CISA Releases Five Pulse Secure-Related MARs

Original release date: August 24, 2021

As part of CISA’s ongoing response to Pulse Secure compromises, CISA has analyzed five malware samples related to exploited Pulse Secure devices. CISA encourages users and administrators to review the following five malware analysis reports (MARs) for threat actor tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs), and review CISA’s Alert, Exploitation of Pulse Connect Secure Vulnerabilities, for more information.

This product is provided subject to this Notification and this Privacy & Use policy.

Hurricane-Related Scams

Original release date: August 21, 2021

The Cybersecurity and Infrastructure Security Agency (CISA) warns users to remain on alert for malicious cyber activity targeting potential disaster victims and charitable donors following a hurricane. Fraudulent emails—often containing malicious links or attachments—are common after major natural disasters. Exercise caution in handling emails with hurricane-related subject lines, attachments, or hyperlinks. In addition, be wary of social media pleas, texts, or door-to-door solicitations relating to severe weather events.

To avoid becoming victims of malicious activity, users and administrators should review the following resources and take preventative measures.

If you believe you have been a victim of cybercrime, file a complaint with the Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3) at www.ic3.gov.

This product is provided subject to this Notification and this Privacy & Use policy.

Urgent: Protect Against Active Exploitation of ProxyShell Vulnerabilities

Original release date: August 21, 2021

Malicious cyber actors are actively exploiting the following ProxyShell vulnerabilities: CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207. An attacker exploiting these vulnerabilities could execute arbitrary code on a vulnerable machine. CISA strongly urges organizations to identify vulnerable systems on their networks and immediately apply Microsoft’s Security Update from May 2021—which remediates all three ProxyShell vulnerabilities—to protect against these attacks.
 

     

    This product is provided subject to this Notification and this Privacy & Use policy.

    ISC Releases Security Advisory for BIND

    Original release date: August 19, 2021

    The Internet Systems Consortium (ISC) has released a security advisory that addresses a vulnerability affecting multiple versions of the ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit this vulnerability to cause a denial-of-service condition.

    CISA encourages users and administrators to review ISC advisory CVE-2021-25218 and apply the necessary updates or workarounds.

    This product is provided subject to this Notification and this Privacy & Use policy.

     Cisco Releases Security Updates for Multiple Products

    Original release date: August 19, 2021

    Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

    CISA encourages users and administrators to review the following Cisco advisories and apply the necessary updates:

    This product is provided subject to this Notification and this Privacy & Use policy.

    CISA Provides Recommendations for Protecting Information from Ransomware-Caused Data Breaches

    Original release date: August 18, 2021

    CISA has released the fact sheet Protecting Sensitive and Personal Information from Ransomware-Caused Data Breaches to address the increase in malicious cyber actors using ransomware to exfiltrate data and then threatening to sell or leak the exfiltrated data if the victim does not pay the ransom. These data breaches, often involving sensitive or personal information, can cause financial loss to the victim organization and erode customer trust.

    The fact sheet provides information for organizations to use in preventing and responding to ransomware-caused data breaches. CISA encourages organizations to adopt a heightened state of awareness and implement the recommendations listed in this fact sheet to reduce their risk to ransomware and protect sensitive and personal information. Review StopRansomware.gov for additional ransomware resources.

    This product is provided subject to this Notification and this Privacy & Use policy.

    Mozilla Releases Security Updates

    Original release date: August 18, 2021

    Mozilla has released security updates to address vulnerabilities in Firefox 91.0.1 and Thunderbird 91.0.1. An attacker could exploit some of these vulnerabilities to take control of an affected system.

    CISA encourages users and administrators to review Mozilla Security Advisory 2021-37 and apply the necessary updates.

    This product is provided subject to this Notification and this Privacy & Use policy.

    Adobe Releases Multiple Security Updates

    Original release date: August 18, 2021

    Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

    CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates:

    This product is provided subject to this Notification and this Privacy & Use policy.

    Google Releases Security Updates for Chrome

    Original release date: August 18, 2021

    Google has released Chrome version 92.0.4515.159 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

    CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates.

    This product is provided subject to this Notification and this Privacy & Use policy.

    CISA Releases Security Advisory for ThroughTek Kalay P2P SDK

    Original release date: August 17, 2021

    CISA has released an Industrial Control Systems (ICS) advisory detailing a vulnerability affecting several versions of ThroughTek Kalay P2P Software Development Kit (SDK). A remote attacker could exploit this vulnerability to take control of an affected system.

    CISA encourages users and administrators to review the ICS Advisory: ICSA-21-229-01 ThroughTek Kalay P2P SDK and the FireEye Mandiant blog: Mandiant Discloses Critical Vulnerability Affecting Millions of IoT Devices for more information and to apply the necessary update and mitigations.

    This product is provided subject to this Notification and this Privacy & Use policy.