Drupal Releases Security Updates

Original release date: April 22, 2021

Drupal has released security updates to address a vulnerability affecting Drupal 7, 8.9, 9.0, and 9.1. An attacker could exploit this vulnerability to take control of an affected system.

CISA encourages users and administrators to review Drupal Advisory SA-CORE-2021-002 and apply the necessary updates or mitigations.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA Incident Response to SUPERNOVA Malware

Original release date: April 22, 2021

CISA has released AR21-112A: CISA Identifies SUPERNOVA Malware During Incident Response to provide analysis of a compromise in an organization’s enterprise network by an advance persistent threat actor. This report provides tactics, techniques, and procedures CISA observed during the incident response engagement.

CISA encourages organizations to review AR21-112A for more information.

This product is provided subject to this Notification and this Privacy & Use policy.

Google Releases Security Updates for Chrome

Original release date: April 21, 2021

Google has released Chrome version 90.0.4430.85 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

SonicWall Releases Patches for Email Security Products

Original release date: April 21, 2021

CISA is aware of three vulnerabilities affecting SonicWall Email Security products: CVE-2021-20021, CVE-2021-20022, and CVE-2021-20023. A remote attacker could exploit these vulnerabilities to take control of an affected system. According to SonicWall, “In at least one known case, these vulnerabilities have been observed to be exploited ‘in the wild.’”

CISA encourages users and administrators to review the SonicWall security advisory and apply the necessary update as soon as possible. Note: SonicWall released patches for CVE-2021-20021 and CVE-2021-20022 on April 9, 2021, and for CVE-2021-20023 on April 20, 2021.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA Issues Emergency Directive on Pulse Connect Secure

Original release date: April 20, 2021

CISA has issued Emergency Directive (ED) 21-03, as well as Alert AA21-110A, to address the exploitation of vulnerabilities affecting Pulse Connect Secure (PCS) software. An attacker could exploit these vulnerabilities to gain persistent system access and take control of the enterprise network operating the vulnerable PCS device. These vulnerabilities are being exploited in the wild. 

Specifically, ED 21-03 directs federal departments and agencies to run the Pulse Connect Secure Integrity Tool on all instances of PCS virtual and hardware appliances to determine whether any PCS files have been maliciously modified or added.  

Although ED 21-03 applies to Federal Civilian Executive Branch departments and agencies, CISA strongly recommends state and local governments, the private sector, and others to run the Pulse Connect Secure Integrity Tool and review ED 21-03: Mitigate Pulse Connect Secure Product Vulnerabilities for additional mitigation recommendations. 
 

This product is provided subject to this Notification and this Privacy & Use policy.

CISA Releases Alert on Exploitation of Pulse Connect Secure Vulnerabilities

Original release date: April 20, 2021

CISA is aware of ongoing exploitation of Ivanti Pulse Connect Secure vulnerabilities compromising U.S. government agencies, critical infrastructure entities, and private sector organizations.

In response, CISA has released Alert AA21-110A: Exploitation of Pulse Connect Secure Vulnerabilities to offer technical details regarding this activity. Ivanti has provided a mitigation and is developing a patch.

CISA strongly encourages organizations using Ivanti Pulse Connect Secure appliances to follow the guidance in Alert AA21-110A, which includes:

For additional information regarding this ongoing exploitation, see the FireEye blog post: Check Your Pulse: Suspected APT Actors Leverage Authentication Bypass Techniques and Pulse Secure Zero-Day.

This product is provided subject to this Notification and this Privacy & Use policy.

Oracle Releases April 2021 Critical Patch Update

Original release date: April 20, 2021

Oracle has released its Critical Patch Update for April 2021 to address 384 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the Oracle April 2021 Critical Patch Update and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Mozilla Releases Security Update for Firefox, Firefox ESR, and Thunderbird

Original release date: April 20, 2021

Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker can exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the Mozilla Security Advisories for Firefox 88, Firefox ESR 78.10, and Thunderbird 78.10, and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

VMware Releases Security Update

Original release date: April 20, 2021

VMware has released a security update to address a vulnerability affecting NSX-T. An attacker can exploit this vulnerability to take control of an affected system

CISA encourages users and administrators to review VMSA-2021-0006 and apply the necessary update and workaround.

This product is provided subject to this Notification and this Privacy & Use policy.

WordPress Releases Security and Maintenance Update

Original release date: April 16, 2021

WordPress versions 4.7-5.7 are affected by multiple vulnerabilities. An attacker could exploit one of these vulnerabilities to take control of an affected website. 

CISA encourages users and administrators to review the WordPress Security and Maintenance Release and upgrade to WordPress 5.7.1.

This product is provided subject to this Notification and this Privacy & Use policy.