 Delta Electronics DIAScreen ICSA-23-264-04 Rockwell Automation Select Logix Communication Modules ICSA-23-264-05 Rockwell Automation Connected Components Workbench ICSA-23-264-06 Rockwell Automation FactoryTalk View Machine Edition CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations.