#1 Trusted Cybersecurity News Platform Followed by 3.45+ million
The Hacker News Logo
Subscribe to Newsletter

CISA | Breaking Cybersecurity News | The Hacker News

CISA Alert: Oracle E-Business Suite and SugarCRM Vulnerabilities Under Attack

CISA Alert: Oracle E-Business Suite and SugarCRM Vulnerabilities Under Attack
Feb 03, 2023 Vulnerability Management
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on February 2  added  two security flaws to its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active exploitation. The first of the two vulnerabilities is  CVE-2022-21587  (CVSS score: 9.8), a critical issue impacting versions 12.2.3 to 12.2.11 of the Oracle Web Applications Desktop Integrator product. "Oracle E-Business Suite contains an unspecified vulnerability that allows an unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator," CISA  said . The issue was addressed by Oracle as part of its Critical Patch Update released in October 2022. Not much is known about the nature of the attacks exploiting the vulnerability, but the development follows the publication of a proof-of-concept (PoC) by cybersecurity firm Viettel on January 16, 2023. The second security flaw to be added to the KEV catalog is  CVE-2023-22952  (CVSS score:

CISA Warns of Flaws Affecting Industrial Control Systems from Major Manufacturers

CISA Warns of Flaws Affecting Industrial Control Systems from Major Manufacturers
Jan 16, 2023 Industrial Control Systems
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released several Industrial Control Systems (ICS)  advisories  warning of critical security flaws affecting products from Sewio, InHand Networks, Sauter Controls, and Siemens. The most severe of the flaws relate to Sewio's RTLS Studio, which could be exploited by an attacker to "obtain unauthorized access to the server, alter information, create a denial-of-service condition, gain escalated privileges, and execute arbitrary code,"  according to CISA . This includes CVE-2022-45444 (CVSS score: 10.0), a case of hard-coded passwords for select users in the application's database that potentially grant remote adversaries unrestricted access. Also notable are two command injection flaws (CVE-2022-47911 and CVE-2022-43483, CVSS scores: 9.1) and an out-of-bounds write vulnerability (CVE-2022-41989, CVSS score: 9.1) that could result in denial-of-service condition or code execution. The vulnerabilities

CISA Warns of Active exploitation of JasperReports Vulnerabilities

CISA Warns of Active exploitation of JasperReports Vulnerabilities
Dec 30, 2022 Patch Management
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has  added  two years-old security flaws impacting TIBCO Software's JasperReports product to its Known Exploited Vulnerabilities ( KEV ) catalog, citing evidence of active exploitation. The flaws, tracked as  CVE-2018-5430  (CVSS score: 7.7) and  CVE-2018-18809  (CVSS score: 9.9), were addressed by TIBCO in April 2018 and March 2019, respectively. TIBCO  JasperReports  is a Java-based reporting and data analytics platform for creating, distributing, and managing reports and dashboards. The first of the two issues, CVE-2018-5430, relates to an  information disclosure bug  in the server component that could enable an authenticated user to gain read-only access to arbitrary files, including key configurations. "The impact includes the possible read-only access by authenticated users to web application configuration files that contain the credentials used by the server," TIBCO noted at the time. "Tho

CISA Warns of Multiple Critical Vulnerabilities Affecting Mitsubishi Electric PLCs

CISA Warns of Multiple Critical Vulnerabilities Affecting Mitsubishi Electric PLCs
Dec 02, 2022 ICS Security / Encryption
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week released an Industrial Control Systems (ICS) advisory warning of multiple vulnerabilities in Mitsubishi Electric GX Works3 engineering software. "Successful exploitation of these vulnerabilities could allow unauthorized users to gain access to the MELSEC iQ-R/F/L series CPU modules and the MELSEC iQ-R series OPC UA server module or to view and execute programs," the agency  said . GX Works3  is an  engineering workstation  software used in ICS environments, acting as a mechanism for uploading and downloading programs from/to the controller, troubleshooting software and hardware issues, and performing maintenance operations. The wide range of functions also makes the platform an attractive target for threat actors looking to compromise such systems to commandeer the  managed PLCs . Three of the 10 shortcomings relate to cleartext storage of sensitive data, four relate to the use of a hard-coded cr

