Drupal Releases Security Update

Original release date: September 30, 2022

Drupal has released a security update to address a vulnerability affecting multiple versions of Drupal. An attacker could exploit this vulnerability to access sensitive information. For advisories addressing lower severity vulnerabilities, see Drupal’s Security advisories.

CISA encourages users and administrators to review Drupal’s security advisory SA-CORE-2022-016 and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.

Cisco Releases Security Updates for Multiple Products

Original release date: September 30, 2022

Cisco has released security updates for vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing high and low severity vulnerabilities, see the Cisco Security Advisories page.

CISA encourages users and administrators to review the advisories and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Mozilla Releases Security Update for Thunderbird

Original release date: September 30, 2022

Mozilla has released a security update to address a vulnerability in Thunderbird. An attacker could exploit this vulnerability to take control of an affected system.

CISA encourages users and administrators to review the Mozilla security advisory for Thunderbird 102.3.1 and make the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.

Hurricane-Related Scams 

Original release date: September 30, 2022

CISA warns users to remain on alert for malicious cyber activity targeting potential disaster victims and charitable donors following a hurricane. Fraudulent emails—often containing malicious links or attachments—are common after major natural disasters. Exercise caution in handling emails with hurricane-related subject lines, attachments, or hyperlinks. In addition, be wary of social media pleas, texts, or door-to-door solicitations relating to severe weather events. 

To avoid becoming victims of malicious activity, users and administrators should review the following resources and take preventative measures. 

Staying Alert to Disaster-related Scams 

Before Giving to a Charity 

Staying Safe on Social Networking Sites  

Avoiding Social Engineering and Phishing Attacks 

Using Caution with Email Attachments 

If you believe you have been a victim of cybercrime, file a complaint with Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3) at www.ic3.gov. 

This product is provided subject to this Notification and this Privacy & Use policy.

Microsoft Releases Guidance on Zero-Day Vulnerabilities in Microsoft Exchange Server

Original release date: September 30, 2022

Microsoft has released Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server. According to the blog post, “Microsoft is aware of limited targeted attacks using the two vulnerabilities to get into users’ systems.” The two vulnerabilities are CVE-2022-41040 and CVE-2022-41082, affecting on-premises Microsoft Exchange Server 2013, 2016, and 2019. Note: Microsoft Exchange Online is not affected. 

An attacker could exploit these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review Microsoft’s Security Advisory and apply the necessary mitigations until patches are made available.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA Adds Three Known Exploited Vulnerabilities to Catalog

Original release date: September 30, 2022

CISA has added three vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow in the “Date Added to Catalog” column, which will sort by descending dates.      

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise. BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.   

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the specified criteria.  

This product is provided subject to this Notification and this Privacy & Use policy.

VMWare Releases Guidance for VirtualPITA, VirtualPIE, and VirtualGATE Malware Targeting vSphere

Original release date: September 29, 2022

VMWare has released Protecting vSphere From Specialized Malware, addressing malware artifacts known as VirtualPITA (ESXi & Linux), VirtualPIE (ESXi), and VirtualGATE (Windows), which are used to exploit and gain persistent access to instances of ESXi.

CISA urges organizations employing VMWare ESXi to review the following for more information and to apply recommended mitigations and threat hunting guidance:

This product is provided subject to this Notification and this Privacy & Use policy.

CISA Publishes User Guide to Prepare for Nov. 1 Move to TLP 2.0

Original release date: September 29, 2022

CISA has published its Traffic Light Protocol 2.0 User Guide and Traffic Light Protocol: Moving to Version 2.0 fact sheet in preparation for its November 1, 2022 move from Traffic Light Protocol (TLP) Version 1.0 to TLP 2.0.

Managed by the Forum of Incident Response and Security Teams (FIRST), TLP is a system of markings that communicates information sharing permissions. According to FIRST, the purpose of TLP is “to facilitate greater sharing of potentially sensitive information and more effective collaboration.” Note: Unlike formal classification systems, TLP is not legally binding.

TLP Version 2.0 brings the following key updates:

  • TLP:CLEAR replaces TLP:WHITE for publicly releasable information.
  • TLP:AMBER+STRICT supplements TLP:AMBER, clarifying when information may be shared with the recipient’s organization only.

Note: CISA’s Automated Indicator Sharing (AIS) capability will not update from TLP 1.0 to TLP 2.0 until March 2023. This exception includes AIS’s use of the following open standards: the Structured Threat Information Expression (STIX™) for cyber threat indicators and defensive measures information and the Trusted Automated Exchange of Intelligence Information (TAXII™) for machine-to-machine communications.

As CISA prepares to implement this update, we want to inform partners of the upcoming change and encourage all network defenders to adopt TLP Version 2.0 to facilitate greater information sharing and collaboration.

For more information on TLP, visit FIRST’s TLP webpage at www.first.org/tlp/. On November 1, 2022, CISA will update www.cisa.gov/tlp to reflect the TLP Version 2.0 changes.

 

This product is provided subject to this Notification and this Privacy & Use policy.

CISA Releases Six Industrial Control Systems Advisories

Original release date: September 28, 2022 | Last revised: September 29, 2022

CISA has released six (6) Industrial Control Systems (ICS) advisories on September 29, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. 

CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations: 

This product is provided subject to this Notification and this Privacy & Use policy.

CISA Updates Advisory on Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite

Original release date: September 27, 2022

CISA and the Multi-State Information Sharing & Analysis Center (MS-ISAC) has updated joint Cybersecurity Advisory AA22-228A: Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite, originally released August 16, 2022. The advisory has been updated to include additional Malware Analysis Reports and indicators of compromise.

CISA encourages organizations to review the latest update to AA22-228A and apply the recommended mitigations.
 

This product is provided subject to this Notification and this Privacy & Use policy.