- All
- Cybersecurity
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. CVE-2023-28771 Zyxel Multiple Firewalls OS Command Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view other newly added vulnerabilities in the catalog, click on the arrow in the “Date Added to Catalog” column—which will sort by descending dates. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria . This product is provided subject to this Notification and this Privacy & Use policy.CISAraw:1f454eb2acb90c4efe7a280575e90486 – 2023-05-31T21:56:06.000Z
| Cybersecurity | I.T. Security
Cybersecurity CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. CVE-2023-28771 Zyxel Multiple Firewalls OS Command Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view other ...
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. CVE-2023-28771 Zyxel Multiple Firewalls OS Command Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view other newly added vulnerabilities in the catalog, click on the arrow in the “Date Added to Catalog” column—which will sort by descending dates. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria . This product is provided subject to this Notification and this Privacy & Use policy.CISAraw:ddb31194dfb744533ca878e167328a01 – 2023-05-31T15:36:16.000Z
| Cybersecurity | I.T. Security
Cybersecurity CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. CVE-2023-28771 Zyxel Multiple Firewalls OS Command Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view other ...
CISA released one Industrial Control Systems (ICS) advisory on May 30, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-150-01 Advantech WebAccess/SCADA CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations.CISAraw:371523216a544a231ef2c71c89a8dc30 – 2023-05-30T14:59:16.000Z
| Cybersecurity | I.T. Security
Cybersecurity CISA released one Industrial Control Systems (ICS) advisory on May 30, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-150-01 Advantech WebAccess/SCADA CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations.CISAraw:371523216a544a231ef2c71c89a8dc30CISATue, 30 May 23 ...
1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Low attack complexity Vendor: Advantech Equipment: WebAccess/SCADA Vulnerabilities: Insufficient Type Distinction 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker full control over the supervisory control and data acquisition (SCADA) server. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Advantech reports this vulnerability affect the following WebAccess/SCADA product: WebAccess/SCADA: version 8.4.5 3.2 VULNERABILITY OVERVIEW 3.2.1 INSUFFICIENT TYPE DISTINCTION CWE-351 If an attacker can trick an authenticated user into loading a maliciously crafted .zip file onto Advantech WebAccess version 8.4.5, a web shell could be used to give the attacker full control of the SCADA server. CVE-2023-2866 has been assigned to this vulnerability. A CVSS v3 base score of 7.3 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H ). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing, Energy, Water and Wastewater Systems COUNTRIES/AREAS DEPLOYED: East Asia, Europe, United States COMPANY HEADQUARTERS LOCATION: Taiwan 3.4 RESEARCHER Marlon Luis Petry reported this vulnerability to CISA. 4. MITIGATIONS Advantech recommends users locate and delete the “WADashboardSetup.msi” file to avoid this issue. If users wish to remedy this problem in version 8.4.5, they can uninstall “WebAccess Dashboard” from the control panel. Delete all the files: \Inetpub\wwwroot\broadweb\WADashboard \WebAccess\Node\WADashboardSetup.msi Advantech released a new version V9.1.4 to address the problem by not including these files. CISA recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage at cisa.gov/ics . Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies . Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies . Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. No known public exploits specifically target this vulnerability. This vulnerability is not exploitable remotely.CISAraw:c4a2fbfa520b7a445d2f8825412405fe – 2023-05-30T14:59:15.000Z
| Cybersecurity | I.T. Security
Cybersecurity 1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Low attack complexity Vendor: Advantech Equipment: WebAccess/SCADA Vulnerabilities: Insufficient Type Distinction 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker full control over the supervisory control and data acquisition (SCADA) server. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Advantech reports ...
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. CVE-2023-2 868 Barracuda Networks ESG Appliance Improper Input Validation Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view other newly added vulnerabilities in the catalog, click on the arrow in the “Date Added to Catalog” column—which will sort by descending dates. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria . This product is provided subject to this Notification and this Privacy & Use policy.CISAraw:c10caedb098110c81742083ca1bb7557 – 2023-05-30T12:15:47.000Z
| Cybersecurity | I.T. Security
Cybersecurity CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. CVE-2023-2 868 Barracuda Networks ESG Appliance Improper Input Validation Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To ...
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. CVE-2023-2 868 Barracuda Networks ESG Appliance Improper Input Validation Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view other newly added vulnerabilities in the catalog, click on the arrow in the “Date Added to Catalog” column—which will sort by descending dates. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria . This product is provided subject to this Notification and this Privacy & Use policy.CISAraw:750720923d0bad309449ad3f150687d9 – 2023-05-26T17:30:31.000Z
| Cybersecurity | I.T. Security
Cybersecurity CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. CVE-2023-2 868 Barracuda Networks ESG Appliance Improper Input Validation Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To ...
