Atlassian Releases Security Updates for Confluence Server and Data Center, CVE26134

06/02/2022 07:00 PM EDT

Original release date: June 2, 2022

Atlassian has released a security advisory to address a remote code execution vulnerability (CVE-2022-26134) affecting Confluence Server and Data Center products. An unauthenticated remote attacker could exploit this vulnerability to execute code remotely. Atlassian reports that there is known exploitation of this vulnerability.

There are currently no updates available. Atlassian is working to issue an update. CISA strongly recommends that organizations review Confluence Security Advisory 2022-06-02 for more information. CISA urges organizations with affected Atlassian’s Confluence Server and Data Center products to block all internet traffic to and from those devices until an update is available and successfully applied.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA Updates Advisory on Threat Actors Chaining Unpatched VMware Vulnerabilities

06/02/2022 11:44 AM EDT

Original release date: June 2, 2022

CISA has updated Cybersecurity Advisory AA22-138B: Threat Actors Chaining Unpatched VMware Vulnerabilities for Full System Control, originally released May 18, 2022. The advisory has been updated to include additional indicators of compromise and detection signatures, as well as tactics, techniques, and procedures reported by trusted third parties.

CISA encourages organizations to review the latest update to AA22-138B and update impacted VMware products to the latest version or remove impacted versions from organizational networks. 

This product is provided subject to this Notification and this Privacy & Use policy.

CISA Releases Security Advisory on Illumina Local Run Manager

06/02/2022 01:43 PM EDT

Original release date: June 2, 2022

CISA has released an Industrial Controls Systems Advisory (ICSA) detailing multiple vulnerabilities in Illumina Local Run Manager. Successful exploitation of these vulnerabilities may allow an unauthenticated malicious actor to take control of the affected product remotely and take any action at the operating system level. These vulnerabilities could impact settings, configurations, software, or data on the affected product and interact through the affected product with the connected network.

CISA encourages users and technicians to review ICS Advisory ICSA-22-153-02: Illumina Local Run Manager for technical details and mitigations and the Food and Drug Administration advisory statement for additional information. 

This product is provided subject to this Notification and this Privacy & Use policy.

ISC Releases Security Advisory for BIND

05/19/2022 11:00 AM EDT

Original release date: May 19, 2022

The Internet Systems Consortium (ISC) has released a security advisory that addresses a vulnerability affecting version 9.18.0 of ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit this vulnerability to cause a denial-of-service condition.

CISA encourages users and administrators to review the ISC advisory for CVE-2022-1183 and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA Issues Emergency Directive and Releases Advisory Related to VMware Vulnerabilities

05/18/2022 12:43 PM EDT

Original release date: May 18, 2022

CISA has issued Emergency Directive (ED) 22-03 and released a Cybersecurity Advisory (CSA) in response to active and expected exploitation of multiple vulnerabilities in the following VMware products: VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM), VMware vRealize Automation (vRA), VMware Cloud Foundation, vRealize Suite Lifecycle Manager.

The CSA, AA22-138B: Threat Actors Chaining Unpatched VMware Vulnerabilities for Full System Control, provides indicators of compromise and detection signatures from CISA as well as trusted third parties to assist administrators with detecting and responding to active exploitation of CVE-2022-22954 and CVE-2022-22960.  Malicious cyber actors were able to reverse engineer the vendor updates to develop an exploit within 48 hours and quickly began exploiting these disclosed vulnerabilities in unpatched devices. Based on this activity, CISA expects malicious cyber actors to quickly develop a capability to exploit CVE-2022-22972 and CVE-2022-22973, which were disclosed by VMware on May 18, 2022. 

ED 22-03 directs all Federal Civilian Executive Branch agencies to enumerate all instances of affected VMware products and either deploy updates provided in VMware Security Advisory VMSA-2022-0014, released May 18, 2022, or remove those instances from agency networks.

