December
CISA: Immediate Steps to Strengthen Critical Infrastructure against Potential Cyberattacks
PUBLISHED: Dec. 15, 2021
In light of persistent and ongoing cyber threats, CISA urges critical infrastructure owners and operators to take immediate steps to strengthen their computer network defenses against potential cyberattacks. CISA has released CISA Insights: Preparing For and Mitigating Potential Cyber Threats to provide critical infrastructure leaders with steps to proactively strengthen their organization’s operational resiliency against sophisticated threat actors, including nation-states and their proxies.
CISA encourages leadership at all organizations—and critical infrastructure owners and operators in particular—to review the CISA Insights and adopt a heighted state of awareness.
Source:
- CISA
CISA Creates Webpage for Apache Log4j Vulnerability CVE-2021-44228
PUBLISHED: Dec. 13, 2021
CISA and its partners, through the Joint Cyber Defense Collaborative, are tracking and responding to active, widespread exploitation of a critical remote code execution vulnerability (CVE-2021-44228) affecting Apache Log4j software library versions 2.0-beta9 to 2.14.1. Log4j is very broadly used in a variety of consumer and enterprise services, websites, and applications—as well as in operational technology products—to log security and performance information. An unauthenticated remote actor could exploit this vulnerability to take control of an affected system.
In response, CISA has created a webpage, Apache Log4j Vulnerability Guidance and will actively maintain a community-sourced GitHub repository of publicly available information and vendor-supplied advisories regarding the Log4j vulnerability. CISA will continually update both the webpage and the GitHub repository.
CISA urges organizations to review its Apache Log4j Vulnerability Guidance webpage and upgrade to Log4j version 2.15.0, or apply the appropriate vendor recommended mitigations immediately. CISA will continue to update the webpage as additional information becomes available.
Source:
- CISA
September
CISA, FBI, and NSA Release Joint Cybersecurity Advisory on Conti Ransomware
PUBLISHED: Sept. 22, 2021
CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have released a joint Cybersecurity Advisory (CSA) alerting organizations of increased Conti ransomware attacks. Malicious cyber actors use Conti ransomware to steal sensitive files from domestic and international organizations, encrypt the targeted organizations’ servers and workstations, and demand a ransom payment from the victims.
CISA, FBI, and NSA encourage network defenders to examine their current cybersecurity posture and apply the recommended mitigations in the joint CSA, which include:
-
Updating your operating system and software,
-
Requiring multi-factor authentication, and
-
Implementing network segmentation.
Additionally, review the U.S. government resource StopRansomware.gov for more guidance on ransomware protection, detection, and response.
Source:
- US-CERT
August
FBI-CISA Advisory on Ransomware Awareness for Holidays and Weekends
PUBLISHED: August 31, 2021
Today, the Federal Bureau of Investigation (FBI) and CISA released a Joint Cybersecurity Advisory (CSA) to urge organizations to ensure they protect themselves against ransomware attacks during holidays and weekends—when offices are normally closed.
Although FBI and CISA do not currently have any specific threat reporting indicating a cyberattack will occur over the upcoming Labor Day holiday, malicious cyber actors have launched serious ransomware attacks during other holidays and weekends in 2021. The Joint CSA identifies both immediate and longer term actions organizations can take to protect against the rise in ransomware, including:
-
Making an offline backup of your data.
-
Avoiding clicking on suspicious links.
-
Securing and monitoring Remote Desktop Protocol endpoints.
-
Updating OS and software.
-
Using strong passwords.
-
Using multi-factor authentication.
CISA and the FBI encourage users to examine their current cybersecurity posture and implement the recommended mitigations in the Joint CSA to manage the risk posed by all cyber threats, including ransomware.
Source: US-CERT
CISA warns of hurricane-related scams
PUBLISHED: Aug. 21, 2021
CISA has warned users to remain on alert for malicious cyber activity targeting potential disaster victims and charitable donors following a hurricane. Fraudulent emails—often containing malicious links or attachments—are common after major natural disasters. Exercise caution in handling emails with hurricane-related subject lines, attachments, or hyperlinks. In addition, be wary of social media pleas, texts, or door-to-door solicitations relating to severe weather events.
To avoid becoming victims of malicious activity, users and administrators should review the following resources and take preventative measures.
-
Staying Alert to Disaster-related Scams
-
Before Giving to a Charity
-
Staying Safe on Social Networking Sites
-
Avoiding Social Engineering and Phishing Attacks
-
Using Caution with Email Attachments
If you believe you have been a victim of cybercrime, file a complaint with the Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3) at www.ic3.gov.
Source:
- CISA
February
Microsoft Warns of Windows Win32k Privilege Escalation
PUBLISHED: Feb. 9, 2021
Microsoft has released a security advisory to address an escalation of privileges vulnerability, CVE-2021-1732, in Microsoft Win32k. A local attacker can exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild.
CISA encourages users and administrators to review Microsoft Advisory for CVE-2021-1732 and apply the necessary patch to Windows 10 and Windows 2019 servers.
Source:
CISA
January
Apple pushes out emergency patches for iOS and iPad OS platforms
PUBLISHED: Jan. 4, 2021
Apple on Tuesday dropped emergency security patches for its flagship iOS and iPad OS platforms alongside a warning that hackers may already be exploiting three different security vulnerabilities.
The patches - contained in iOS 14.4 and iPadOS 14.4 - are currently being pushed to mobile users via the automatic updating mechanism.
Apple did not provide technical details of the vulnerabilities or the in-the-wild attacks, except to identify the flaws in the Kernel and in WebKit, the open-source web browser engine used in Safari, Mail, AppStore and a range of MacOS and iOS apps.
Apple has promised additional information is forthcoming.
Barebones details for the vulnerabilities, released by Apple, are listed below.
CVE-2021-1782 (Kernel) -- Impact: A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited. Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation). Anonymously reported.
CVE-2021-1871 and CVE-2021-1870 (WebKit) -- Impact: A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation). Reported by anonymous researchers.
Sources:
Apple Support, SecurityWeek.com
CISA releases new community cybersecurity resources
PUBLISHED: Jan. 1, 2021
The Cybersecurity and Infrastructure Security Agency (CISA) has released two new personal/community cybersecurity and cyber-hygiene resources.
The Personal Security Considerations Fact Sheet encourages critical infrastructure owners and their personnel to remain vigilant and report suspicious behavior that individuals may exhibit in order to thwart an attack. It also contains several easily implementable security measures that can mitigate threats to personal safety.
The Houses of Worship Security Self-Assessment Tool provides the faith-based community with an easy to use assessment tool that produces a formatted report with resources which can be used to identify and address your facility’s security concerns.
Visit CISA’s page on Hometown Security for additional tools and resources to support community security and resilience.