CISA released one Industrial Control Systems (ICS) advisory on May 25, 2023. This advisory provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-145-01 Moxa MXsecurity Series CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations.CISAraw:749c5fdcaa51e1bbc4192b9637bc2f11 – 2023-05-25T15:25:10.000Z
| Cybersecurity | I.T. Security
Cybersecurity CISA released one Industrial Control Systems (ICS) advisory on May 25, 2023. This advisory provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-145-01 Moxa MXsecurity Series CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations.CISAraw:749c5fdcaa51e1bbc4192b9637bc2f11CISAThu, 25 May 23 ...
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Moxa Equipment: MXsecurity Series Vulnerabilities: Command Injection and Use of Hard-Coded Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an unauthorized user to bypass authentication or to execute arbitrary commands on the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Moxa reports these vulnerabilities affect the following MXsecurity Series: MXsecurity Series: Software v1.0 3.2 VULNERABILITY OVERVIEW 3.2.1 COMMAND INJECTION CWE-77 A remote attacker, who has gained authorization privileges, could execute arbitrary commands on the device. CVE-2023-33235 has been assigned to this vulnerability. A CVSS v3 base score of 7.2 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H ). 3.2.2 USE OF HARD-CODED CREDENTIALS CWE-798 An attacker could bypass authentication for web-based application programmable interfaces (APIs). CVE-2023-33236 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H ). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Multiple Sectors COUNTRIES/AREAS DEPLOYED: Worldwide COMPANY HEADQUARTERS LOCATION: Taiwan 3.4 RESEARCHER Simon Janz, working with Trend Micro Zero Day Initiative, reported these vulnerabilities to CISA. 4. MITIGATIONS Moxa has developed a solution to address these vulnerabilities. Users should upgrade to software v1.0.1 or higher . Users are encouraged to visit Moxa’s security advisory MPSA-230301 for more information. CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should: Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the Internet . Locate control system networks and remote devices behind firewalls and isolate them from business networks. When remote access is required, use secure methods, such as virtual private networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as its connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage at cisa.gov/ics . Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies . Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies . Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. No known public exploits specifically target these vulnerabilities. These vulnerabilities are exploitable remotely. These vulnerabilities have low attack complexity.CISAraw:66fa049b99d25d316ca59a4333911833 – 2023-05-25T15:18:29.000Z
| Cybersecurity | I.T. Security
Cybersecurity 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Moxa Equipment: MXsecurity Series Vulnerabilities: Command Injection and Use of Hard-Coded Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an unauthorized user to bypass authentication or to execute arbitrary commands on the device. 3. ...
CISA urges users to remain on alert for malicious cyber activity following a natural disaster such as a hurricane or typhoon, as attackers target potential disaster victims by leveraging social engineering tactics, techniques, and procedures (TTPs). Social engineering TTPs include phishing attacks that use email or malicious websites to solicit personal information by posing as a trustworthy organization, notably as charities providing relief. Exercise caution in handling emails with hurricane/typhoon-related subject lines, attachments, or hyperlinks to avoid compromise. In addition, be wary of social media pleas, texts, or door-to-door solicitations related to severe weather events. CISA encourages users to review the Federal Trade Commission’s Staying Alert to Disaster-related Scams and Before Giving to a Charity , and CISA’s Using Caution with Email Attachments and Tips on Avoiding Social Engineering and Phishing Attacks to avoid falling victim to malicious attacks.CISAraw:2b86043637f9323f355ba5df60ae7264 – 2023-05-25T15:18:28.000Z
| Cybersecurity | I.T. Security
Cybersecurity CISA urges users to remain on alert for malicious cyber activity following a natural disaster such as a hurricane or typhoon, as attackers target potential disaster victims by leveraging social engineering tactics, techniques, and procedures (TTPs). Social engineering TTPs include phishing attacks that use email or malicious websites to ...
Today, CISA joined the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and international partners in releasing a joint cybersecurity advisory highlighting recently discovered activities conducted by a People’s Republic of China (PRC) state-sponsored cyber threat actor. This advisory highlights how PRC cyber actors use techniques called “living off the land” to evade detection by using built-in networking administration tools to compromise networks and conduct malicious activity. This enables the cyber actor to blend in with routine Windows system and network activities, limit activity and data captured in default logging configurations, and avoid endpoint detection and response (EDR) products that could alert to the introduction of third-party applications on the host or network. Private sector partners have identified that this activity affects networks across U.S. critical infrastructure sectors, and the authoring agencies believe the actor could apply the same techniques against these and other sectors worldwide. The authoring agencies have identified potential indicators associated with these techniques. To hunt for this activity, CISA and partners encourage network defenders to use the actor’s commands and detection signatures provided in this advisory . CISA and partners further encourage network defenders to view the indicators of compromise (IOCs) and mitigations summaries to detect this activity.CISAraw:5dfb2cab96b92389a648a9a6840d48e4 – 2023-05-24T20:07:20.000Z
| Cybersecurity | I.T. Security
Cybersecurity Today, CISA joined the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and international partners in releasing a joint cybersecurity advisory highlighting recently discovered activities conducted by a People’s Republic of China (PRC) state-sponsored cyber threat actor. This advisory highlights how PRC cyber actors use techniques called ...
