Category: alerts
Cyber Security Monitor Alerts News Notifications. We monitor and send notifications on the latest Cyber Security alerts, blogs, news on data breaches and emerging cyber threats.
CISA has issued Emergency Directive (ED) 22-02: Mitigate Apache Log4j Vulnerability], directing federal civilian executive branch (FCEB) agencies to address Log4j vulnerabilities—most notably, CVE-2021-44228.
Although ED 22-02 applies to FCEB agencies, CISA strongly recommends that all organizations review ED 22-02 for mitigation guidance. For additional details, see CISA’s webpage Apache Log4j Vulnerability Guidance.
Â
This product is provided subject to this Notification and this Privacy & Use policy.
CISA has announced the joint National Security Agency (NSA) and CISA publication of the final of a four-part series, Security Guidance for 5G Cloud Infrastructures. Part IV: Ensure Integrity of Cloud Infrastructure focuses on platform integrity, microservices infrastructure integrity, launch time integrity, and build time security to ensure that 5G cloud resources are not modified without authorization. This series was published under the Enduring Security Framework (ESF), a public-private cross-sector working group led by NSA and CISA.
CISA encourages 5G providers, integrators, and network operators to review the guidance and consider the recommendations. See CISA’s 5G Security and Resilience webpage for more information.
This product is provided subject to this Notification and this Privacy & Use policy.
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise.
Â
CVE Number | CVE Title | Remediation Due Date |
CVE-2021-43890 | Microsoft Windows AppX Installer Spoofing Vulnerability | 12/29/2021 |
CVE-2021-4102 | Google Chromium V8 Engine Use-After-Free Vulnerability | 12/29/2021 |
Â
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise. BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the meet the specified criteria.Â
This product is provided subject to this Notification and this Privacy & Use policy.
In light of persistent and ongoing cyber threats, CISA urges critical infrastructure owners and operators to take immediate steps to strengthen their computer network defenses against potential cyberattacks. CISA has released CISA Insights: Preparing For and Mitigating Potential Cyber Threats to provide critical infrastructure leaders with steps to proactively strengthen their organization’s operational resiliency against sophisticated threat actors, including nation-states and their proxies.
CISA encourages leadership at all organizations—and critical infrastructure owners and operators in particular—to review the CISA Insights and adopt a heighted state of awareness.
This product is provided subject to this Notification and this Privacy & Use policy.