The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

Drupal Releases Security Updates

Drupal has released security updates to address vulnerabilities in Drupal 7.x, 8.8.x, 8.9.x, and 9.0.x. An attacker could exploit some of these vulnerabilities to obtain sensitive information or leverage the way HTML is rendered.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Drupal security updates and apply the necessary updates:

Apple Releases Security Updates

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates:

Adobe Releases Security Update for Media Encoder

Adobe has released a security update to address vulnerabilities in Media Encoder. An attacker could exploit these vulnerabilities to obtain sensitive information.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Adobe Security Bulletin and apply the necessary update.

Iran-Based Threat Actor Exploits VPN Vulnerabilities

The Cybersecurity Security and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released a Joint Cybersecurity Advisory on an Iran-based malicious cyber actor targeting several U.S. federal agencies and other U.S.-based networks. This Advisory analyzes the threat actor’s indicators of compromise (IOCs); and tactics, techniques, and procedures (TTPs); and exploited Common Vulnerabilities and Exposures (CVEs).

CISA encourages users and administrators to review the following resources for more information.

Exploit for Netlogon Remote Protocol Vulnerability, CVE-2020-1472

The Cybersecurity and Infrastructure Security Agency (CISA) is aware of publicly available exploit code for CVE-2020-1472, an elevation of privilege vulnerability in Microsoft’s Netlogon. Although Microsoft provided patches for CVE-2020-1472 in August 2020, unpatched systems will be an attractive target for malicious actors. Attackers could exploit this vulnerability to obtain domain administrator access.

Chinese Government-affiliated Malicious Cyber Actors Targeting U.S. Government Agencies

The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) have issued an advisory about Chinese Ministry of State Security (MSS)-affiliated cyber threat actors targeting U.S. government agencies. Through the National Cybersecurity Protection System, CISA has observed Chinese MSS-affiliated cyber threat actors operating from the People’s Republic of China using commercially available information sources and open-source exploitation tools.