Original release date: October 5, 2021

CISA and the National Cybersecurity Alliance (NCSA) remind users to continue to “Do Your Part. #BeCyberSmart.” during October—2021’s Cybersecurity Awareness Month!
 
In 2021, CISA and NCSA will focus on different outreach themes each week to include:  

• Be Cyber Smart
• Phight the Phish!
• Explore. Experience. Share. – Cybersecurity Career Awareness Week
• Cybersecurity First

 As part of the STOP.THINK.CONNECT.™ national public awareness campaign, CISA is also sharing Cybersecurity Awareness Month Resources to reduce cybersecurity risks and protect you online. CISA reminds users that cybersecurity is a proactive responsibility, and individuals and organizations should implement strong security practices to stay safer and more secure online.
 
Visit CISA’s Cybersecurity Awareness Month webpage for more guidance and resources.

Original release date: September 28, 2021

The National Security Agency (NSA) and CISA have released the cybersecurity information sheet Selecting and Hardening Standards-based Remote Access VPN Solutions to address the potential security risks associated with using Virtual Private Networks (VPNs). Remote-access VPN servers allow off-site users to tunnel into protected networks, making these entry points vulnerable to exploitation by malicious cyber actors.

Exploitation of these devices can enable:

• Credential harvesting
• Remote code execution on the VPN device
• Cryptographic weakening of encrypted traffic sessions
• Hijacking of encrypted traffic sessions
• Arbitrary reads of sensitive data (e.g., configurations, credentials, keys) from the device

The information sheet helps organizations select standards-based (rather than proprietary) VPN solutions and provides hardening guidance to prevent compromise and respond to attacks.

CISA encourages organizations to review and adopt recommendations in the information sheet to reduce risk.

Original release date: September 24, 2021

On September 21, 2021, VMware disclosed that its vCenter Server is affected by an arbitrary file upload vulnerability—CVE-2021-22005—in the Analytics service. A malicious cyber actor with network access to port 443 can exploit this vulnerability to execute code on vCenter Server.

On September 24, 2021, VMware confirmed reports that CVE-2021-22005 is being exploited in the wild. Security researchers are also reporting mass scanning for vulnerable vCenter Servers and publicly available exploit code. Due to the availability of exploit code, CISA expects widespread exploitation of this vulnerability.

To mitigate CVE-2021-22005, CISA strongly urges critical infrastructure entities and other organizations with affected vCenter Server versions to take the following actions.

• Upgrade to a fixed version as quickly as possible. See VMware Security Advisory VMSA-2021-0020 for patching information.
• Apply the temporary workaround provided by VMware, if unable to upgrade to a fixed version immediately. See VMware’s workaround instructions for CVE-2021-22005, supplemental blog post, and frequently asked questions for additional information.

Original release date: September 23, 2021

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit these vulnerabilities to take control of an affected system. These vulnerabilities have been detected in exploits in the wild.

CISA encourages users and administrators to review the Apple security page for iOS 12.5.5 and Security Update 2021-006 Catalina and apply the necessary updates as soon as possible.