Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected device.
CISA encourages users and administrators to review the following advisories and apply the necessary updates.
macOS Ventura 13.3
Safari 16.4
Studio Display Firmware Update 16.4
iOS 15.7.4 and iPadOS 15.7.4
tvOS 16.4
macOS Big Sur 11.7.5
iOS 16.4 and iPadOS 16.4
macOS Monterey 12.6.4
watchOS 9.4
Please share your thoughts. We recently updated our anonymous Product Feedback Survey and we’d welcome your feedback.
current-activity
Today, CISA released the Untitled Goose Tool to help network defenders detect potentially malicious activity in Microsoft Azure, Azure Active Directory (AAD), and Microsoft 365 (M365) environments. The Untitled Goose Tool offers novel authentication and data gathering methods for network defenders to use as they interrogate and analyze their Microsoft cloud services. The tool enables users to:
Export and review AAD sign-in and audit logs, M365 unified audit log (UAL), Azure activity logs, Microsoft Defender for IoT (internet of things) alerts, and Microsoft Defender for Endpoint (MDE) data for suspicious activity.
Query, export, and investigate AAD, M365, and Azure configurations.
Extract cloud artifacts from Microsoft’s AAD, Azure, and M365 environments without performing additional analytics.
Perform time bounding of the UAL.
Extract data within those time bounds.
Collect and review data using similar time bounding capabilities for MDE data.
Untitled Goose Tool was developed by CISA with support from Sandia National Laboratories. Network defenders can see the Untitled Goose Tool fact sheet and visit the Untitled Goose Tool GitHub repository to get started.
Cisco has released security advisories for vulnerabilities affecting multiple Cisco products. A remote cyber threat actor could exploit these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review the following advisories and apply the necessary updates:
Cisco IOS XE Software Virtual Fragmentation Reassembly Denial of Service Vulnerability cisco-sa-ipv4-vfr-dos-CXxtFacb
Cisco IOS XE Software IOx Application Hosting Environment Privilege Escalation Vulnerability cisco-sa-iox-priv-escalate-Xg8zkyPk
Cisco IOS XE SD-WAN Software Command Injection Vulnerability cisco-sa-ios-xe-sdwan-VQAhEjYw
Cisco IOS XE Software Fragmented Tunnel Protocol Packet Denial of Service Vulnerability cisco-sa-ios-gre-crash-p6nE5Sq5
Cisco IOS and IOS XE Software IPv6 DHCP (DHCPv6) Relay and Server Denial of Service Vulnerability cisco-sa-ios-dhcpv6-dos-44cMvdDK
Cisco IOS XE Software for Wireless LAN Controllers HTTP Client Profiling Denial of Service Vulnerability cisco-sa-ewlc-dos-wFujBHKw
Cisco DNA Center Privilege Escalation Vulnerability cisco-sa-dnac-privesc-QFXe74RS
Cisco IOS XE Software for Cisco Catalyst 9300 Series Switches Secure Boot Bypass Vulnerability cisco-sa-c9300-spi-ace-yejYgnNQ
Cisco Access Point Software Association Request Denial of Service Vulnerability cisco-sa-ap-assoc-dos-D2SunWK2
For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.
Please share your thoughts. We recently updated our anonymous Product Feedback Survey; we’d welcome your feedback.
CISA released six Industrial Control Systems (ICS) advisories on March 23, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
ICSA-23-082-01 RoboDK
ICSA-23-082-02 CP-Plus KVMS Pro
ICSA-23-082-03 SAUTER EY-modulo 5 Building Automation Stations
ICSA-23-082-04 Schneider Electric IGSS
ICSA-23-082-05 ABB Pulsar Plus Controller
ICSA-23-082-06 ProPump and Controls Osprey Pump Controller
CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations:
Please share your thoughts. We recently updated our anonymous Product Feedback Survey and we’d welcome your feedback.
