Category: NCTC Resources

Source: US Department of Homeland Security

CVE-2023-3519 Citrix

NetScaler ADC and NetScaler Gateway:

13.1 before 13.1-49.13 

13.0 before 13.0-91.13 

NetScaler ADC:

13.1-FIPS before 13.1-37.159

12.1-FIPS before 12.1-55.297

12.1-NDcPP before 12.1-55.297

Citrix ADC and Citrix Gateway Security Bulletin for CVE-2023-3519, CVE-2023-3466, CVE-2023-3467

Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells

Critical Security Update for NetScaler ADC and NetScaler Gateway

CVE-2023-4966 Citrix

NetScaler ADC and NetScaler Gateway:

14.1 before 14.1-8.50

13.1 before 13.1-49.15

13.0 before 13.0-92.19

NetScaler ADC:

13.1-FIPS before 13.1-37.164

12.1-FIPS before 12.1-55.300

12.1-NDcPP before 12.1-55.300

NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-4966 and CVE-2023-4967

#StopRansomware: LockBit 3.0 Ransomware Affiliates Exploit CVE 2023-4966 Citrix Bleed Vulnerability

Critical Security Update for NetScaler ADC and NetScaler Gateway

CVE-2023-20198 Cisco Any Cisco IOS XE Software with web UI feature enabled Multiple Vulnerabilities in Cisco IOS XE Software Web UI Feature Guidance for Addressing Cisco IOS XE Web UI Vulnerabilities CVE-2023-27997 Fortinet

FortiOS-6K7K versions:

7.0.10, 7.0.5, 6.4.12

6.4.10, 6.4.8, 6.4.6, 6.4.2

6.2.9 through 6.2.13

6.2.6 through 6.2.7

6.2.4

6.0.12 through 6.0.16

6.0.10

Heap buffer overflow in sslvpn pre-authentication   CVE-2023-34362 Progress

MOVEit Transfer:

2023.0.0 (15.0)

2022.1.x (14.1)

2022.0.x (14.0)

2021.1.x (13.1)

2021.0.x (13.0)

2020.1.x (12.1)

2020.0.x (12.0) or older MOVEit Cloud

MOVEit Transfer Critical Vulnerability #StopRansomware: CL0P Ransomware Gang Exploits CVE-2023-34362 MOVEit Vulnerability CVE-2023-22515 Atlassian

8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4

8.1.0, 8.1.1, 8.1.3, 8.1.4

8.2.0, 8.2.1, 8.2.2, 8.2.38.3.0, 8.3.1, 8.3.2

8.4.0, 8.4.1, 8.4.28.5.0, 8.5.1

Broken Access Control Vulnerability in Confluence Data Center and Server Threat Actors Exploit Atlassian Confluence CVE-2023-22515 for Initial Access to Networks

CVE-2021- 44228

(Log4Shell)

Apache

Log4j, all versions from 2.0-beta9 to 2.14.1

For other affected vendors and products, see CISA’s GitHub repository.

Apache Log4j Security Vulnerabilities

For additional information, see joint advisory: Mitigating Log4Shell and Other Log4j-Related Vulnerabilities

Malicious Cyber Actors Continue to Exploit Log4Shell in VMware Horizon Systems CVE-2023-2868 Barracuda Networks 5.1.3.001 through 9.2.0.006 Barracuda Email Security Gateway Appliance (ESG) Vulnerability   CVE-2022-47966 Zoho Multiple products, multiple versions. (For more details, see Security advisory for remote code execution vulnerability in multiple ManageEngine products) Security advisory for remote code execution vulnerability in multiple ManageEngine products   CVE-2023-27350 PaperCut

PaperCut MF or NG version 8.0 or later (excluding patched versions) on all OS platforms. This includes:

version 8.0.0 to 19.2.7 (inclusive)

version 20.0.0 to 20.1.6 (inclusive)

version 21.0.0 to 21.2.10 (inclusive)

version 22.0.0 to 22.0.8 (inclusive)

