Apache Releases Security Advisory for Tomcat

Original release date: July 13, 2021

The Apache Software Foundation has released a security advisory to address a vulnerability in multiple versions of Tomcat. An attacker could exploit this vulnerability to obtain sensitive information.

CISA encourages users and administrators to review Apache’s security advisory and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

SolarWinds Releases Advisory for Serv-U Vulnerability

Original release date: July 13, 2021

SolarWinds has released an advisory addressing a vulnerability—CVE-2021-35211—affecting Serv-U Managed File Transfer and Serv-U Secure FTP. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system. Note: this vulnerability does not affect any other SolarWinds or N-able (formerly SolarWinds MSP) products.

CISA encourages users and administrators to review the SolarWinds advisory and install the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

 Adobe Releases Security Updates for Multiple Products 

Original release date: July 13, 2021

Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review Adobe’s Security Bulletins and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Mozilla Releases Security Updates for Firefox

Original release date: July 13, 2021

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the Mozilla Security Advisory for Firefox 90 and Firefox ESR 78.12 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Kaseya Provides Security Updates for VSA On-Premises Software Vulnerabilities

Original release date: July 12, 2021

Kaseya has released VSA version 9.5.7a for their VSA On-Premises software. This version addresses vulnerabilities that enabled the ransomware attacks on Kaseya’s customers.

CISA strongly urges Kaseya customers closely follow the instructions detailed in the Kaseya security notice and contact Kaseya should they require implementation assistance. Note: the Kaseya security notice includes Startup Runbooks and Hardening and Best Practice Guides for both VSA On-Premises and VSA SaaS.

This product is provided subject to this Notification and this Privacy & Use policy.

Critical ForgeRock Access Management Vulnerability

Original release date: July 12, 2021

Malicious cyber actors are actively exploiting a pre-authorization remote code execution vulnerability (CVE-2021-35464) in ForgeRock Access Management—a commercial open access management solution that is based on OpenAM, an open-source access management solution. An attacker exploiting this vulnerability can execute commands in the context of the current user. The vulnerability affects Access Management versions 6.0.0.x, 6.5.0.x, 6.5.1, 6.5.2.x and 6.5.3 and older unsupported versions.

CISA recommends Access Management users:

This product is provided subject to this Notification and this Privacy & Use policy.

CISA Publishes Malware Analysis Report and Updates Alert on DarkSide Ransomware

Original release date: July 7, 2021 | Last revised: July 8, 2021

CISA has published a new [Malware Analysis Report (MAR) on DarkSide Ransomware] and updated Alert AA21-131A: DarkSide Ransomware: Best Practices for Preventing Business Disruption from Ransomware Attacks, originally released May 11, 2021. This update adds indicators of compromise associated with a DarkSide ransomware variant that executes a dynamic-link library used to delete Volume Shadow copies available on the system.

CISA encourages users and administrators to review the following resources for more information:

This product is provided subject to this Notification and this Privacy & Use policy.

CISA Releases Analysis of FY20 Risk and Vulnerability Assessments

Original release date: July 8, 2021

CISA has released an analysis and infographic detailing the findings from the Risk and Vulnerability Assessments (RVAs) conducted in Fiscal Year (FY) 2020 across multiple sectors.

The analysis details a sample attack path a cyber threat actor could take to compromise an organization with weaknesses that are representative of those CISA observed in FY20 RVAs. The infographic provides a high-level snapshot of five potential attack paths and breaks out the most successful techniques for each tactic that the RVAs documented. Both the analysis and the infographic map threat actor behavior to the MITRE ATT&CK® framework.

CISA encourages network defenders to review the analysis and infographic and apply the recommended mitigations to protect against the observed tactics and techniques. For information on CISA RVAs and additional services, visit the CISA Cyber Resource Hub.

 

This product is provided subject to this Notification and this Privacy & Use policy.

Cisco Releases Security Updates for Multiple Products

Original release date: July 8, 2021

Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

CISA encourages users and administrators to review the following Cisco advisories and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.

Microsoft Releases Out-of-Band Security Updates for PrintNightmare

Original release date: July 6, 2021

Microsoft has released out-of-band security updates to address a remote code execution (RCE) vulnerability—known as PrintNightmare (CVE-2021-34527)—in the Windows Print spooler service. According to the CERT Coordination Center (CERT/CC), “The Microsoft Windows Print Spooler service fails to restrict access to functionality that allows users to add printers and related drivers, which can allow a remote authenticated attacker to execute arbitrary code with SYSTEM privileges on a vulnerable system.”

The updates are cumulative and contain all previous fixes as well as protections for CVE-2021-1675. The updates do not include Windows 10 version 1607, Windows Server 2012, or Windows Server 2016—Microsoft states updates for these versions are forthcoming. Note: According to CERT/CC, “the Microsoft update for CVE-2021-34527 only appears to address the Remote Code Execution (RCE via SMB and RPC) variants of the PrintNightmare, and not the Local Privilege Escalation (LPE) variant.” See CERT/CC Vulnerability Note VU #383432 for workarounds for the LPE variant.

CISA encourages users and administrators to review the Microsoft Security Updates as well as CERT/CC Vulnerability Note VU #383432 and apply the necessary updates or workarounds. For additional background, see CISA’s initial Current Activity on PrintNightmare.

 

This product is provided subject to this Notification and this Privacy & Use policy.