In today’s blog post, Associate Director of the Joint Cyber Defense Collaborative (JCDC) Clayton Romans highlighted recent successes of pre-ransomware notification and its impact in reducing harm from ransomware intrusions. With pre-ransomware notifications, organizations can receive early warning and potentially evict threat actors before they can encrypt and hold critical data and systems for ransom. Using this proactive cyber defense capability, CISA has notified more than 60 entities of early-stage ransomware intrusions since January 2023, including critical infrastructure organizations in the Energy, Healthcare and Public Health, Water and Wastewater Systems sectors, as well as the education community.
The pre-encryption ransomware notification was cultivated with the help of the cybersecurity research community and through CISA’s relationships with infrastructure providers and cyber threat intelligence companies.
For more information, visit #StopRansomware. To report early-stage ransomware activity, visit Report Ransomware. CISA also encourages stakeholders and network defenders to review associate director Romans’ post, Getting Ahead of the Ransomware Epidemic: CISA’s Pre-Ransomware Notifications Help Organizations Stop Attacks Before Damage Occurs, to learn more about CISA’s Pre-Ransomware Notification Initiative.
Please share your thoughts. We recently updated our anonymous Product Feedback Survey and we’d welcome your feedback.
As part of the Enduring Security Framework (ESF), the Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) has released Identity and Access Management Recommended Best Practices Guide for Administrators. These recommended best practices provide system administrators with actionable recommendations to better secure their systems from threats to Identity and Access Management (IAM).
IAM—a framework of business processes, policies, and technologies that facilitate the management of digital identities—ensures that users only gain access to data when they have the appropriate credentials. This paper provides recommended best practices and mitigations to counter threats to IAM related to:
identity governance
environmental hardening
identity federation/single sign-on
multifactor authentication
IAM auditing and monitoring
This guidance was developed and published by a CISA- and NSA-led working panel with ESF, a public-private cross-sector partnership that aims to address risks that threaten critical infrastructure and national security systems.
CISA released eight Industrial Control Systems (ICS) advisories on March 21, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
ICSA-23-080-01 Keysight N6854A Geolocation Server and N6841A RF Sensor
ICSA-23-080-02 Delta Electronics InfraSuite Device Master
ICSA-23-080-03 Siemens RUGGEDCOM APE1808 Product Family
ICSA-23-080-04 Siemens RADIUS Client of SIPROTEC 5 Devices
ICSA-23-080-05 VISAM VBASE Automation Base
ICSA-23-080-06 Rockwell Automation ThinManager
ICSA-23-080-07 Siemens SCALANCE Third-Party
ICSA-21-343-01 Hitachi Energy GMS600, PWC600, and Relion (Update A)
CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations:
Please share your thoughts. We recently updated our anonymous Product Feedback Survey and we’d welcome your feedback.
Content: Today, we published stakeholder-based updates to the Cybersecurity Performance Goals (CPGs). Originally released last October, the CPGs are voluntary practices that businesses and critical infrastructure owners can take to protect themselves against cyber threats. The CPGs have been reorganized, reordered and renumbered to align closely with NIST CSF functions (Identify, Protect, Detect, Respond, and Recover) to help organizations more easily use the CPGs to prioritize investments as part of a broader cybersecurity program built around the CSF.
CISA urges stakeholders to review and learn more by visiting Cross-Sector Cybersecurity Performance Goals.
Drupal has released a security advisory to address an access bypass vulnerability affecting multiple Drupal versions. An attacker could exploit this vulnerability to take control of an affected system.
CISA encourages users and administrators to review Drupal security advisory SA-CONTRIB- 2023-004 for more information and apply the necessary updates.
The Federal Bureau of Investigation (FBI), CISA, and the Multi-State Information Sharing and Analysis Center (MS-ISAC) has released a joint cybersecurity advisory (CSA), #StopRansomware: LockBit 3.0. This joint advisory details known indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) that FBI investigations correlated with LockBit 3.0 ransomware as recently as March 2023. LockBit 3.0 functions as an affiliate-based ransomware variant and is a continuation of LockBit 2.0 and LockBit.
CISA encourages network defenders to review and apply the recommendations in the Mitigations section of this CSA. See StopRansomware.gov for additional guidance on ransomware protection, detection, and response.