CISA Releases Seven Industrial Control Systems Advisories

Original release date: November 29, 2022

CISA released seven (7) Industrial Control Systems (ICS) advisories on November 29, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations:

This product is provided subject to this Notification and this Privacy & Use policy.

CISA Adds Two Known Exploited Vulnerabilities to Catalog

Original release date: November 28, 2022

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view the newly added vulnerabilities in the catalog, click on the arrow in the “Date Added to Catalog” column, which will sort by descending dates.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise. BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the specified criteria.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA Releases Eight Industrial Control Systems Advisories

Original release date: November 22, 2022

CISA has released eight (8) Industrial Control Systems (ICS) advisories on 22 November 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations:

•    ICSA-22-326-01 AVEVA Edge
•    ICSA-22-326-02 Digital Alert Systems DASDEC
•    ICSA-22-326-03 Phoenix Contact Automation Worx
•    ICSA-22-326-04 GE Cimplicity
•    ICSA-22-326-05 Moxa Multiple ARM-Based Computers
•    ICSMA-21-152-01 Hillrom Medical Device Management (Update C)
•    ICSA-20-212-04 Mitsubishi Electric Factory Automation Engineering Products (Update I)
•    ICSA-21-049-02 Mitsubishi Electric FA Engineering Software Products (Update G)
 

This product is provided subject to this Notification and this Privacy & Use policy.

CISA, NSA, and ODNI Release Guidance for Customers on Securing the Software Supply Chain 

Original release date: November 14, 2022 | Last revised: November 17, 2022

Today, CISA, the National Security Agency (NSA), and the Office of the Director of National Intelligence (ODNI), published the third of a three-part series on securing the software supply chain: Securing Software Supply Chain Series – Recommended Practices Guide for Customers. This publication follows the August 2022 release of guidance for developers and October 2022 release of guidance for suppliers.

The guidance released today, along with its accompanying fact sheet, provides recommended practices for software customers to ensure the integrity and security of software during the procuring and deployment phases.

The Securing Software Supply Chain Series is an output of the Enduring Security Framework (ESF), a public-private cross-sector working group led by NSA and CISA. This series complements other U.S. government efforts underway to help the software ecosystem secure the supply chain, such as the software bill of materials (SBOM) community.

CISA encourages all organizations that participate in the software supply chain to review the guidance. See CISA’s Information and Communications Technology (ICT) Supply Chain Risk Management Task Force, ICT Supply Chain Resource Library, and National Risk Management Center (NRMC) webpages for additional guidance.

This product is provided subject to this Notification and this Privacy & Use policy.

#StopRansomware: Hive

Original release date: November 17, 2022

Today, CISA, the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) released joint Cybersecurity Advisory (CSA) #StopRansomware: Hive Ransomware to provide network defenders tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) associated with Hive ransomware variants. FBI investigations identified these TTPs and IOCs as recently as November 2022. 

Hive ransomware has targeted a wide range of businesses and critical infrastructure sectors, including Government Facilities, Communications, Critical Manufacturing, Information Technology, and—especially—Healthcare and Public Health (HPH).

CISA encourages network defenders to review the CSA and to apply the included mitigations. See StopRansomware.gov for additional guidance on ransomware protection, detection, and response. 

This product is provided subject to this Notification and this Privacy & Use policy.

CISA Releases Two Industrial Control Systems Advisories

Original release date: November 17, 2022

CISA has released two (2) Industrial Control Systems (ICS) advisories on November 17, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations:

•    ICSA-22-321-01 Red Lion Crimson
•    ICSA-22-321-02 Cradlepoint IBR600

This product is provided subject to this Notification and this Privacy & Use policy.

Cisco Releases Security Updates for Identity Services Engine

Original release date: November 16, 2022

Cisco has released security updates for vulnerabilities affecting Cisco Identity Services Engine (ISE). A remote attacker could exploit some of these vulnerabilities to bypass authorization and access system files. For updates addressing vulnerabilities, see the Cisco Security Advisories page.   

CISA encourages users and administrators to review the following advisories and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.

Samba Releases Security Updates

Original release date: November 16, 2022

The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review Samba security announcement CVE-2022-42898 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Mozilla Releases Security Updates for Multiple Products

Original release date: November 16, 2022

Mozilla has released security updates to address vulnerabilities in Thunderbird, Firefox ESR, and Firefox. An attacker could exploit these vulnerabilities to cause user confusion or conduct spoofing attacks.

CISA encourages users and administrators to review Mozilla’s security advisories for Thunderbird 102.5, Firefox ESR 102.5, and Firefox 107 for mitigations and updates.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA and FBI Release Advisory on Iranian Government-Sponsored APT Actors Compromising Federal Network

Original release date: November 16, 2022

Today, CISA and the Federal Bureau of Investigation (FBI) published a joint Cybersecurity Advisory (CSA), Iranian Government-Sponsored APT Actors Compromise Federal Network, Deploy Crypto Miner, Credential Harvester. The CSA provides information on an incident at a Federal Civilian Executive Branch (FCEB) organization in which Iranian government-sponsored APT actors exploited a Log4Shell vulnerability in unpatched VMware Horizon server.

The CSA includes a malware analysis report (MAR), MAR-10387061-1-v1 XMRig Cryptocurrency Mining Software, on the mining software that the APT actors used against the compromised FCEB network. The CSA also provides tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) obtained from the incident response as well as recommended mitigations.

CISA and FBI strongly recommend organizations apply the recommended mitigations and defensive measures, which include:

  • Updating affected VMware Horizon and unified access gateway (UAG) systems to the latest version.
  • Minimizing your organization’s internet-facing attack surface.
  • Exercising, testing, and validating your organization’s security program against the threat behaviors mapped to the MITRE ATT&CK for Enterprise framework in the CSA.
  • Testing your organization’s existing security controls against the ATT&CK techniques described in the CSA. 

For additional information on malicious Iranian government-sponsored cyber activity, see CISA’s Iran Cyber Threat Overview and Advisories webpage and FBI’s Iran Threats webpage.

This product is provided subject to this Notification and this Privacy & Use policy.