US-Cert Current Activity

Fortinet released a security update to address a vulnerability in FortiManager. A remote cyber threat actor could exploit this vulnerability to take control of an affected system.

Users and administrators are encouraged to review the following Fortinet Security Bulletin and apply the necessary updates:

• FG-IR-24-425

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2024-12356 BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) Command Injection Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

CISA released eight Industrial Control Systems (ICS) advisories on December 19, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-24-354-01 Hitachi Energy RTU500 series CMU
• ICSA-24-354-02 Hitachi Energy SDM600
• ICSA-24-354-03 Delta Electronics DTM Soft
• ICSA-24-354-04 Siemens User Management Component
• ICSA-24-354-05 Tibbo AggreGate Network Manager
• ICSA-24-354-06 Schneider Electric Accutech Manager
• ICSA-24-354-07 Schneider Electric Modicon Controllers
   
• ICSMA-24-354-01 Ossur Mobile Logic Application

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

Today, CISA released Mobile Communications Best Practice Guidance. The guidance was crafted in response to identified cyber espionage activity by People’s Republic of China (PRC) government-affiliated threat actors targeting commercial telecommunications infrastructure, specifically addressing “highly targeted” individuals who are in senior government or senior political positions and likely to possess information of interest to these threat actors.

Highly targeted individuals should assume that all communications between mobile devices—including government and personal devices—and internet services are at risk of interception or manipulation.

CISA strongly urges highly targeted individuals to immediately review and apply the best practices provided in the guidance to protect mobile communications, including consistent use of end-to-end encryption.

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2018-14933 NUUO NVRmini Devices OS Command Injection Vulnerability
• CVE-2022-23227 NUUO NVRmini 2 Devices Missing Authentication Vulnerability
• CVE-2019-11001 Reolink Multiple IP Cameras OS Command Injection Vulnerability
• CVE-2021-40407 Reolink RLC-410W IP Camera OS Command Injection Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Today, CISA issued Binding Operational Directive (BOD) 25-01, Implementing Secure Practices for Cloud Services to safeguard federal information and information systems. This Directive requires federal civilian agencies to identify specific cloud tenants, implement assessment tools, and align cloud environments to CISA’s Secure Cloud Business Applications (SCuBA) secure configuration baselines. 

Recent cybersecurity incidents highlight the significant risks posed by misconfigurations and weak security controls, which attackers can use to gain unauthorized access, exfiltrate data, or disrupt services. As part of CISA and the broad U.S. government's effort to move the federal civilian enterprise to a more defensible posture, this Directive will further reduce the attack surface of the federal government networks.

The new Directive can be found at Binding Operational Directive (BOD) 25-01. To learn more about CISA Directives, visit Cybersecurity Directives webpage.

CISA released five Industrial Control Systems (ICS) advisories on December 17, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-24-352-01 ThreatQuotient ThreatQ Platform
• ICSA-24-352-02 Hitachi Energy TropOS Devices Series 1400/2400/6400
• ICSA-24-352-03 Rockwell Automation PowerMonitor 1000 Remote
• ICSA-24-352-04 Schneider Electric Modicon
• ICSMA-24-352-01 BD Diagnostic Solutions Products

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

Today, CISA and the Office of the National Cyber Director (ONCD) published Playbook for Strengthening Cybersecurity in Federal Grant Programs for Critical Infrastructure to assist grant-making agencies to incorporate cybersecurity into their grant programs and assist grant-recipients to build cyber resilience into their grant-funded infrastructure projects. 

This guide is for federal grant program managers, critical infrastructure owners and operators, and organizations such as state, local, tribal, and territorial governments who subaward grant program funds, and grant program recipients. The guide includes:

• Recommended actions to incorporate cybersecurity into grant programs throughout the grant management lifecycle.
• Model language for grant program managers and sub-awarding organizations to incorporate into Notices of Funding Opportunity (NOFOs) and Terms & Conditions. 
• Templates for recipients to leverage when developing a Cyber Risk Assessment and Project Cybersecurity Plan.
• Comprehensive list of cybersecurity resources available to support grant recipient project execution.

CISA encourages organizations to review and apply recommended actions to secure the nation’s critical infrastructure and enhance resilience.

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2024-55956 Cleo Multiple Products Unauthenticated File Upload Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2024-20767 Adobe ColdFusion Improper Access Control Vulnerability
• CVE-2024-35250 Microsoft Windows Kernel-Mode Driver Untrusted Pointer Dereference Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Today, CISA—through the Joint Cyber Defense Collaborative and in coordination with the Office of the National Cyber Director (ONCD)—released the National Cyber Incident Response Plan Update Public Comment Draft. The draft requests public comment on the National Cyber Incident Response Plan (NCIRP)—public comment period begins today and concludes on January 15, 2025. 