What the CISA Reporting Rule Means for Your IT Security Protocol

What the CISA Reporting Rule Means for Your IT Security Protocol
Dec 02, 2022 Incident Reporting / Password Policy
The new  Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA)  requires CISA to create rules regarding cyber incident reporting by critical infrastructure organizations. The RFI and hearings precede a Notice of Proposed Rulemaking (NPRM) that CISA must publish sooner than  24 months  from the enactment of CIRCIA, which the President signed into law  in March . The sessions and NPRM are steps toward creating the new rule.  CISA is  soliciting expert opinion on what to include  in a report but is taking steps to implement the change soon. Here's what that change means for businesses in the US and what you can do about it now.  Overview of the CISA reporting rule  Owners and operators of critical infrastructure must file cyber incident reports with CISA  within 72 hours . They must report ransom payments for ransomware attacks  within 24 hours . Other businesses can take part voluntarily.  The CISA Director can  subpoena  organizations in noncompliance to compel

Cuba Ransomware Extorted Over $60 Million in Ransom Fees from More than 100 Entities

Cuba Ransomware Extorted Over $60 Million in Ransom Fees from More than 100 Entities
Dec 02, 2022 Data Security / Incident Response
The threat actors behind Cuba (aka COLDDRAW) ransomware have received more than $60 million in ransom payments and compromised over 100 entities across the world as of August 2022. In a new advisory shared by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI), the agencies  highlighted  a "sharp increase in both the number of compromised U.S. entities and the ransom amounts." The ransomware crew, also known as  Tropical Scorpius , has been observed targeting financial services, government facilities, healthcare, critical manufacturing, and IT sectors, while simultaneously expanding its tactics to gain initial access and interact with breached networks. It's worth noting that despite the name "Cuba," there is no evidence to suggest that the actors have any connection or affiliation with the island country. The entry point for the attacks involves the exploitation of known security flaws, phishing,

CISA Warns of Actively Exploited Critical Oracle Fusion Middleware Vulnerability

CISA Warns of Actively Exploited Critical Oracle Fusion Middleware Vulnerability
Nov 29, 2022
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday  added  a critical flaw impacting Oracle Fusion Middleware to its Known Exploited Vulnerabilities ( KEV ) Catalog, citing evidence of active exploitation. The vulnerability, tracked as  CVE-2021-35587 , carries a CVSS score of 9.8 and impacts Oracle Access Manager (OAM) versions 11.1.2.3.0, 12.2.1.3.0, and 12.2.1.4.0. Successful exploitation of the remote command execution bug could enable an unauthenticated attacker with network access to completely compromise and take over Access Manager instances. "It may give the attacker access to OAM server, to create any user with any privileges, or just get code execution in the victim's server," Vietnamese security researcher Nguyen Jang ( Janggggg ), who reported the bug alongside  peterjson ,  noted  earlier this March. The issue was addressed by Oracle as part of its  Critical Patch Update  in January 2022. Additional details regarding the natu

Hive Ransomware Attackers Extorted $100 Million from Over 1,300 Companies Worldwide

Hive Ransomware Attackers Extorted $100 Million from Over 1,300 Companies Worldwide
Nov 18, 2022
The threat actors behind the Hive ransomware-as-a-service (RaaS) scheme have launched attacks against over 1,300 companies across the world, netting the gang $100 million in illicit payments as of November 2022. "Hive ransomware has targeted a wide range of businesses and critical infrastructure sectors, including government facilities, communications, critical manufacturing, information technology, and — especially — Healthcare and Public Health (HPH)," U.S. cybersecurity and intelligence authorities  said  in an alert. Active since June 2021, Hive's RaaS operation involves a mix of developers, who create and manage the malware, and affiliates, who are responsible for conducting the attacks on target networks by often purchasing initial access from initial access brokers (IABs). In most cases, gaining a foothold involves the exploitation of  ProxyShell flaws  in Microsoft Exchange Server, followed by taking steps to terminate processes associated with antivirus engi

