Current Security Issues, Vulnerabilities, and Exploits
Current CISA Security Alerts
- CISA, EPA, and FBI Release Top Cyber Actions for Securing Water Systemson February 21, 2024
Today, CISA, the Environmental Protection Agency (EPA), and the Federal Bureau of Investigation (FBI) released the joint fact sheet Top Cyber Actions for Securing Water Systems. This fact sheet outlines the following practical actions Water and Wastewater Systems (WWS) Sector entities can take to better protect water systems from malicious cyber activity and provides actionable guidance to implement concurrently: Reduce Exposure to the Public-Facing Internet Conduct Regular Cybersecurity Assessments Change Default Passwords Immediately Conduct an Inventory of Operational Technology/Information Technology Assets Develop and Exercise Cybersecurity Incident Response and Recovery Plans Backup OT/IT Systems Reduce Exposure to Vulnerabilities Conduct Cybersecurity Awareness Training CISA, EPA, and FBI urge all WWS Sector and critical infrastructure organizations to review the fact sheet and implement the actions to improve resilience to cyber threat activity. Organizations can visit cisa.gov/water for additional sector tools, information, and resources.
- Mozilla Releases Security Updates for Firefox and Thunderbirdon February 21, 2024
Mozilla released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Mozilla Security Advisories and apply the necessary updates: MFSA 2024-05 for Firefox MFSA 2024-06 for Firefox ESR MFSA 2024-07 for Thunderbird
- CISA Releases Three Industrial Control Systems Advisorieson February 20, 2024
CISA released three Industrial Control Systems (ICS) advisories on February 20, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-051-01 Commend WS203VICM ICSA-24-051-02 Ethercat Zeek Plugin ICSA-24-051-03 Mitsubishi Electric Electrical Discharge Machines CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations.
- CISA and MS-ISAC Release Advisory on Compromised Account Used to Access State Government Organizationon February 15, 2024
Today, CISA and the Multi-State Information Sharing & Analysis Center (MS-ISAC) released a joint Cybersecurity Advisory (CSA), Threat Actor Leverages Compromised Account of Former Employee to Access State Government Organization to provide network defenders with the tactics, techniques, and procedures (TTPs) utilized by a threat actor and methods to protect against similar exploitation. Following an incident response assessment of a state government organization’s network environment, analysis confirmed compromise through network administrator credentials of a former employee. This allowed the threat actor to successfully authenticate to an internal virtual private network (VPN) access point. CISA and MS-ISAC encourage network defenders and organizations review the TTPs and implement the mitigations provided in the joint CSA. For more information, visit CISA’s Cross-Sector Cybersecurity Performance Goals.
- CISA Adds Two Known Exploited Vulnerabilities to Catalogon February 15, 2024
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2020-3259 Cisco ASA and FTD Information Disclosure Vulnerability CVE-2024-21410 Microsoft Exchange Server Privilege Escalation Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
- CISA Releases Seventeen Industrial Control Systems Advisorieson February 15, 2024
CISA released seventeen Industrial Control Systems (ICS) advisories on February 15, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-046-01 Siemens SCALANCE W1750D ICSA-24-046-02 Siemens SIDIS Prime ICSA-24-046-03 Siemens SIMATIC RTLS Gateways ICSA-24-046-04 Siemens CP343-1 Devices ICSA-24-046-05 Siemens Location Intelligence ICSA-24-046-06 Siemens Unicam FX ICSA-24-046-07 Siemens Tecnomatix Plant Simulation ICSA-24-046-08 Siemens RUGGEDCOM APE1808 ICSA-24-046-09 Siemens SCALANCE SC-600 Family ICSA-24-046-10 Siemens Simcenter Femap ICSA-24-046-11 Siemens SCALANCE XCM-/XRM-300 ICSA-24-046-12 Siemens SIMATIC WinCC, OpenPCS ICSA-24-046-13 Siemens Parasolid ICSA-23-046-14 Siemens Polarion ALM ICSA-24-046-15 Siemens SINEC NMS ICSA-24-046-16 Rockwell Automation FactoryTalk Service Platform ICSA-23-306-02 Mitsubishi Electric MELSEC iQ-F/iQ-R Series CPU Module (Update A) CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations.
- Adobe Releases Security Updates for Multiple Productson February 13, 2024
Adobe has released security updates to address vulnerabilities in Adobe software. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates. Adobe Commerce and Magento Adobe Substance 3D Painter Adobe Acrobat and Reader Adobe FrameMaker Publishing Server Adobe Audition Adobe Substance 3D Designer