ISC Releases Security Advisories for Multiple Versions of BIND 9

09/22/2022 10:30 AM EDT

Original release date: September 22, 2022

The Internet Systems Consortium (ISC) has released security advisories that address vulnerabilities affecting multiple versions of the ISC’s Berkeley Internet Name Domain (BIND) 9. A remote attacker could exploit these vulnerabilities to potentially cause denial-of-service conditions. For advisories addressing lower severity vulnerabilities, see the BIND 9 Security Vulnerability Matrix
 
CISA encourages users and administrators to review the following ISC advisories CVE-2022-2906, CVE-2022-3080, CVE-2022-38177, and CVE-2022-38178 and apply the necessary mitigations.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA Requests Public Comment on CISA’s TIC 3.0 Cloud Use Case

06/16/2022 12:00 PM EDT

Original release date: June 16, 2022

CISA has released Trusted Internet Connections (TIC) 3.0 Cloud Use Case for public comment. TIC is a federal cybersecurity initiative intended to secure federal data, networks, and boundaries while providing visibility into agency traffic, including cloud communications.

TIC use cases provide guidance on the secure implementation and configuration of specific platforms, services, and environments, and are released on an individual basis. TIC 3.0 Cloud Use Case defines how network and multi-boundary security should be applied in cloud environments, focusing on cloud deployments for Infrastructure-as-a-Service, Platform-as-a-Service, Software-as-a-Service, and Email-as-a-Service. This is the last of the Initial Common Trusted Internet Connections Use Cases outlined in OMB Memorandum M-19-26.

CISA encourages federal government stakeholders to review Executive Assistant Director Goldstein’s blog post and TIC 3.0 Cloud Use Case and share it broadly within their networks. 

This product is provided subject to this Notification and this Privacy & Use policy.

ISC Releases Security Advisory for BIND

05/19/2022 11:00 AM EDT

Original release date: May 19, 2022

The Internet Systems Consortium (ISC) has released a security advisory that addresses a vulnerability affecting version 9.18.0 of ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit this vulnerability to cause a denial-of-service condition.

CISA encourages users and administrators to review the ISC advisory for CVE-2022-1183 and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.

Mitigating Attacks Against Uninterruptable Power Supply Devices

03/29/2022 10:45 AM EDT

Original release date: March 29, 2022

CISA and the Department of Energy (DOE) are aware of threat actors gaining access to a variety of internet-connected uninterruptable power supply (UPS) devices, often through unchanged default usernames and passwords. Organizations can mitigate attacks against their UPS devices, which provide emergency power in a variety of applications when normal power sources are lost, by removing management interfaces from the internet.

Organizations can mitigate attacks against UPS devices by immediately removing management interfaces from the internet. Review CISA and DOE’s guidance on mitigating attacks against UPS devices for additional mitigations and information.

This product is provided subject to this Notification and this Privacy & Use policy.

ISC Releases Security Advisories for BIND

03/17/2022 01:30 PM EDT

Original release date: March 17, 2022

The Internet Systems Consortium (ISC) has released security advisories that address vulnerabilities affecting multiple versions of ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition.

CISA encourages users and administrators to review the following ISC advisories and apply the necessary updates or workarounds.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA Releases Final Version of Guidance: IPv6 Considerations for TIC 3.0

01/20/2022 09:51 AM EST

Original release date: January 20, 2022

CISA has released the final version of Internet Protocol version 6 (IPv6) Considerations for Trusted Internet Connections (TIC) 3.0. This guidance supports the federal government-wide deployment and use of the modernized network protocol. The final version includes feedback provided during the public comment period that ended in October 2021. See the fact sheet Response to Comments on Guidance: IPv6 Considerations for TIC 3.0 for a comprehensive analysis of comments received. This release is in accordance with Office of Management and Budget (OMB) Memorandum 21-07, which entrusts CISA with enhancing the TIC program to support IPv6 implementation in federal IT systems.

CISA encourages IT decision-makers and administrators in all federal government agencies and organizations to review the Internet Protocol version 6 (IPv6) Considerations for Trusted Internet Connections (TIC) 3.0 for guidance in facilitating IPv6 implementation in federal IT systems.

This product is provided subject to this Notification and this Privacy & Use policy.

ISC Releases Security Advisory for BIND

10/28/2021 12:05 PM EDT

Original release date: October 28, 2021

The Internet Systems Consortium (ISC) has released a security advisory that addresses a vulnerability affecting multiple versions of the ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit this vulnerability to cause a denial-of-service condition.

CISA encourages users and administrators to review the ISC advisory for CVE-2021-25219 and apply the necessary updates or workaround.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA Releases Guidance: IPv6 Considerations for TIC 3.0

09/23/2021 09:45 AM EDT

Original release date: September 23, 2021

The federal government has prioritized the transition of federal networks to Internet Protocol version 6 (IPv6) since the release of Office of Management and Budget (OMB) Memorandum 05-22 in 2005. In 2020, OMB renewed its focus on IPv6 through the publication of OMB Memorandum 21-07. That memorandum specifically entrusts CISA with enhancing the Trusted Internet Connections (TIC) program to fully support the implementation of IPv6 in federal IT systems. 

In accordance with this OMB mandate, CISA has issued IPv6 Considerations for TIC 3.0 to provide federal agencies with guidance to help them use IPv6 to secure their networks by:

  • Providing IPv6 protocol information to enable a general understanding,
  • Informing agencies of their responsibilities concerning OMB M-21-07,
  • Aligning TIC 3.0 security objectives and security capabilities with IPv6, and
  • Offering awareness and guidance regarding IPv6 security considerations.

CISA encourages IT decision-makers and administrators in all federal government agencies and organizations to review IPv6 Considerations for TIC 3.0 to facilitate advancing IPv6 networks and ensuring future growth and innovation in internet services and technology.

This product is provided subject to this Notification and this Privacy & Use policy.