URGENT MF/NG vulnerability bulletin (March 2023) Malicious Actors Exploit CVE-2023-27350 in PaperCut MF and NG CVE-2020-1472 Microsoft Netlogon Netlogon Elevation of Privilege Vulnerability Russian Military Cyber Actors Target U.S. and Global Critical Infrastructure CVE-2023-23397 Microsoft Outlook Microsoft Outlook Elevation of Privilege Vulnerability Russian Cyber Actors Use Compromised Routers to Facilitate Cyber Operations CVE-2023-49103 ownCloud graphapi Disclosure of Sensitive Credentials and Configuration in Containerized Deployments   CVE-2023-20273 Cisco Cisco IOS XE Software with web UI feature enabled Multiple Vulnerabilities in Cisco IOS XE Software Web UI Feature Guidance for Addressing Cisco IOS XE Web UI Vulnerabilities CVE-2023-42793 JetBrains In JetBrains TeamCity before 2023.05.4 CVE-2023-42793 Vulnerability in TeamCity: Post-Mortem Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally CVE-2023-22518 Atlassian All versions of Confluence Data Cetner and Confluence Server Improper Authorization in Confluence Data Center and Server   CVE-2023-29492 — — —   CVE-2021-27860  FatPipe

WARP, MPVPN, IPVPN

10.1.2 and 10.2.2

FatPipe CVE List   CVE-2021-40539  Zoho ManageEngine ADSelfService Plus builds up to 6113 Security advisory – ADSelfService Plus authentication bypass vulnerability

ACSC Alert:

Critical vulnerability in ManageEngine ADSelfService Plus exploited by cyber actors

CVE-2023-0669 Fortra GoAnywhere versions 2.3 through 7.1.2 Fortra deserialization RCE #StopRansomware: CL0P Ransomware Gang Exploits CVE-2023-34362 MOVEit Vulnerability CVE-2021-22986 F5

BIG-IP versions:

16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3 and BIG-IQ 7.1.0.x before 7.1.0.3 and 7.0.0.x before 7.0.0.2

K03009991: iControl REST unauthenticated remote command execution vulnerability CVE-2021-22986   CVE-2019-0708 Microsoft Remote Desktop Services Remote Desktop Services Remote Code Execution Vulnerability   CVE-2018-13379 Fortinet FortiOS and FortiProxy 2.0.2, 2.0.1, 2.0.0, 1.2.8, 1.2.7, 1.2.6, 1.2.5, 1.2.4, 1.2.3, 1.2.2, 1.2.1, 1.2.0, 1.1.6 FortiProxy – system file leak through SSL VPN special crafted HTTP resource requests   CVE-2023-35078  Ivanti

All supported versions of Endpoint Manager Mobile (EPMM), including:

Version 11.4 releases 11.10, 11.9 and 11.8

CVE-2023-35078 – New Ivanti EPMM Vulnerability Threat Actors Exploiting Ivanti EPMM Vulnerabilities CVE-2023-35081  Ivanti All supported versions of Endpoint Manager Mobile (EPMM), including 11.10, 11.9 and 11.8 CVE-2023-35081 – Remote Arbitrary File Write Threat Actors Exploiting Ivanti EPMM Vulnerabilities CVE-2023-36844 Juniper

Juniper Networks Junos OS on SRX Series and EX Series:

All versions prior to 20.4R3-S9;

21.1 version 21.1R1 and later versions;

21.2 versions prior to 21.2R3-S7;

21.3 versions prior to 21.3R3-S5;

21.4 versions prior to 21.4R3-S5;

22.1 versions prior to 22.1R3-S4;

22.2 versions prior to 22.2R3-S2;

22.3 versions prior to 22.3R2-S2, 22.3R3-S1;

22.4 versions prior to 22.4R2-S1, 22.4R3;

23.2 versions prior to 23.2R1-S1, 23.2R2.