Iranian Hackers Compromised a U.S. Federal Agency's Network Using Log4Shell Exploit

Iranian Hackers Compromised a U.S. Federal Agency’s Network Using Log4Shell Exploit
Nov 17, 2022
Iranian government-sponsored threat actors have been blamed for compromising a U.S. federal agency by taking advantage of the Log4Shell vulnerability in an unpatched VMware Horizon server. The details, which were shared by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), come in response to incident response efforts undertaken by the authority from mid-June through mid-July 2022. "Cyber threat actors exploited the Log4Shell vulnerability in an unpatched VMware Horizon server, installed XMRig crypto mining software, moved laterally to the domain controller (DC), compromised credentials, and then implanted Ngrok reverse proxies on several hosts to maintain persistence," CISA  noted . LogShell, aka  CVE-2021-44228 , is a critical remote code execution flaw in the widely-used Apache Log4j Java-based logging library. It was addressed by the open source project maintainers in December 2021. The latest development  marks  the  continued   abuse  of the Log4j v

CISA Warns of Critical Vulnerabilities in 3 Industrial Control System Software

CISA Warns of Critical Vulnerabilities in 3 Industrial Control System Software
Nov 04, 2022
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has  published  three Industrial Control Systems (ICS) advisories about multiple vulnerabilities in software from ETIC Telecom, Nokia, and Delta Industrial Automation. Prominent among them is a set of three flaws affecting ETIC Telecom's Remote Access Server (RAS), which "could allow an attacker to obtain sensitive information and compromise the vulnerable device and other connected machines," CISA said. This includes CVE-2022-3703 (CVSS score: 9.0), a critical flaw that stems from the RAS web portal's inability to verify the authenticity of firmware, thereby making it possible to slip in a rogue package that grants backdoor access to the adversary. Two other flaws relate to a directory traversal bug in the RAS API (CVE-2022-41607, CVSS score: 8.6) and a file upload issue (CVE-2022-40981, CVSS score: 8.3) that can be exploited to read arbitrary files and upload malicious files that can compromise th

CISA Warns of Critical Flaws Affecting Industrial Appliances from Advantech and Hitachi

CISA Warns of Critical Flaws Affecting Industrial Appliances from Advantech and Hitachi
Oct 19, 2022
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday released two Industrial Control Systems (ICS)  advisories  pertaining to severe flaws in Advantech R-SeeNet and Hitachi Energy APM Edge appliances. This consists of three weaknesses in the R-SeeNet monitoring solution, successful exploitation of which "could result in an unauthorized attacker remotely deleting files on the system or allowing remote code execution." The list of issues, which affect R-SeeNet Versions 2.4.17 and prior, is as follows - CVE-2022-3385 and CVE-2022-3386  (CVSS scores: 9.8) - Two stack-based buffer overflow flaws that could lead to remote code execution CVE-2022-3387  (CVSS score: 6.5) - A path traversal flaw that could enable a remote attacker to delete arbitrary PDF files Patches have been made available in version  R-SeeNet version 2.4.21  released on September 30, 2022. Also published by CISA is an update to a December 2021 advisory about multiple flaws in Hitac

FBI, CISA, and NSA Reveal How Hackers Targeted a Defense Industrial Base Organization

FBI, CISA, and NSA Reveal How Hackers Targeted a Defense Industrial Base Organization
Oct 05, 2022
U.S. cybersecurity and intelligence agencies on Tuesday disclosed that multiple nation-state hacking groups potentially targeted a "Defense Industrial Base (DIB) Sector organization's enterprise network" as part of a cyber espionage campaign. "[Advanced persistent threat] actors used an open-source toolkit called  Impacket  to gain their foothold within the environment and further compromise the network, and also used a custom data exfiltration tool, CovalentStealer, to steal the victim's sensitive data," the authorities  said . The  joint advisory , which was authored by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA), said the adversaries likely had long-term access to the compromised environment. The findings are the result of CISA's incident response efforts in collaboration with cybersecurity company Mandiant from November 2021 through January 2022. I

