CISA Releases RedEye: Red Team Campaign Visualization and Reporting Tool

/in ,

Original release date: October 14, 2022

CISA has released RedEye, an interactive open-source analytic tool to visualize and report Red Team command and control activities. RedEye allows an operator to quickly assess complex data, evaluate mitigation strategies, and enable effective decision making.

For more information, CISA encourages users to review RedEye on GitHub and watch CISA’s RedEye tool overview video.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA Releases Twenty-Five Industrial Control Systems Advisories

/in ,

Original release date: October 13, 2022

CISA has released twenty-five (25) Industrial Control Systems (ICS) advisories on October 13, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations:

•    ICSA-22-286-01 Siemens LOGO!
•    ICSA-22-286-02 Siemens Industrial Edge Management
•    ICSA-22-286-03 Siemens Solid Edge
•    ICSA-22-286-04 Siemens SIMATIC S7-1200 and S7-1500 CPU Families
•    ICSA-22-286-05 Hitachi Energy Lumada Asset Performance Management Prognostic Model Executor Service
•    ICSA-22-286-06 Siemens Desigo PXM Devices Webserver
•    ICSA-22-286-07 Siemens Nucleus RTOS FTP Server
•    ICSA-22-286-08 Siemens TCP Event Service of SCALANCE and RUGGEDCOM Devices
•    ICSA-22-286-09 Siemens SICAM P850 and P855 Devices
•    ICSA-22-286-10 Siemens JT Open Toolkit and Simcenter Femap
•    ICSA-22-286-11 Siemens SCALANCE and RUGGEDCOM Products
•    ICSA-22-286-12 Siemens APOGEE, TALON and Desigo PXC/PXM Products
•    ICSA-22-286-13 Siemens LOGO! 8 BM Devices
•    ICSA-22-286-14 Siemens SIMATIC HMI Panels
•    ICSA-22-286-15 Siemens SCALANCE X-200 and X-200IRT Families
•    ICSA-22-286-16 Siemens Desigo CC and Cerberus DMS
•    ICSA-21-250-01 Mitsubishi Electric MELSEC iQ-R Series (UpdateA)
•    ICSA-21-287-03 Mitsubishi Electric MELSEC iQ-R Series (UpdateA)
•    ICSA-22-104-06 Siemens PROFINET Stack Integrated on Interniche Stack (Update D)
•    ICSA-22-069-03 Siemens SINEC NMS (Update A)
•    ICSA-21-287-07 Siemens SCALANCE (Update A)
•    ICSA-21-315-06 Siemens SCALANCE W1750D (Update A)
•    ICSA-22-167-06 Siemens Apache HTTP Server (Update A)
•    ICSA-22-167-14 Siemens OpenSSL Affected Industrial Products (Update D)
•    ICSA-22-132-08 Siemens Industrial Products with OPC UA (Update C)
 

This product is provided subject to this Notification and this Privacy & Use policy.

Adobe Releases Security Updates for Multiple Products

/in ,

Original release date: October 11, 2022 | Last revised: October 12, 2022

Adobe has released security updates to address multiple vulnerabilities in Adobe software. An attacker can exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review Adobe Security Bulletins and apply the necessary updates.
•    Adobe Cold Fusion APSB22-44 
•    Adobe Acrobat and Reader APSB22-46
•    Adobe Commerce and Magneto Open Source APSB22-48
•    Adobe Dimension APSB22-57

This product is provided subject to this Notification and this Privacy & Use policy.

Microsoft Releases October 2022 Security Updates

/in ,

Original release date: October 11, 2022

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review Microsoft’s October 2022 Security Update Summary and Deployment Information and apply the necessary updates.
 

This product is provided subject to this Notification and this Privacy & Use policy.

CISA Has Added One Known Exploited Vulnerability to Catalog

/in ,

Original release date: October 11, 2022

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. This type of vulnerability is a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: To view the newly added vulnerabilities in the catalog, click on the arrow in the “Date Added to Catalog” column, which will sort by descending dates.      

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise. BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.   

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the specified criteria. 

This product is provided subject to this Notification and this Privacy & Use policy.

CISA Releases Three Industrial Control Systems Advisories

/in ,

Original release date: October 7, 2022 | Last revised: October 11, 2022

CISA has released three Industrial Control Systems (ICS) advisories on October 11, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.  

CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations:  

This product is provided subject to this Notification and this Privacy & Use policy.

FBI and CISA Publish a PSA on Information Manipulation Tactics for 2022 Midterm Elections

/in ,

Original release date: October 7, 2022

Title: FBI and CISA Publish a PSA on Information Manipulation Tactics for 2022 Midterm Elections
 
Content:
The Federal Bureau of Investigation (FBI) and CISA have published a joint public service announcement that:

  • Describes methods that foreign actors use to spread and amplify false information—including reports of alleged malicious cyber activity—in attempts to undermine trust in election infrastructure.
  • Confirms “the FBI and CISA have no information suggesting any cyber activity against U.S. election infrastructure has impacted the accuracy of voter registration information, prevented a registered voter from casting a ballot, or compromised the integrity of any ballots cast.”

The PSA also describes the extensive safeguards in place to protect election infrastructure and includes recommendations to assist the public in understanding how to find trustworthy sources of election-related information.

This product is provided subject to this Notification and this Privacy & Use policy.

Top CVEs Actively Exploited by People’s Republic of China State-Sponsored Cyber Actors   

/in ,

Original release date: October 6, 2022

CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have released a joint Cybersecurity Advisory (CSA) providing the top Common Vulnerabilities and Exposures (CVEs) used since 2020 by People’s Republic of China (PRC) state-sponsored cyber actors. PRC state-sponsored cyber actors continue to exploit known vulnerabilities to actively target U.S. and allied networks, including software and hardware companies to illegally obtain intellectual property and develop access into sensitive networks.

CISA, the FBI, and the NSA urge U.S. and allied governments, critical infrastructure, and private sector organizations to apply the recommendations listed in the Top CVEs Actively Exploited by People’s Republic of China State-Sponsored Cyber Actors to increase their defensive posture and reduce the threat of compromise from PRC state-sponsored malicious cyber actors.

For more information on PRC state-sponsored malicious cyber activity, see CISA’s China Cyber Threat Overview and Advisories webpage, the FBI’s Industry Alerts, and the NSA’s Cybersecurity Advisories & Guidance.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA Releases Two Industrial Control Systems Advisories

/in ,

Original release date: October 6, 2022

CISA released two (2) Industrial Control Systems (ICS) advisories on October 06, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations:

This product is provided subject to this Notification and this Privacy & Use policy.

Cisco Releases Security Updates for Multiple Products

/in ,

Original release date: October 6, 2022

Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. 

CISA encourages users and administrators to review the following advisories and apply the necessary updates:

•    Cisco Enterprise NFV Infrastructure Software Improper Signature Verification Vulnerability cisco-sa-NFVIS-ISV-BQrvEv2h 
•    Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities cisco-sa-expressway-csrf-sqpsSfY6

This product is provided subject to this Notification and this Privacy & Use policy.