2023-08 Out-of-Cycle Security Bulletin: Junos OS: SRX Series and EX Series: Multiple vulnerabilities in J-Web can be combined to allow a preAuth Remote Code Execution   CVE-2023-36845 Juniper

Juniper Networks Junos OS on SRX Series and EX Series:

All versions prior to 20.4R3-S9;

21.1 version 21.1R1 and later versions;

21.2 versions prior to 21.2R3-S7;

21.3 versions prior to 21.3R3-S5;

21.4 versions prior to 21.4R3-S5;

22.1 versions prior to 22.1R3-S4;

22.2 versions prior to 22.2R3-S2;

22.3 versions prior to 22.3R2-S2, 22.3R3-S1;

22.4 versions prior to 22.4R2-S1, 22.4R3;

23.2 versions prior to 23.2R1-S1, 23.2R2.

2023-08 Out-of-Cycle Security Bulletin: Junos OS: SRX Series and EX Series: Multiple vulnerabilities in J-Web can be combined to allow a preAuth Remote Code Execution   CVE-2023-36846 Juniper

Juniper Networks Junos OS on SRX Series and EX Series:

All versions prior to 20.4R3-S9;

21.1 version 21.1R1 and later versions;

21.2 versions prior to 21.2R3-S7;

21.3 versions prior to 21.3R3-S5;

21.4 versions prior to 21.4R3-S5;

22.1 versions prior to 22.1R3-S4;

22.2 versions prior to 22.2R3-S2;

22.3 versions prior to 22.3R2-S2, 22.3R3-S1;

22.4 versions prior to 22.4R2-S1, 22.4R3;

23.2 versions prior to 23.2R1-S1, 23.2R2.

2023-08 Out-of-Cycle Security Bulletin: Junos OS: SRX Series and EX Series: Multiple vulnerabilities in J-Web can be combined to allow a preAuth Remote Code Execution   CVE-2023-36847 Juniper

Juniper Networks Junos OS on SRX Series and EX Series:

All versions prior to 20.4R3-S9;

21.1 version 21.1R1 and later versions;

21.2 versions prior to 21.2R3-S7;

21.3 versions prior to 21.3R3-S5;

21.4 versions prior to 21.4R3-S5;

22.1 versions prior to 22.1R3-S4;

22.2 versions prior to 22.2R3-S2;

22.3 versions prior to 22.3R2-S2, 22.3R3-S1;

22.4 versions prior to 22.4R2-S1, 22.4R3;

23.2 versions prior to 23.2R1-S1, 23.2R2.

2023-08 Out-of-Cycle Security Bulletin: Junos OS: SRX Series and EX Series: Multiple vulnerabilities in J-Web can be combined to allow a preAuth Remote Code Execution   CVE-2023-41064  Apple

Versions prior to:

iOS 16.6.1 and iPadOS 16.6.1, macOS Monterey 12.6.9, macOS Ventura 13.5.2, iOS 15.7.9 and iPadOS 15.7.9, macOS Big Sur 11.7.10

About the security content of iOS 16.6.1 and iPadOS 16.6.1

About the security content of macOS Ventura 13.5.2

About the security content of iOS 15.7.9 and iPadOS 15.7.9

About the security content of macOS Monterey 12.6.9

About the security content of macOS Big Sur 11.7.10

  CVE-2023-41061 Apple Versions prior to:
watchOS 9.6.2, iOS 16.6.1 and iPadOS 16.6.1

About the security content of watchOS 9.6.2

About the security content of iOS 16.6.1 and iPadOS 16.6.1

  CVE-2021-22205 GitLab All versions starting from 11.9 RCE when removing metadata with ExifTool   CVE-2019-11510 Ivanti Pulse Secure Pulse Connect Secure versions, 9.0R1 to 9.0R3.3, 8.3R1 to 8.3R7, and 8.2R1 to 8.2R12 SA44101 – 2019-04: Out-of-Cycle Advisory: Multiple vulnerabilities resolved in Pulse Connect Secure / Pulse Policy Secure 9.0RX   CVE-2023-6448  Unitronics

VisiLogic versions before

9.9.00

Unitronics Cybersecurity Advisory 2023-001: Default administrative password   CVE-2017-6742 Cisco Simple Network Management Protocol subsystem of Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.2 through 3.17 SNMP Remote Code Execution Vulnerabilities in Cisco IOS and IOS XE Software   CVE-2021-4034 Red Hat

Red Hat Enterprise Linux 6

Red Hat Enterprise Linux 7

Red Hat Enterprise Linux 8

Red Hat Virtualization 4

Any Red Hat product supported on Red Hat Enterprise Linux (including RHEL CoreOS) is also potentially impacted.

