VMWare Releases Guidance for VirtualPITA, VirtualPIE, and VirtualGATE Malware Targeting vSphere on 29/09/2022 at 9:13 pm
Original release date: September 29, 2022VMWare has released Protecting vSphere From Specialized Malware, addressing malware artifacts known as VirtualPITA (ESXi & Linux), VirtualPIE (ESXi), and VirtualGATE (Windows), which are used to exploit and gain persistent access to instances of ESXi.
CISA urges organizations employing VMWare ESXi to review the following for more information and to apply recommended mitigations and threat hunting guidance:
VMware: Protecting vSphere From Specialized Malware
VMware: Knowledge Base 89619 – Mitigation and Threat Hunting Guidance for Unsigned vSphere Installation Bundles (VIBs) in ESXi (including a script to audit ESXi hosts)
VMWare: vSphere Security Configuration Guides (baseline hardening guidance for VMware vSphere)
This product is provided subject to this Notification and this Privacy & Use policy.
CISA Publishes User Guide to Prepare for Nov. 1 Move to TLP 2.0 on 29/09/2022 at 4:15 pm
Original release date: September 29, 2022CISA has published its Traffic Light Protocol 2.0 User Guide and Traffic Light Protocol: Moving to Version 2.0 fact sheet in preparation for its November 1, 2022 move from Traffic Light Protocol (TLP) Version 1.0 to TLP 2.0.
Managed by the Forum of Incident Response and Security Teams (FIRST), TLP is a system of markings that communicates information sharing permissions. According to FIRST, the purpose of TLP is “to facilitate greater sharing of potentially sensitive information and more effective collaboration.” Note: Unlike formal classification systems, TLP is not legally binding.
TLP Version 2.0 brings the following key updates:
TLP:CLEAR replaces TLP:WHITE for publicly releasable information.
TLP:AMBER+STRICT supplements TLP:AMBER, clarifying when information may be shared with the recipient’s organization only.
Note: CISA’s Automated Indicator Sharing (AIS) capability will not update from TLP 1.0 to TLP 2.0 until March 2023. This exception includes AIS’s use of the following open standards: the Structured Threat Information Expression (STIX™) for cyber threat indicators and defensive measures information and the Trusted Automated Exchange of Intelligence Information (TAXII™) for machine-to-machine communications.
As CISA prepares to implement this update, we want to inform partners of the upcoming change and encourage all network defenders to adopt TLP Version 2.0 to facilitate greater information sharing and collaboration.
For more information on TLP, visit FIRST’s TLP webpage at www.first.org/tlp/. On November 1, 2022, CISA will update www.cisa.gov/tlp to reflect the TLP Version 2.0 changes.
This product is provided subject to this Notification and this Privacy & Use policy.
CISA Releases Six Industrial Control Systems Advisories on 28/09/2022 at 4:52 pm
Original release date: September 28, 2022 | Last revised: September 29, 2022CISA has released six (6) Industrial Control Systems (ICS) advisories on September 29, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations:
ICSA-22-272-01 Hitachi Energy MicroSCADA Pro X SYS600_8DBD000106
ICSA-22-272-02 Hitachi Energy MicroSCADA Pro X SYS600_8DBD000107
ICSMA-22-251-01 Baxter Sigma Spectrum Infusion Pump (Update A)
ICSA-22-235-01 ARC Informatique PcVue (Update A)
ICSA-22-244-01 Delta Electronics DOPSoft (Update A)
ICSA-21-182-03 Delta Electronics DOPSoft (Update B)
This product is provided subject to this Notification and this Privacy & Use policy.