The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review Adobe’s Security Bulletins and apply the necessary updates.
Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system.
SolarWinds has released an advisory addressing a vulnerability—CVE-2021-35211—affecting Serv-U Managed File Transfer and Serv-U Secure FTP. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system. Note: this vulnerability does not affect any other SolarWinds or N-able (formerly SolarWinds MSP) products.
The Apache Software Foundation has released a security advisory to address a vulnerability in multiple versions of Tomcat. An attacker could exploit this vulnerability to obtain sensitive information.
Kaseya has released VSA version 9.5.7a for their VSA On-Premises software. This version addresses vulnerabilities that enabled the ransomware attacks on Kaseya’s customers.
CISA strongly urges Kaseya customers closely follow the instructions detailed in the Kaseya security notice and contact Kaseya should they require implementation assistance. Note: the Kaseya security notice includes Startup Runbooks and Hardening and Best Practice Guides for both VSA On-Premises and VSA SaaS.
Malicious cyber actors are actively exploiting a pre-authorization remote code execution vulnerability (CVE-2021-35464) in ForgeRock Access Management—a commercial open access management solution that is based on OpenAM, an open-source access management solution. An attacker exploiting this vulnerability can execute commands in the context of the current user. The vulnerability affects Access Management versions 6.0.0.x, 6.5.0.x, 6.5.1, 6.5.2.x and 6.5.3 and older unsupported versions.
CISA recommends Access Management users: