CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation:

• CVE-2023-42793 JetBrains TeamCity Authentication Bypass Vulnerability
• CVE-2023-28229 Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view other newly added vulnerabilities in the catalog, click on the arrow in the “Date Added to Catalog” column—which will sort by descending dates.

CISA is continually collaborating with partners across government and the private sector. As a result of this collaboration, CISA has concluded that there is insufficient evidence to keep the following five CVEs in the catalog and has removed them:

• CVE-2022-31459 Owl Labs Meeting Owl Inadequate Encryption Strength Vulnerability
• CVE-2022-31460 Meeting Owl Pro and Whiteboard Owl Hard-Coded Credentials Vulnerability
• CVE-2022-31461 Owl Labs Meeting Owl Missing Authentication for Critical Function Vulnerability
• CVE-2022-31462 Owl Labs Meeting Owl Use of Hard-coded Credentials Vulnerability
• CVE-2022-31463 Owl Labs Meeting Owl Improper Authentication Vulnerability

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

This week, CISA and the United Kingdom’s National Cyber Security Centre (UK-NCSC) held the Strategic Dialogue on Cybersecurity of Civil Society Under Threat of Transnational Repression.

The CR911 program is an initiative dedicated to addressing operational cybersecurity challenges faced by ECCs at various levels, including federal, state, local, tribal, and territorial (FSLTT).

For the 20th anniversary of Cybersecurity Awareness Month, CISA is highlighting different ways individuals and organizations can improve their cybersecurity habits to Secure Our World.

Mozilla has released security updates to address vulnerabilities for Thunderbird 115.3, Firefox ESR 115.3, and Firefox 118. A cyber threat actor could exploit these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review Mozilla security advisories for Thunderbird 115.3, Firefox ESR 115.3 and Firefox 118 for more information and apply the necessary updates.

Today, the U.S. National Security Agency (NSA), Federal Bureau of Investigation (FBI), and Cybersecurity and Infrastructure Security Agency (CISA), along with the Japan National Police Agency (NPA) and the Japan National Center of Incident Readiness and Strategy for Cybersecurity (NISC) released joint Cybersecurity Advisory (CSA) People’s Republic of China-Linked Cyber Actors Hide in Router Firmware. The CSA details activity by cyber actors, known as BlackTech, linked to the People’s Republic of China (PRC). The advisory provides BlackTech tactics, techniques, and procedures (TTPs) and urges multinational corporations to review all subsidiary connections, verify access, and consider implementing zero trust models to limit the extent of a potential BlackTech compromise.

BlackTech has demonstrated capabilities in modifying router firmware without detection and exploiting routers’ domain-trust relationships to pivot from international subsidiaries to headquarters in Japan and the United States, which are the primary targets.

CISA strongly recommends organizations review the advisory and implement the detection and mitigation techniques described to protect devices and networks. For additional guidance, see People’s Republic of China State-Sponsored Cyber Actors Exploit Network Providers and Devices and visit CISA’s China Cyber Threat Overview and Advisories page.