Current Activity

Codecov Releases New Detections for Supply Chain Compromise

Original release date: April 30, 2021CISA is aware of a compromise of the Codecov software supply chain in which a malicious threat actor made unauthorized alterations of Codecov’s Bash Uploader…

Comments Off

April 30, 2021

Current Activity

CISA Releases ICS Advisory on Real-Time Operating System Vulnerabilities

Original release date: April 29, 2021CISA has released Industrial Control Systems Advisory ICSA-21-119-04 Multiple RTOS to provide notice of multiple vulnerabilities found in real-time operating systems (RTOS) and supporting libraries.…

Comments Off

April 29, 2021

Current Activity

CISA and NIST Release New Interagency Resource: Defending Against Software Supply Chain Attacks

Original release date: April 26, 2021A software supply chain attack—such as the recent SolarWinds Orion attack—occurs when a cyber threat actor infiltrates a software vendor’s network and employs malicious code…

Comments Off

April 27, 2021

Current Activity

FBI-DHS-CISA Joint Advisory on Russian Foreign Intelligence Service Cyber Operations

Original release date: April 26, 2021The Federal Bureau of Investigation (FBI), Department of Homeland Security, and CISA have released a Joint Cybersecurity Advisory (CSA) addressing Russian Foreign Intelligence Service (SVR) cyber…

Comments Off

April 27, 2021

Current Activity

CISA Incident Response to SUPERNOVA Malware

Original release date: April 22, 2021CISA has released AR21-112A: CISA Identifies SUPERNOVA Malware During Incident Response to provide analysis of a compromise in an organization’s enterprise network by an advance…

Comments Off

April 22, 2021

Current Activity

SonicWall Releases Patches for Email Security Products

Original release date: April 21, 2021CISA is aware of three vulnerabilities affecting SonicWall Email Security products: CVE-2021-20021, CVE-2021-20022, and CVE-2021-20023. A remote attacker could exploit these vulnerabilities to take control…

Comments Off

April 21, 2021

Current Activity

CISA Issues Emergency Directive on Pulse Connect Secure

Original release date: April 20, 2021CISA has issued Emergency Directive (ED) 21-03, as well as Alert AA21-110A, to address the exploitation of vulnerabilities affecting Pulse Connect Secure (PCS) software. An…

Comments Off

April 21, 2021

Current Activity

CISA Releases Alert on Exploitation of Pulse Connect Secure Vulnerabilities

Original release date: April 20, 2021CISA is aware of ongoing exploitation of Ivanti Pulse Connect Secure vulnerabilities compromising U.S. government agencies, critical infrastructure entities, and private sector organizations. In response,…

Comments Off

April 20, 2021

Current Activity

Oracle Releases April 2021 Critical Patch Update

Original release date: April 20, 2021Oracle has released its Critical Patch Update for April 2021 to address 384 vulnerabilities across multiple products. A remote attacker could exploit some of these…

Comments Off

April 20, 2021

Current Activity

CISA and CNMF Analysis of SolarWinds-related Malware

Original release date: April 15, 2021CISA and the Department of Defense (DoD) Cyber National Mission Force (CNMF) have analyzed additional SolarWinds-related malware variants—referred to as SUNSHUTTLE and SOLARFLARE. One of…

Comments Off

April 15, 2021