- Citrix Releases Security Updates for Hypervisor
- CISA Releases Cloud Security Technical Reference Architecture
- Malicious Cyber Actors Continue to Exploit Log4Shell in VMware Horizon Systems
- CISA Releases Security Advisories Related to OT:ICEFALL (Insecure by Design) Report
- Keeping PowerShell: Measures to Use and Embrace
- Google Releases Security Updates for Chrome
_______________________________
Citrix Releases Security Updates for Hypervisor
Situation:
Citrix has released security updates.
Problem:
Current versions have vulnerabilities that could affect Hypervisor.
Implication:
An attacker could exploit one of these vulnerabilities to take control of an affected system.
Need:
We strongly encourage users and administrators to review Citrix Security Update CTX460064 and apply the necessary updates as soon as possible.
Additional Resources:
CISA Bulletin:
Citrix Security Update CTX460064:
https://support.citrix.com/article/CTX460064/citrix-hypervisor-security-update
________________________________
CISA Releases Cloud Security Technical Reference Architecture
Situation:
CISA has released its Cloud Security (CS) Technical Reference Architecture (TRA) to guide federal civilian departments and agencies in securely migrating to the cloud.
Problem:
Agencies are uninformed of the advantages and inherent risks of adopting cloud-based services as they begin to implement zero trust architectures.
Implication:
Uninformed organizations are less able to identify, detect, protect, respond, and recover from cyber incidents.
Need:
We encourage organizations who are in involved in cloud migration to review and implement the Cloud Security (CS) Technical Reference Architecture (TRA).
Additional Resources:
CISA Bulletin:
https://www.cisa.gov/uscert/ncas/current-activity/2022/06/23/cisa-releases-cloud-security-technical-reference-architecture
Executive Order 14028, Improving the Nation’s Cybersecurity:
Cloud Security (CS) Technical Reference Architecture (TRA):
________________________________
Malicious Cyber Actors Continue to Exploit Log4Shell in VMware Horizon Systems
Situation:
CISA and the United States Coast Guard Cyber Command (CGCYBER) have released a joint Cybersecurity Advisory (CSA) to warn network defenders of the exploitation of CVE-2021-44228 (Log4Shell) in VMware Horizon and Unified Access Gateway (UAG) servers.
Problem:
Cyber threat actors continue to exploit CVE-2021-44228 (Log4Shell) in VMware Horizon and Unified Access Gateway (UAG) to obtain initial access to organizations that did not apply available patches.
Implication:
An attacker could exploit Log4Shell vulnerability to take control of an affected system.
Need:
CISA and CGCYBER strongly encourage users and administrators to update all affected VMware Horizon and UAG systems to the latest versions.
Additional Resources:
Link to CISA Bulletin:
https://www.cisa.gov/uscert/ncas/current-activity/2022/06/23/malicious-cyber-actors-continue-exploit-log4shell-vmware-horizon
Malicious Cyber Actors Continue to Exploit Log4Shell in VMware Horizon Systems:
https://www.cisa.gov/uscert/ncas/alerts/aa22-174a
VMware’s release of updates for Log4Shell:
https://www.vmware.com/security/advisories/VMSA-2021-0028.html
________________________________
CISA Releases Security Advisories Related to OT:ICEFALL (Insecure by Design) Report
Situation:
Forescout researchers have released OT:ICEFALL, a report on 56 vulnerabilities.
Problem:
Vulnerabilities caused by insecure-by-design practices in operational technology across multiple vendors.
Implication:
An attacker could exploit some of these vulnerabilities to take control of an affected system.
Need:
CISA encourages users and administrators to review the OT:ICEFALL report as well as the following ICSAs for technical details and mitigations.
- ICSA-22-172-02 : JTEKT TOYOPUC
- ICSA-22-172-03 : Phoenix Contact Classic Line Controllers
- ICSA-22-172-04 : Phoenix Contact ProConOS and MULTIPROG
- ICSA-22-172-05 : Phoenix Contact Classic Line Industrial Controllers
- ICSA-22-172-06 : Siemens WinCC OA
Additional Resources:
Link to CISA Bulletin:
https://www.cisa.gov/uscert/ncas/current-activity/2022/06/22/cisa-releases-security-advisories-related-oticefall-insecure
OT:ICEFALL:
https://www.forescout.com/research-labs/ot-icefall/
________________________________
Keeping PowerShell: Measures to Use and Embrace
Situation:
Cybersecurity authorities from the United States, New Zealand, and the United Kingdom have released a joint Cybersecurity Information Sheet (CIS) on PowerShell.
Problem:
It is not always possible for an organization to disable PowerShell entirely.
Implication:
Malicious actors frequently use PowerShell after gaining access into victim networks in order to actions on their objective.
Need:
Organizations should review the CIS recommendations (link below) for proper configuration and monitoring of PowerShell. These recommendations will help defenders detect and prevent abuse by malicious cyber actors, while enabling legitimate use by administrators and defenders.
Additional Resources:
Link to CISA bulletin
https://www.cisa.gov/uscert/ncas/current-activity/2022/06/22/keeping-powershell-measures-use-and-embrace
Keeping PowerShell:
________________________________
Google Releases Security Updates for Chrome
Situation:
Google has released Chrome version 103.0.5060.53 for Windows, Mac, and Linux.
Problem:
An attacker could exploit to take control of an affected system.
Implication:
This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.
Need:
CISA encourages users and administrators to review the Chrome Release Note and apply the necessary update.
Additional Resources:
Stable Channel update for desktop:
https://chromereleases.googleblog.com/2022/06/stable-channel-update-for-desktop_21.html