FBI-CISA Advisory on Ransomware Awareness for Holidays and Weekends

Original release date: August 31, 2021

Today, the Federal Bureau of Investigation (FBI) and CISA released a Joint Cybersecurity Advisory (CSA) to urge organizations to ensure they protect themselves against ransomware attacks during holidays and weekends—when offices are normally closed.

Although FBI and CISA do not currently have any specific threat reporting indicating a cyberattack will occur over the upcoming Labor Day holiday, malicious cyber actors have launched serious ransomware attacks during other holidays and weekends in 2021. The Joint CSA identifies both immediate and longer term actions organizations can take to protect against the rise in ransomware, including:

CISA and the FBI encourage users to examine their current cybersecurity posture and implement the recommended mitigations in the Joint CSA to manage the risk posed by all cyber threats, including ransomware.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA Adds Single-Factor Authentication to list of Bad Practices

Original release date: August 30, 2021

Today, CISA added the use of single-factor authentication for remote or administrative access systems to our Bad Practices list of exceptionally risky cybersecurity practices. Single-factor authentication is a common low-security method of authentication. It only requires matching one factor—such as a password—to a username to gain access to a system.

Although these Bad Practices should be avoided by all organizations, they are especially dangerous in organizations that support Critical Infrastructure or National Critical Functions.  

CISA encourages all organizations to review the Bad Practices webpage and to engage in the necessary actions and critical conversations to address Bad Practices. For guidance on setting up strong authentication, see the CISA Capacity Enhancement Guide: Implementing Strong Authentication.

This product is provided subject to this Notification and this Privacy & Use policy.

Microsoft Azure Cosmos DB Guidance

Original release date: August 27, 2021

CISA is aware of a misconfiguration vulnerability in Microsoft’s Azure Cosmos DB that may have exposed customer data. Although the misconfiguration appears to have been fixed within the Azure cloud, CISA strongly encourages Azure Cosmos DB customers to roll and regenerate their certificate keys and to review Microsoft’s guidance on how to Secure access to data in Azure Cosmos DB

This product is provided subject to this Notification and this Privacy & Use policy.

FBI Releases Indicators of Compromise Associated with Hive Ransomware

Original release date: August 27, 2021

The Federal Bureau of Investigation (FBI) has released a Flash report detailing indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) associated with ransomware attacks by Hive, a likely Ransomware-as-a-Service organization consisting of a number of actors using multiple mechanisms to compromise business networks, exfiltrate data and encrypt data on the networks, and attempt to collect a ransom in exchange for access to the decryption software.

CISA encourages users and administrators to review the technical details, IOCs, and TTPs in FBI Flash MC-000150-MW and apply the recommend mitigations.

This product is provided subject to this Notification and this Privacy & Use policy.

 ICSJWG 2021 Fall Virtual Meeting

Original release date: August 27, 2021

The Industrial Control Systems Joint Working Group (ICSJWG) will hold the virtual 2021 ICSJWG Fall Meeting, September 21—22, 2021. ICSJWG meetings facilitate relationship building among critical infrastructure stakeholders and owners/operators of industrial control systems, idea exchange regarding critical issues affecting industrial control systems (ICS) cybersecurity, and information sharing to reduce the risk to the nation’s industrial control systems.

The ICSJWG bi-annual meeting will feature two full days of presentations, a Table-Top Exercise introductory session, technical workshop activities, and a CISA ICS Training overview. Register no later than September 17, 2021 to attend. Visit the ICSJWG website or the ICSJWG 2021 Fall Virtual Meeting website for more information.

This product is provided subject to this Notification and this Privacy & Use policy.

Cisco Releases Security Updates for Multiple Products

Original release date: August 26, 2021

Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

CISA encourages users and administrators to review the following Cisco advisories and apply the necessary updates:

 

This product is provided subject to this Notification and this Privacy & Use policy.

VMware Releases Security Updates for Multiple Products 

Original release date: August 25, 2021

VMware has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review VMware Security Advisory VMSA-2021-0018 and apply the necessary updates or workarounds.

This product is provided subject to this Notification and this Privacy & Use policy.

FBI Releases Indicators of Compromise Associated with OnePercent Group Ransomware

Original release date: August 25, 2021

The Federal Bureau of Investigation (FBI) has released a Flash report detailing indicators of compromise (IOCs) associated with ransomware attacks by the OnePercent Group, a cyber-criminal organization known since November 2020 for using Cobalt Strike in phishing attacks against U.S. companies.

CISA encourages users and administrators to review the technical details and IOCs in FBI Flash CU-000149-MW and apply the recommend mitigations.

This product is provided subject to this Notification and this Privacy & Use policy.

F5 Releases August 2021 Security Advisory

Original release date: August 25, 2021

F5 has released a security advisory on vulnerabilities affecting multiple versions of BIG-IP and BIG-IQ for August 2021.

CISA encourages users and administrators to review the F5 security advisory and install updated software or apply the necessary mitigations as soon as possible.

This product is provided subject to this Notification and this Privacy & Use policy.

OpenSSL Releases Security Update 

Original release date: August 25, 2021

OpenSSL has released a security update to address vulnerabilities affecting versions 1.1.1k and below. An attacker could exploit these vulnerabilities to cause a denial-of-service condition.

CISA encourages users and administrators to review the OpenSSL Security Advisory and apply the necessary update.

 

This product is provided subject to this Notification and this Privacy & Use policy.