RHSB-2022-001 Polkit Privilege Escalation – (CVE-2021-4034) Joint CSA: Russian Military Cyber Actors Target U.S. and Global Critical Infrastructure CVE-2021-26084 Atlassian Confluence Server and Data Center, versions 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5. Jira Atlassian: Confluence Server Webwork OGNL injection – CVE-2021-26084 Joint CSA: Russian Military Cyber Actors Target U.S. and Global Critical Infrastructure CVE-2021-33044 Dahua Various products — Joint CSA: Russian Military Cyber Actors Target U.S. and Global Critical Infrastructure CVE-2021-33045 Dahua Various products — Joint CSA: Russian Military Cyber Actors Target U.S. and Global Critical Infrastructure CVE-2022-3236 Sophos Sophos Firewall v19.0 MR1 (19.0.1) and older Resolved RCE in Sophos Firewall (CVE-2022-3236) Joint CSA: Russian Military Cyber Actors Target U.S. and Global Critical Infrastructure CVE-2022-26134 Atlassian Confluence Server and Data Center, versions: 7.4.17, 7.13.7, 7.14.3, 7.15.2, 7.16.4, 7.17.4, 7.18.1 Confluence Security Advisory 2022-06-02 Joint CSA: Russian Military Cyber Actors Target U.S. and Global Critical Infrastructure CVE-2022-41040 Microsoft Microsoft Exchange servers Microsoft Exchange Server Elevation of Privilege Vulnerability   CVE-2023-38831 RARLAB WinRAR Versions prior to 6.23 Beta 1 WinRAR 6.23 Beta 1 Released   CVE-2019-18935 Progress Telerik Telerik.Web.UI.dll versions: Allows JavaScriptSerializer Deserialization Threat Actors Exploit Progress Telerik Vulnerabilities in Multiple U.S. Government IIS Servers CVE-2021-34473 Microsoft

Exchange Server, Multiple Versions:

Q1 2011 (2011.1.315) to R2 2017 SP1 (2017.2.621)

R2 2017 SP2 (2017.2.711) to R3 2019 (2019.3.917)

R3 2019 SP1 (2019.3.1023)

R1 2020 (2020.1.114) and later

Microsoft Exchange Server Remote Code Execution Vulnerability, CVE-2021-34473 Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activities

Source: US Department of Homeland Security

In November CISA asks all Americans to “Resolve to be Resilient”

WASHINGTON – Today, the Cybersecurity and Infrastructure Security Agency (CISA) announced the kickoff of Critical Infrastructure Security and Resilience (CISR) Month. The safety and security of the nation depends on the ability of critical infrastructure owners and operators to prepare for and adapt to changing conditions and to withstand and recover rapidly from disruptions. That’s why this November we are continuing with our enduring theme of Resolve to be Resilient.

“We must build resilience into our preparedness planning year-around,” said Dr. David Mussington, CISA’s Executive Assistant Director for Infrastructure Security. “It’s a whole of community responsibility to prepare and secure the nation’s critical infrastructure and protect the vital services it provides, so when something does happen, we are better able to respond to and recover from any impacts.”

