Original release date: February 18, 2022

CISA has compiled and published a list of free cybersecurity services and tools to help organizations reduce cybersecurity risk and strengthen resiliency. This non-exhaustive living repository includes services provided by CISA, widely used open source tools, and free tools and services offered by private and public sector organizations across the cybersecurity community. Before turning to the free offerings, CISA strongly recommends organizations take certain foundational measures to implement a strong cybersecurity program:

• Fix known security flaws in software.
• Implement multifactor authentication.
• Take steps to halt bad practices, including the use of end-of-life software products and systems that rely on known/default/unchangeable passwords.
• Sign up for CISA’s Cyber Hygiene Vulnerability Scanning service.
• Reduce your attack surface by getting your “Stuff Off Search (S.O.S.).”

CISA encourages network defenders to take the measures above and consult the list of free cybersecurity services and tools to reduce the likelihood of a damaging cyber incident, detect malicious activity, respond to confirmed incidents, and strengthen resilience.

Original release date: February 17, 2022

Drupal has released security updates to address vulnerabilities affecting Drupal 7, 9.2, and 9.3. An attacker could exploit one of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the following Drupal security advisories and apply the necessary updates.

• SA-CORE-2022-003
• SA-CORE-2022-004

Original release date: February 16, 2022

Mozilla has released a security update to address a vulnerability in Thunderbird. An attacker could exploit this vulnerability to take control of an affected system.

CISA encourages users and administrators to review the Mozilla security advisory for Thunderbird 91.6.1 and make the necessary update.

Original release date: February 16, 2022

CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have released a joint Cybersecurity Advisory (CSA) highlighting regular targeting of U.S. cleared defense contractors (CDCs) by Russian state-sponsored cyber actors. These CDCs support contracts for the U.S. Department of Defense and Intelligence Community. The CSA provides incident response and remediation recommendations as well as mitigations to reduce the risk of compromise.

CISA encourages all critical infrastructure organizations to review the joint CSA: Russian State-Sponsored Cyber Actors Target Cleared Defense Contractor Networks to Obtain Sensitive U.S. Defense Information and Technology and apply the necessary mitigations. For more information on Russian state-sponsored malicious cyber activity see CISA’s Russia Cyber Threat Overview and Advisories page.

Original release date: February 15, 2022

The Federal Bureau of Investigation (FBI) and the United States Secret Service (USSS) have released a joint Cybersecurity Advisory (CSA) identifying indicators of compromise associated with BlackByte ransomware. BlackByte is a Ransomware-as-a-Service group that encrypts files on compromised Windows host systems, including physical and virtual servers.

CISA encourages organizations to review the joint FBI-USSS CSA and apply the recommended mitigations.