CISA strongly encourages all organizations to deploy updates provided in VMware Security Advisory VMSA-2022-0014 or remove those instances from networks. CISA also encourages organizations with affected VMware products that are accessible from the internet to assume compromise and initiate threat hunting activities using the detection methods provided in the CSA. If potential compromise is detected, administrators should apply the incident response recommendations included in the CSA.

This product is provided subject to this Notification and this Privacy & Use policy.

Threat Actors Exploiting F5 BIG IP CVE1388

05/18/2022 09:00 AM EDT

Original release date: May 18, 2022

CISA and the Multi-State Information Sharing and Analysis Center (MS-ISAC) have released the joint Cybersecurity Advisory Threat Actors Exploiting F5 BIG-IP CVE-2022-1388 in response to active exploitation of CVE-2022-1388, which affects F5 Networks BIG-IP devices. The vulnerability allows an unauthenticated actor to gain control of affected systems via the management port or self-IP addresses.

CISA encourages users and administrators to review the joint advisory for detection methods and mitigations, which include updating F5 BIG-IP software, or, if unable to immediately update, applying temporary workarounds.  

This product is provided subject to this Notification and this Privacy & Use policy.

Microsoft Releases Security Advisory for Azure Data Factory and Azure Synapse Pipelines

05/10/2022 07:00 AM EDT

Original release date: May 10, 2022

Microsoft has released a security advisory to address a remote code execution vulnerability affecting Azure Data Factory and Azure Synapse Pipelines. A remote attacker could exploit this vulnerability to take control of an affected system. 

CISA encourages users and administrators to review Microsoft Advisory ADV220001 for more information and to apply the necessary updates. 

This product is provided subject to this Notification and this Privacy & Use policy.

CISA and FBI Update Advisory on Destructive Malware Targeting Organizations in Ukraine

04/28/2022 10:00 AM EDT

Original release date: April 28, 2022

CISA and the Federal Bureau of Investigation (FBI) have updated joint Cybersecurity Advisory AA22-057A: Destructive Malware Targeting Organizations in Ukraine, originally released February 26, 2022. The advisory has been updated to include additional indicators of compromise for WhisperGate and technical details for HermeticWiper, IsaacWiper, HermeticWizard, and CaddyWiper destructive malware.

CISA and the FBI encourage organizations to review the update to AA22-057A as well as the Shields Up Technical Guidance webpage for ways to identify, respond to, and mitigate disruptive cyber activity. 

This product is provided subject to this Notification and this Privacy & Use policy.

CISA Releases Security Advisory on PTC Axeda Agent and Desktop Server

03/08/2022 09:18 AM EST

Original release date: March 8, 2022

CISA has released an Industrial Controls Systems Advisory (ICSA), detailing vulnerabilities in PTC Axeda agent and Axeda Desktop Server. Successful exploitation of these vulnerabilities—collectively known as “Access:7”—could result in full system access, remote code execution, read/change configuration, file system read access, log information access, or a denial-of-service condition.

CISA encourages users and administrators to review ICS Advisory ICSA-22-067-01 PTC Axeda Agent and Axeda Desktop Server for technical details and mitigations and the Food and Drug Administration statement for additional information.

This product is provided subject to this Notification and this Privacy & Use policy.

NCSC-NZ Releases Advisory on Cyber Threats Related to Russia-Ukraine Tensions

02/18/2022 12:49 PM EST

Original release date: February 18, 2022

The New Zealand National Cyber Security Centre (NCSC-NZ) has released a General Security Advisory (GSA) on preparing for cyber threats relating to tensions between Russia and Ukraine. The advisory recommends organizations review their security posture and monitor for cyber incidents and provides additional resources to help protect against potential threats.

CISA encourages all users to review GSA: Understanding and Preparing for Cyber Threats Relating to Tensions Between Russia and Ukraine and consider the recommendations.

This product is provided subject to this Notification and this Privacy & Use policy.