Throughout November, we’ll highlight how critical infrastructure organizations can integrate the following practices to help make our critical infrastructure secure, resilient, and able to bounce back quickly and build back stronger when disruptions occur:

• Know Your Infrastructure and Dependencies. Organizations should identify their most critical systems and assets for their operations and understand potential dependencies on other infrastructure systems and assets that enable the continuity of their own operations.
• Assess Your Risks. Consider the full range of threats and hazards that could disrupt your organization’s infrastructure operations and evaluate specific vulnerabilities and consequences the threats and hazards could pose.
• Make Actionable Plans. Organizations should develop both a strategic risk management plan to reduce the risks and vulnerabilities identified and an actionable incident response and recovery plan to help withstand and rapidly restore operations within minimal downtime.
• Measure Progress to Continuously Improve. Exercise incident response and recovery plans under realistic conditions and periodically evaluate and update strategic plans. An organization’s ability to proactively prepare for and adapt to changing risk conditions starts with fostering a culture of continuous improvement, based on lessons learned from exercises and real-world incidents.

As a nation, we are grappling with continued cyber and physical threats to critical infrastructure Americans rely on every day. We have seen increasing threats of violence; extended, record-breaking heat and destructive weather and fire events; global conflicts with ripple effects around the world, including civil disturbances at home; and rapid advances in technology that enable novel cybersecurity risks.   

CISR Month is CISA’s annual effort to educate and engage all levels of government, infrastructure owners and operators, and the American public about the vital role critical infrastructure plays in the nation’s security and why it is important to strengthen critical infrastructure resilience. Incorporating the resilience strategies above into planning helps protect lives and jobs, keeps communities connected, reduces economic disruptions to supply chains, and encourages innovative solutions to reduce harm to communities.

CISA encourages everyone to explore the resources on our Critical Infrastructure Security and Resilience (CISR) Month webpage, which includes a toolkit and social media graphics. In addition, be sure to follow us on social media and join the #BeResilient conversation.  

###

About CISA 

As the nation’s cyber defense agency and national coordinator for critical infrastructure security, the Cybersecurity and Infrastructure Security Agency leads the national effort to understand, manage, and reduce risk to the digital and physical infrastructure Americans rely on every hour of every day.

Visit CISA.gov for more information and follow us on X, Facebook, LinkedIn, Instagram

Source: US Department of Homeland Security

WASHINGTON – Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly issued the following statement today on the security of the 2024 elections:

Over the past several weeks, citizens across our country came together to participate in our nation’s sacred democratic process by casting their ballots in the 2024 elections. I want to express my deep gratitude to the state and local election officials and the hundreds of thousands of Americans who served as poll workers yesterday. As the lead federal government agency for election infrastructure security, CISA is proud to call them partners. It is because of their tireless efforts that we can all have confidence in the security and resilience of our elections. 

As we have said repeatedly, our election infrastructure has never been more secure and the election community never better prepared to deliver safe, secure, free, and fair elections for the American people. This is what we saw yesterday in the peaceful and secure exercise of democracy. Importantly, we have no evidence of any malicious activity that had a material impact on the security or integrity of our election infrastructure.

Now, election officials will carry out their duty to certify the results and ensure that every eligible vote has been counted as cast. The United States government supported these partners throughout the election, bringing the full range of capabilities to bear in securing systems and pushing back against malicious actors seeking to disrupt our process and influence our election. CISA will continue to support our state and local partners as they move toward their certification deadlines and the official outcome of the 2024 elections.

###

About CISA 

As the nation’s cyber defense agency and national coordinator for critical infrastructure security, the Cybersecurity and Infrastructure Security Agency leads the national effort to understand, manage, and reduce risk to the digital and physical infrastructure Americans rely on every hour of every day.

Visit CISA.gov for more information and follow us on X, Facebook, LinkedIn, Instagram. 

Source: US Department of Homeland Security

WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA) and the U.S. Election Assistance Commission (EAC) issued the following statement today.

“Tens of millions of Americans will cast their ballot tomorrow as we elect the next President and Vice President of the United States, as well as decide numerous congressional, state, and local races.  None of this would be possible without the hard work and dedication of state and local election officials in all 50 states, the District of Columbia, and the territories.  They have been working for years to get ready for tomorrow, and they will continue working long after the polls close in the evening.  They are the heroes of our democracy, and CISA and the EAC are proud to support them.

