The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

RSS feed for current activities

Updates on Microsoft Exchange Server Vulnerabilities

CISA has added two new Malware Analysis Reports (MARs) to Alert AA21-062A: Mitigate Microsoft Exchange Server Vulnerabilities.

Using Aviary to Analyze Post-Compromise Threat Activity in M365 Environments

Aviary is a new dashboard that CISA and partners developed to help visualize and analyze outputs from its Sparrow detection tool released in December 2020. Sparrow helps network defenders detect possible compromised accounts and applications in Azure/Microsoft O365 environments. CISA created Sparrow to support hunts for threat activity following the SolarWinds compromise. Aviary—a Splunk-based dashboard—facilitates analysis of Sparrow data outputs.

Cisco Releases Security Updates for Multiple Products

Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.
 
CISA encourages users and administrators to review the following Cisco Advisory and apply the necessary updates:

Malicious Cyber Activity Targeting Critical SAP Applications

SAP systems running outdated or misconfigured software are exposed to increased risks of malicious attacks. SAP applications help organizations manage critical business processes—such as enterprise resource planning, product lifecycle management, customer relationship management, and supply chain management.  

VMware Releases Security Update

VMware has released a security update to address a vulnerability in VMware Carbon Black Cloud Workload appliance. A remote attacker could exploit this vulnerability to take control of an affected system.

CISA encourages users and administrators to review VMware Security Advisory VMSA-2021-005 and apply the necessary updates.

FBI-CISA Joint Advisory on Exploitation of Fortinet FortiOS Vulnerabilities

The Federal Bureau of Investigation (FBI) and CISA have released a Joint Cybersecurity Advisory (CSA) to warn users and administrators of the likelihood that advanced persistent threat (APT) actors are actively exploiting known Fortinet FortiOS vulnerabilities CVE-2018-13379, CVE-2020-12812, and CVE-2019-5591.