Original release date: August 27, 2021

The Federal Bureau of Investigation (FBI) has released a Flash report detailing indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) associated with ransomware attacks by Hive, a likely Ransomware-as-a-Service organization consisting of a number of actors using multiple mechanisms to compromise business networks, exfiltrate data and encrypt data on the networks, and attempt to collect a ransom in exchange for access to the decryption software.

CISA encourages users and administrators to review the technical details, IOCs, and TTPs in FBI Flash MC-000150-MW and apply the recommend mitigations.

Original release date: August 26, 2021

Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

CISA encourages users and administrators to review the following Cisco advisories and apply the necessary updates:

• Cisco Application Policy Infrastructure Controller Arbitrary File Read and Write Vulnerability cisco-sa-capic-frw-Nt3RYxR2
• BlackBerry QNX-2021-001 Vulnerability Affecting Cisco Products: August 2021 cisco-sa-qnx-TOxjVPdL
• Cisco NX-OS Software VXLAN OAM (NGOAM) Denial of Service Vulnerability cisco-sa-nxos-ngoam-dos-LTDb9Hv
• Cisco NX-OS Software MPLS OAM Denial of Service Vulnerability cisco-sa-nxos-mpls-oam-dos-sGO9x5GM
• Cisco Nexus 9000 Series Fabric Switches ACI Mode Multi-Pod and Multi-Site TCP Denial of Service Vulnerability cisco-sa-n9kaci-tcp-dos-YXukt6gM
• Cisco Nexus 9000 Series Fabric Switches ACI Mode Queue Wedge Denial of Service Vulnerability cisco-sa-n9kaci-queue-wedge-cLDDEfKF
• Cisco Application Policy Infrastructure Controller Privilege Escalation Vulnerability cisco-sa-capic-pesc-pkmGK4J
• Cisco Application Policy Infrastructure Controller App Privilege Escalation Vulnerability cisco-sa-capic-chvul-CKfGYBh8

 

Original release date: August 25, 2021

The Federal Bureau of Investigation (FBI) has released a Flash report detailing indicators of compromise (IOCs) associated with ransomware attacks by the OnePercent Group, a cyber-criminal organization known since November 2020 for using Cobalt Strike in phishing attacks against U.S. companies.

CISA encourages users and administrators to review the technical details and IOCs in FBI Flash CU-000149-MW and apply the recommend mitigations.

Original release date: August 25, 2021

OpenSSL has released a security update to address vulnerabilities affecting versions 1.1.1k and below. An attacker could exploit these vulnerabilities to cause a denial-of-service condition.

CISA encourages users and administrators to review the OpenSSL Security Advisory and apply the necessary update.

 

Original release date: August 21, 2021

The Cybersecurity and Infrastructure Security Agency (CISA) warns users to remain on alert for malicious cyber activity targeting potential disaster victims and charitable donors following a hurricane. Fraudulent emails—often containing malicious links or attachments—are common after major natural disasters. Exercise caution in handling emails with hurricane-related subject lines, attachments, or hyperlinks. In addition, be wary of social media pleas, texts, or door-to-door solicitations relating to severe weather events.

To avoid becoming victims of malicious activity, users and administrators should review the following resources and take preventative measures.

• Staying Alert to Disaster-related Scams
• Before Giving to a Charity
• Staying Safe on Social Networking Sites
• Avoiding Social Engineering and Phishing Attacks
• Using Caution with Email Attachments

If you believe you have been a victim of cybercrime, file a complaint with the Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3) at www.ic3.gov.