“We appreciate the partnership of the National Association of Secretaries of State and National Association of State Election Directors.  These organizations represent election officials serving every American.  We echo the sentiment in the statement they issued today.”

The full statement issued by NASS and NASED is as follows:

“We are proud to represent state and territorial election officials in all 50 states, the District of Co­lumbia, and the five U.S. territories. Election officials make it possible for Americans to safely and securely participate in tomorrow’s general election. Planning for tomorrow’s election began four years ago, and the election community is prepared. Our members, along with their colleagues at the local level, have devoted extensive time, energy and resources to safeguard America’s elec­tions.

“As with any Election Day, it is important to note operational issues may arise: for example, voting locations could open late, there could be lines during busy periods, or an area could lose power. These are inevitable challenges that will arise on Election Day, but election officials have contin­gency plans for these and other scenarios. Americans can have confidence the election is secure, and the results will be counted accurately.

“Remember election night results are always unofficial. While the focus on election night is on who won and who lost, those races are called by the media, not election officials. In the days and weeks to come, election officials will count every eligible ballot, including ballots cast in-person on or before Election Day, mail ballots, provisional ballots, and ballots cast by military and overseas voters. Accurately counting millions of ballots takes time and it is important to be patient. Some races will be close and may require a recount or a recanvass. Many election officials will also con­duct audits to verify the accuracy of the results. We implore all Americans to understand these pro­cesses are normal and done in accordance with state and territorial law.

“There are thousands of state and local races on the ballot across the country, in addition to the presidential race. We encourage eligible voters who have not already cast their ballots to do so tomorrow.”

###

About CISA 

As the nation’s cyber defense agency and national coordinator for critical infrastructure security, the Cybersecurity and Infrastructure Security Agency leads the national effort to understand, manage, and reduce risk to the digital and physical infrastructure Americans rely on every hour of every day.

Visit CISA.gov for more information and follow us on X, Facebook, LinkedIn, Instagram. 

Source: US Department of Homeland Security

WASHINGTON, D.C. – Today, the Office of the Director of National Intelligence (ODNI), the Federal Bureau of Investigation (FBI), and the Cybersecurity and Infrastructure Security Agency (CISA) released the following statement:

“The IC assesses that Russian influence actors manufactured a recent video that falsely depicted individuals claiming to be from Haiti and voting illegally in multiple counties in Georgia. This judgment is based on information available to the IC and prior activities of other Russian influence actors, including videos and other disinformation activities. The Georgia Secretary of State has already refuted the video’s claims as false.

Russian influence actors also manufactured a video falsely accusing an individual associated with the Democratic presidential ticket of taking a bribe from a U.S. entertainer.

This Russian activity is part of Moscow’s broader effort to raise unfounded questions about the integrity of the US election and stoke divisions among Americans, as detailed in prior ODNI election updates. In the lead up to election day and in the weeks and months after, the IC expects Russia to create and release additional media content that seeks to undermine trust in the integrity of the election and divide Americans.”

###

Source: US Department of Homeland Security

UFLPA Entity List Will Now Restrict Goods from 78 PRC-Based Companies from Entering the United States

WASHINGTON – Today, the U.S. Department of Homeland Security (DHS) announced the addition of textile companies based in the People’s Republic of China (PRC) to the Uyghur Forced Labor Prevention Act (UFLPA) Entity List. The additions reinforce DHS’s commitment to eradicate forced labor and ensure accountability for the PRC’s ongoing genocide and crimes against humanity against Uyghurs and other religious and ethnic minority groups in the Xinjiang Uyghur Autonomous Region (XUAR).