Since initial publication in 2016, CISA conducted broad and extensive engagement and information exchanges with public and private sector partners, interagency partners, federal Sector Risk Management Agencies (SRMAs), and regulators to build upon the successes of the inaugural NCIRP. The draft NCIRP update describes a national approach to coordinating significant cyber incident detection and response. 

The draft update considers the evolution in the cyber threat landscape and lessons learned from historical incidents. The text also addresses the vital role that the private sector, state and local governments (including tribal and territorial), and federal agencies hold in responding to cyber incidents.

CISA is seeking more perspectives to help strengthen the NCIRP and invites stakeholders from across the public and private sectors to share their knowledge and experiences, further informing our findings and contributing to this revision. Public comments may be posted via the Federal Register.

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

•  CVE-2024-50623 Cleo Multiple Products Unrestricted File Upload Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Today, CISA and the Environmental Protection Agency (EPA) released Internet-Exposed HMIs Pose Cybersecurity Risks to Water and Wastewater Systems. This joint fact sheet provides Water and Wastewater Systems (WWS) facilities with recommendations for limiting the exposure of Human Machine Interfaces (HMIs) and securing them against malicious cyber activity.

HMIs enable operational technology owners and operators to read supervisory control and data acquisition systems connected to programmable logic controllers. Threat actors can exploit exposed HMIs at WWS Sector utilities without cybersecurity controls, resulting in operational impacts and forcing victims to revert to manual operations (see Defending OT Operations Against Ongoing Pro-Russia Hacktivist Activity).

EPA and CISA strongly encourage WWS Sector organizations review and implement the mitigations in this fact sheet to harden remote access to HMIs. Visit our Water and Wastewater Systems page for additional resources to help protect the WWS Sector.

Apple released security updates to address vulnerabilities in multiple Apple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the following advisories and apply necessary updates:

• iOS 18.2 and iPadOS 18.2
• iPadOS 17.7.3
• macOS Sequoia 15.2
• macOS Sonoma 14.7.2
• macOS Ventura 13.7.2
• watchOS 11.2
• tvOS 18.2
• visionOS 2.2

CISA released ten Industrial Control Systems (ICS) advisories on December 12, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-24-347-01 Siemens CPCI85 Central Processing/Communication
• ICSA-24-347-02 Siemens Engineering Platforms
• ICSA-24-347-03 Siemens RUGGEDCOM ROX II
• ICSA-24-347-04 Siemens Parasolid
• ICSA-24-347-05 Siemens Engineering Platforms
• ICSA-24-347-06 Siemens Simcenter Femap
• ICSA-24-347-07 Siemens Solid Edge SE2024
• ICSA-24-347-08 Siemens COMOS
• ICSA-24-347-09 Siemens Teamcenter Visualization
• ICSA-24-347-10 Siemens SENTRON Powercenter 1000

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

Ivanti released security updates to address vulnerabilities in Ivanti Cloud Service Application, Ivanti Desktop and Server Management (DSM), Ivanti Connect Secure and Police Secure, Ivanti Sentry, and Ivanti Patch SDK.

CISA encourages users and administrators to review the following Ivanti security advisories and apply the necessary guidance and updates:

• Ivanti Cloud Service Application
• Ivanti Desktop and Server Management (DSM)
• Ivanti Connect Secure and Policy Secure
• Ivanti Sentry
• Ivanti Patch SDK (This also affects Ivanti Endpoint Manager (EPM), Ivanti Security Controls, Ivanti Neurons Agent, Ivanti Neurons for Patch Management, and Ivanti Patch for Configuration Manager.)

Microsoft released security updates to address vulnerabilities in multiple Microsoft products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the following and apply necessary updates:

• Microsoft Security Update Guide for December

Adobe released security updates to address vulnerabilities in multiple Adobe software products including Adobe Acrobat, Adobe Illustrator, and Adobe InDesign. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.     

 CISA encourages users and administrators to review the following Adobe Security Bulletin and apply necessary updates:   

• Adobe Product Security Updates for December

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2024-49138 Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

CISA released seven Industrial Control Systems (ICS) advisories on December 10, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-24-345-01 MOBATIME Network Master Clock
• ICSA-24-345-02 Schneider Electric EcoStruxure Foxboro DCS Core Control Services
• ICSA-24-345-03 Schneider Electric FoxRTU Station
• ICSA-24-345-04 National Instruments LabVIEW
• ICSA-24-345-05 Horner Automation Cscape
• ICSA-24-345-06 Rockwell Automation Arena
• ICSA-24-338-01 Ruijie Reyee OS (Update A)

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.