Palo Alto Networks Releases Security Update for PAN-OS

08/05/2022 02:05 PM EDT

Original release date: August 5, 2022 | Last revised: August 10, 2022

Palo Alto Networks has released a security update to address a vulnerability in PAN-OS firewall configurations. A remote attacker could exploit this vulnerability to conduct a reflected denial-of service.

CISA encourages users and administrators to review the Palo Alto Networks Security Advisory CVE-2022-0028 and apply the necessary updates or workarounds. 

 

 

 

This product is provided subject to this Notification and this Privacy & Use policy.

Juniper Networks Releases Security Updates for Multiple Products

07/14/2022 12:30 PM EDT

Original release date: July 14, 2022

Juniper Networks has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. 

CISA encourages users and administrators to review the Juniper Networks security advisories page and apply the necessary updates. 

This product is provided subject to this Notification and this Privacy & Use policy.

CISA Requests Public Comment on CISA’s TIC 3.0 Cloud Use Case

06/16/2022 12:00 PM EDT

Original release date: June 16, 2022

CISA has released Trusted Internet Connections (TIC) 3.0 Cloud Use Case for public comment. TIC is a federal cybersecurity initiative intended to secure federal data, networks, and boundaries while providing visibility into agency traffic, including cloud communications.

TIC use cases provide guidance on the secure implementation and configuration of specific platforms, services, and environments, and are released on an individual basis. TIC 3.0 Cloud Use Case defines how network and multi-boundary security should be applied in cloud environments, focusing on cloud deployments for Infrastructure-as-a-Service, Platform-as-a-Service, Software-as-a-Service, and Email-as-a-Service. This is the last of the Initial Common Trusted Internet Connections Use Cases outlined in OMB Memorandum M-19-26.

CISA encourages federal government stakeholders to review Executive Assistant Director Goldstein’s blog post and TIC 3.0 Cloud Use Case and share it broadly within their networks. 

This product is provided subject to this Notification and this Privacy & Use policy.

Juniper Networks Releases Security Updates for Multiple Products

04/14/2022 12:00 PM EDT

Original release date: April 14, 2022

Juniper Networks has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the Juniper Networks security advisories page and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Strengthening Cybersecurity of SATCOM Network Providers and Customers

03/17/2022 01:28 PM EDT

Original release date: March 17, 2022

CISA and the Federal Bureau of Investigation (FBI) are aware of possible threats to U.S. and international satellite communications (SATCOM) networks. Successful intrusions into SATCOM networks could create additional risk for SATCOM network customer environments.

In response, CISA and FBI have published joint Cybersecurity Advisory (CSA) Strengthening Cybersecurity of SATCOM Network Providers and Customers, which provides mitigations and resources to strengthen SATCOM provider and customer cybersecurity.

CISA and FBI strongly encourage critical infrastructure organizations and, specifically, organizations that are SATCOM network providers or customers to review the joint CSA and implement the mitigations. CISA and FBI will update the joint CSA as new information becomes available.

This product is provided subject to this Notification and this Privacy & Use policy.

Broadcom Software Discloses APT Actors Deploying Daxin Malware in Global Espionage Campaign

02/28/2022 10:01 AM EST

Original release date: February 28, 2022

Broadcom Software—an industry member of CISA’s Joint Cyber Defense Collaborative (JCDC)—uncovers an advanced persistent threat (APT) campaign against select governments and other critical infrastructure targets in a publication titled Daxin: Stealthy Backdoor Designed for Attacks Against Hardened Networks. The Symantec Threat Hunter team, part of Broadcom Software, worked with CISA to engage with multiple governments targeted with Daxin malware and assisted in detection and remediation.

Daxin malware is a highly sophisticated rootkit backdoor with complex, stealthy command and control (C2) functionality that enabled remote actors to communicate with secured devices not connected directly to the internet. Daxin appears to be optimized for use against hardened targets, allowing the actors to deeply burrow into targeted networks and exfiltrate data without raising suspicions.  

CISA urges organizations to review Daxin: Stealthy Backdoor Designed for Attacks Against Hardened Networks for more information and for a list of indicators of compromise that may aid in the detection of this activity.

Report incidents related to this activity to CISA and/or the FBI via your local FBI field office or the FBI’s 24/7 CyWatch at (855) 292-3937 or CyWatch@fbi.gov.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA Releases Security Advisory for Airspan Networks Mimosa

02/03/2022 08:09 AM EST

Original release date: February 3, 2022

CISA has released an Industrial Controls Systems Advisory (ICSA) that details vulnerabilities in the Airspan Networks Mimosa product line. An attacker could exploit these vulnerabilities to achieve remote code execution, create a denial-of-service condition, or obtain sensitive information.

CISA encourages users and administrators to review ICSA-22-034-02: Airspan Networks Mimosa for more information and apply the necessary mitigations.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA Adds Eight Known Exploited Vulnerabilities to Catalog

01/28/2022 11:32 AM EST

Original release date: January 28, 2022

CISA has added eight new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise.

CVE Number CVE Title Required Action Due Date
CVE-2022-22587 Apple IOMobileFrameBuffer Memory Corruption Vulnerability 2/11/2022
CVE-2021-20038 SonicWall SMA 100 Appliances Stack-Based Buffer Overflow Vulnerability 2/11/2022
CVE-2014-7169 GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability 7/28/2022
CVE-2014-6271 GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability 7/28/2022
CVE-2020-0787 Microsoft Windows Background Intelligent Transfer Service (BITS) Improper Privilege Management Vulnerability 7/28/2022
CVE-2014-1776 Microsoft Internet Explorer Use-After-Free Vulnerability 7/28/2022
CVE-2020-5722 Grandstream Networks UCM6200 Series SQL Injection Vulnerability 7/28/2022
CVE-2017-5689 Intel Active Management Technology (AMT), Small Business Technology (SBT), and Standard Manageability Privilege Escalation Vulnerability 7/28/2022

 

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise. BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the meet the specified criteria.

This product is provided subject to this Notification and this Privacy & Use policy.

Juniper Networks Releases Security Updates for Multiple Products

01/13/2022 11:17 AM EST

Original release date: January 13, 2022

Juniper Networks has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the Juniper Networks security advisories page and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Palo Alto Networks Release Security Updates for PAN-OS

11/12/2021 09:15 AM EST

Original release date: November 12, 2021

Palo Alto Networks has released security updates to address a vulnerability affecting PAN-OS firewall configurations with GlobalProtect portal and gateway interfaces. These updates address a vulnerability that only affects old versions of PAN-OS (8.1.16 and earlier). An unauthenticated attacker with network access could exploit this vulnerability to take control of an affected system.

CISA encourages users and administrators to review Palo Alto Security Advisory for CVE-2021-3064 and apply the necessary updates or workarounds.

This product is provided subject to this Notification and this Privacy & Use policy.