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Corporation Equipment: MELSEC Series CPU module Vulnerabilities: Classic Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to cause a denial-of-service condition or execute malicious code on a target product by sending specially crafted packets. The attacker needs to understand the internal structure of products to execute malicious code. Therefore, it is difficult to execute malicious code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Mitsubishi Electric reports this vulnerability affects the following MELSEC Series CPU module: MELSEC iQ-F Series FX5U-xMy/z x=32,64,80, y=T,R, z=ES,DS,ESS,DSS: Serial number 17X**** or later, version 1.220 and later MELSEC iQ-F Series FX5UC-xMy/z x=32,64,96, y=T, z=D,DSS: Serial number 17X**** or later, version 1.220 and later MELSEC iQ-F Series FX5UC-32MT/DS-TS, FX5UC-32MT/DSS-TS, FX5UC-32MR/DS-TS: version 1.220 and later 3.2 VULNERABILITY OVERVIEW 3.2.1 CLASSIC BUFFER OVERFLOW CWE-120 A vulnerability, due to copying buffers without checking size of input, exists in affected MELSEC Series CPU modules. Exploitation may allow a denial-of-service condition and malicious code execution. CVE-2023-1424 has been assigned to this vulnerability. A CVSS v3 base score of 10.0 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H ). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing COUNTRIES/AREAS DEPLOYED: Worldwide COMPANY HEADQUARTERS LOCATION: Japan 3.4 RESEARCHER Matt Wiseman of Cisco Talos reported this vulnerability to Mitsubishi Electric. 4. MITIGATIONS Mitsubishi Electric has created firmware version 1.290 to address this issue and encourages users to update. The following should be referred to when updating: “5 FIRMWARE UPDATE FUNCTION” in the MELSEC iQ-F FX5 User’s Manual (Application). Mitsubishi Electric recommends that users take the following mitigation measures to minimize the risk of exploiting this vulnerability: Use a firewall or virtual private network (VPN) etc., to prevent unauthorized access when internet access is required. Use the product within a local area network (LAN) and use firewalls to block access from untrusted networks and hosts. Use IP filter function to block access from untrusted hosts. For details regarding the IP filter function, users can refer to “12.1 IP Filter Function” in the MELSEC iQ-F FX5 User’s Manual (Ethernet Communication). Restrict physical access to the LAN that is connected by affected products. For specific update instructions and additional details see the Mitsubishi Electric advisory . CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage at cisa.gov/ics . Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies . Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies . Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. No known public exploits specifically target this vulnerability. This vulnerability is exploitable remotely. This vulnerability has low attack complexity.CISAraw:42ed69bc2f8ecaa5826d7d36cb00b5c8 – 2023-05-24T17:05:37.000Z
| Cybersecurity | I.T. Security
Cybersecurity 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Corporation Equipment: MELSEC Series CPU module Vulnerabilities: Classic Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to cause a denial-of-service condition or execute malicious code on a target ...
Today, CISA, the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) published an updated version of the #StopRansomware Guide , as ransomware actors have accelerated their tactics and techniques since its initial release in 2020. The update incorporates lessons learned from the past two years and includes additional recommended actions, resources, and tools to maximize its relevancy and effectiveness and to further help reduce the prevalence and impacts of ransomware. The #StopRansomware Guide serves as a one-stop resource to help organizations reduce the risk of ransomware incidents through best practices to detect, prevent, respond, and recover, including step-by-step approaches to address potential attacks. The authoring organizations recommend that entities review this joint guide to prepare and protect their facilities, personnel, and customers from the impacts of ransomware and data exfiltration. For more information and to access the latest resources about how to stop ransomware, please visit stopransomware.gov . This j oint guide was developed through the Joint Ransomware Task Force (JRTF), an interagency collaborative effort to reduce the prevalence and impact of ransomware attacks. JRTF was established by Congress in 2022 and is co-chaired by CISA and FBI. For additional information about the JRTF, please visit CISA’s newly launched Joint Ransomware Task Force (JRTF) webpage .CISAraw:505f3a6866fb2b8623014c616e3e3059 – 2023-05-23T17:26:00.000Z
| Cybersecurity | I.T. Security
Cybersecurity Today, CISA, the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) published an updated version of the #StopRansomware Guide , as ransomware actors have accelerated their tactics and techniques since its initial release in 2020. The update incorporates ...