CISA Orders Federal Agencies to Regularly Track Network Assets and Vulnerabilities

CISA Orders Federal Agencies to Regularly Track Network Assets and Vulnerabilities
Oct 04, 2022
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a new Binding Operational Directive (BOD) that directs federal agencies in the country to keep track of assets and vulnerabilities on their networks six months from now. To that end, Federal Civilian Executive Branch (FCEB) enterprises have been tasked with two sets of activities: Asset discovery and vulnerability enumeration, which are seen as essential steps to gain "greater visibility into risks facing federal civilian networks." This  involves  carrying out automated asset discovery every seven days and initiating vulnerability enumeration across those discovered assets every 14 days by April 3, 2023, in addition to having the capabilities to do so on an on-demand basis within 72 hours of receiving a request from CISA. Similar baseline vulnerability enumeration obligations have also been put in place for Android and iOS devices as well as other devices that reside outside of agency on-premise

CISA Warns of Hackers Exploiting Recent Zoho ManageEngine Vulnerability

CISA Warns of Hackers Exploiting Recent Zoho ManageEngine Vulnerability
Sep 23, 2022
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday  added  a recently disclosed security flaw in Zoho ManageEngine to its Known Exploited Vulnerabilities ( KEV ) Catalog, citing evidence of active exploitation. "Zoho ManageEngine PAM360, Password Manager Pro, and Access Manager Plus contain an unspecified vulnerability which allows for remote code execution," the agency said in a notice. The  critical vulnerability , tracked as  CVE-2022-35405 , is rated 9.8 out of 10 for severity on the CVSS scoring system, and was patched by Zoho as part of updates released on June 24, 2022. Although the exact nature of the flaw remains unknown, the India-based enterprise solutions company  said  it addressed the issue by removing the vulnerable components that could lead to the remote execution of arbitrary code. Zoho has also warned of the public availability of a proof-of-concept (PoC) exploit for the vulnerability, making it imperative that customers move

Critical Remote Hack Flaws Found in Dataprobe's Power Distribution Units

Critical Remote Hack Flaws Found in Dataprobe's Power Distribution Units
Sep 21, 2022
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday released an industrial control systems (ICS) advisory warning of seven security flaws in Dataprobe's iBoot-PDU power distribution unit product, mostly used in industrial environments and data centers. "Successful exploitation of these vulnerabilities could lead to unauthenticated remote code execution on the Dataprobe iBoot-PDU device," the agency  said  in a notice. Credited with disclosing the flaws is industrial cybersecurity firm Claroty, which  said  the weaknesses could be remotely triggered "either through a direct web connection to the device or via the cloud." iBoot-PDU  is a power distribution unit (PDU) that provides users with real-time monitoring capabilities and sophisticated alerting mechanisms via a web interface so as to control the power supply to devices and other equipment in an OT environment. The vulnerabilities assume new significance when taking into consid

Warning: PyPI Feature Executes Code Automatically After Python Package Download

Warning: PyPI Feature Executes Code Automatically After Python Package Download
Sep 02, 2022
In another finding that could expose developers to increased risk of a supply chain attack, it has emerged that nearly one-third of the packages in PyPI, the Python Package Index, trigger automatic code execution upon downloading them. "A worrying feature in pip/PyPI allows code to automatically run when developers are merely downloading a package," Checkmarx researcher Yehuda Gelb  said  in a technical report published this week. "Also, this feature is alarming due to the fact that a great deal of the malicious packages we are finding in the wild use this feature of code execution upon installation to achieve higher infection rates." One of the ways by which packages can be installed for Python is by executing the " pip install " command, which, in turn, invokes a file called "setup.py" that comes bundled along with the module. "setup.py," as the name implies, is a  setup script  that's used to specify metadata associated wit