Effective November 1, 2024, U.S. Customs and Border Protection (CBP) will apply a rebuttable presumption that goods produced by Esquel Group, Guangdong Esquel Textile Co., Ltd., and Turpan Esquel Textile Co., Ltd. will be prohibited from entering the United States. The addition of these textile entities builds on DHS’s Textile Enforcement Plan and demonstrates the FLETF’s commitment to focus on entities in high priority sectors for enforcement under the UFLPA Strategy, including the apparel and cotton and cotton products sectors. In addition to this announcement, Changji Esquel Textile Co., Ltd. will alsobe removed from one section of the UFLPA Entity Lists and added to another. Goods produced by Changji Esquel Textile Co., Ltd. (also known as Changji Yida Textile Co., Ltd.) will continue to be subject to a rebuttable presumption that they are prohibited from entering the United States.

“Through today’s expansion of the Entity List, we enable American businesses to better assess their supply chains and ensure they do not profit, directly or indirectly, from the use of forced labor,” said Secretary of Homeland Security Alejandro N. Mayorkas. “Our Department will continue to aggressively enforce the Uyghur Forced Labor Prevention Act and, in doing so, we stand up for human rights, safeguard a free and fair marketplace, and hold perpetrators accountable.”

The FLETF – chaired by DHS and whose member agencies also include the Office of the U.S. Trade Representative and the U.S. Departments of Commerce, Justice, Labor, State, and the Treasury – has now added 78 entities to the UFLPA Entity List since the UFLPA was signed into law in December 2021. The UFLPA Entity List includes companies that are active in the apparel, agriculture, polysilicon, plastics, chemicals, batteries, household appliances, electronics, seafood and textile sectors, among others. Identifying these additional entities provides U.S. importers with more information to conduct due diligence and examine their supply chains for risks of forced labor to ensure compliance with the UFLPA.

“We are uncompromising in removing forced labor from U.S. supply chains,” said Under Secretary for Policy Robert Silvers, who serves as chair of the Forced Labor Enforcement Task Force. “Our enforcement efforts are yielding results. Our Administration is committed to advancing this momentum and strengthening accountability across global supply chains.”

The FLETF has reasonable cause to believe, based on specific and articulable information, that the below entities meet the criteria for inclusion in the UFLPA Entity List under Section 2(d)(2)(B)(v) of the UFLPA, which identifies facilities and entities that source material from the XUAR or from persons working with the government of XUAR or the Xinjiang Production and Construction Corps for the purposes of the “poverty alleviation” program or the “pairing assistance” program or any other government labor scheme that uses forced labor.

Esquel Group (also known as Esquel China Holdings Limited) is a Hong Kong-based vertically integrated textile and apparel company that engages in cotton research, as well as ginning, spinning, knitting, weaving of cotton and cotton products, in the production of textiles, apparel and accessories, including packaging and merchandising of these products. Esquel Group includes a variety of subsidiaries also involved in cotton, textile, clothing, and other products manufacturing, production, and sales, including Changji Esquel Textile Co., Ltd., Turpan Esquel Textile Co., Ltd., and Guangdong Esquel Textile Co., Ltd. The FLETF has reasonable cause to believe, based on specific and articulable information, including publicly available information, that Esquel Group sources cotton from the XUAR. The FLETF therefore determined that the activities of Esquel Group satisfy the criteria for addition to the UFLPA Entity List described in Section 2(d)(2)(B)(v).

Guangdong Esquel Textile Co., Ltd. is a company based in Foshan City, Guangdong Province, that is engaged in the manufacture and processing of textiles and apparel. TheFLETF has reasonable cause to believe, based on specific and articulable information, including publicly available information, that Guangdong Esquel Textile Co., Ltd. sources cotton from the XUAR. The FLETF therefore determined that the activities of Guangdong Esquel Textile Co., Ltd. satisfy the criteria for addition to the UFLPA Entity List described in Section 2(d)(2)(B)(v).

Turpan Esquel Textile Co., Ltd. is a company based in Turpan City, in the XUAR that is engaged in the production and sales of cotton and cotton yarn. The FLETF has reasonable cause to believe, based on specific and articulable information, including publicly available information, that Turpan Esquel Textile Co., Ltd. is sourcing cotton from the XUAR. The FLETF therefore determined that the activities of Turpan Esquel Textile Co., Ltd. satisfy the criteria for addition to the UFLPA Entity List described in Section 2(d)(2)(B)(v).