CISA Adds 10 New Known Actively Exploited Vulnerabilities to its Catalog

CISA Adds 10 New Known Actively Exploited Vulnerabilities to its Catalog
Aug 29, 2022
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added 10 new actively exploited vulnerabilities to its  Known Exploited Vulnerabilities (KEV) Catalog , including a high-severity security flaw affecting industrial automation software from Delta Electronics. The issue, tracked as  CVE-2021-38406  (CVSS score: 7.8), impacts DOPSoft 2 versions 2.00.07 and prior. A successful exploitation of the flaw may lead to arbitrary code execution. "Delta Electronics DOPSoft 2 lacks proper validation of user-supplied data when parsing specific project files (improper input validation) resulting in an out-of-bounds write that allows for code execution," CISA said in an alert. It's worth noting that CVE-2021-38406 was originally disclosed as part of an industrial control systems (ICS) advisory  published  in September 2021. However, there are no patches that address the vulnerability, with CISA noting that the "impacted product is end-of-life and shoul

CISA Warns of Active Exploitation of Palo Alto Networks' PAN-OS Vulnerability

CISA Warns of Active Exploitation of Palo Alto Networks' PAN-OS Vulnerability
Aug 23, 2022
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday  added  a security flaw impacting Palo Alto Networks PAN-OS to its  Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. The high-severity vulnerability, tracked as  CVE-2022-0028  (CVSS score: 8.6), is a URL filtering policy misconfiguration that could allow an unauthenticated, remote attacker to carry out reflected and amplified TCP denial-of-service (DoS) attacks. "If exploited, this issue would not impact the confidentiality, integrity, or availability of our products," Palo Alto Networks said in an alert. "However, the resulting denial-of-service (DoS) attack may help obfuscate the identity of the attacker and implicate the firewall as the source of the attack. The weakness impacts the following product versions and has been addressed as part of updates released this month - PAN-OS 10.2 (version < 10.2.2-h2) PAN-OS 10.1 (version < 10.1.6-h6) PAN-O

CISA Adds 7 New Actively Exploited Vulnerabilities to Catalog

CISA Adds 7 New Actively Exploited Vulnerabilities to Catalog
Aug 20, 2022
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday moved to add a  critical SAP security flaw  to its  Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. The issue in question is  CVE-2022-22536 , which has received the highest possible risk score of 10.0 on the CVSS vulnerability scoring system and was addressed by SAP as part of its Patch Tuesday updates for February 2022. Described as an HTTP request smuggling vulnerability, the shortcoming impacts the following product versions - SAP Web Dispatcher (Versions - 7.49, 7.53, 7.77, 7.81, 7.85, 7.22EXT, 7.86, 7.87) SAP Content Server (Version - 7.53) SAP NetWeaver and ABAP Platform (Versions - KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT, 7.49) "An unauthenticated attacker can prepend a victim's request with arbitrary data, allowing for function execution impersonating the victim

CISA Adds Zimbra Email Vulnerability to its Exploited Vulnerabilities Catalog

CISA Adds Zimbra Email Vulnerability to its Exploited Vulnerabilities Catalog
Aug 05, 2022
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a recently disclosed high-severity vulnerability in the Zimbra email suite to its  Known Exploited Vulnerabilities Catalog , citing  evidence of active exploitation . The issue in question is  CVE-2022-27924  (CVSS score: 7.5), a command injection flaw in the platform that could lead to the execution of arbitrary Memcached commands and theft of sensitive information. "Zimbra Collaboration (ZCS) allows an attacker to inject memcached commands into a targeted instance which causes an overwrite of arbitrary cached entries," CISA said. Specifically, the bug relates to a case of insufficient validation of user input that, if successfully exploited, could enable attackers to steal cleartext credentials from users of targeted Zimbra instances. The issue was  disclosed  by SonarSource in June, with  patches  released by Zimbra on May 10, 2022, in versions 8.8.15 P31.1 and 9.0.0 P24.1. CISA hasn
More Resources