Changji Esquel Textile Co., Ltd. (also known as Changji Yida Textile Co., Ltd.) is a company based in Changji Prefecture, XUAR that is engaged in production and sales of cotton yarn. The company had been included as one of the original twenty entities named to the UFLPA Entity List in June 2022 as an entity that qualified for inclusion under Section 2(d)(2)(B)(i) of the UFLPA. The FLETF has removed Changji Esquel Textile Co., Ltd. from Section 2(d)(2)(B)(i) of the UFLPA Entity List as the FLETF has determined there is no longer reasonable cause to believe that Changji Esquel Textile Co. meets the criteria described in Section 2(d)(2)(B)(i) of the UFLPA.The FLETF, however, has reasonable cause to believe, based on specific and articulable information, including publicly available information, that Changji Esquel Textile Co., Ltd. sources cotton from the XUAR. The FLETF therefore determined that the activities of Changji Esquel Textile Co., Ltd. satisfy the criteria for addition to the UFLPA Entity List described in Section 2(d)(2)(B)(v).

The bipartisan Uyghur Forced Labor Prevention Act, signed into law by President Joseph R. Biden, Jr., in December 2021, mandates that CBP apply a rebuttable presumption that goods mined, produced, or manufactured wholly or in part in the XUAR or produced by entities identified on the UFLPA Entity List are prohibited from importation into the United States unless the Commissioner of CBP determines, by clear and convincing evidence, that the goods were not produced with forced labor. CBP began enforcing the UFLPA in June 2022. Since then, CBP has reviewed over 9,700 shipments valued at more than $3.5 billion under the UFLPA. Additionally, Homeland Security Investigations, through the DHS Center for Countering Human Trafficking, conducts criminal investigations into those engaging in or otherwise knowingly benefitting from forced labor, and collaborates with international partners to seek justice for victims.

Today’s announcement supports President Biden’s Memorandum on Advancing Worker Empowerment, Rights, and High Labor Standards Globally. The memorandum represents the first whole-of-government approach to advance workers’ rights by directing federal agencies engaged abroad to advance international recognized labor rights, which includes DHS’s work implementing the UFLPA.

You can read more about the FLETF by visiting: https://www.dhs.gov/uflpa  

Source: US Department of Homeland Security

CISA will proactively engage international partners to strengthen the security and resilience of our nation’s critical infrastructure 

WASHINGTON – Today, the Cybersecurity and Infrastructure Security Agency (CISA) released its 2025–2026 International Strategic Plan, the agency’s first, which supports the agency’s first comprehensive strategic plan and aligns with the National Security Memorandum on Critical Infrastructure Security and Resilience. The International Strategic Plan focuses on how CISA will proactively engage international partners to strengthen the security and resilience of our nation’s critical infrastructure.  

“In following this plan, CISA will improve coordination with our partners and strengthen international relationships to reduce risk to the globally interconnected and interdependent cyber and physical infrastructure that Americans rely on every day,” said CISA Director Jen Easterly. 

Since the risks we face are complex, geographically dispersed and do not abide by borders, protecting and securing our cyber and physical infrastructure requires the concerted efforts of public and private partners around the globe. Our International Strategic Plan outlines three goals CISA must achieve to address the ever-changing and dynamic challenges facing America and our international partners: 

• Bolster the Resilience of Foreign Infrastructure on Which the U.S. Depends;  
• Strengthen Integrated Cyber Defense; and  
• Unify Agency Coordination of International Activities.   

Read CISA’s International Strategic Plan to learn more.  

###

About CISA 

As the nation’s cyber defense agency and national coordinator for critical infrastructure security, the Cybersecurity and Infrastructure Security Agency leads the national effort to understand, manage, and reduce risk to the digital and physical infrastructure Americans rely on every hour of every day.

Visit CISA.gov for more information and follow us on X, Facebook, LinkedIn, Instagram. 

Source: US Department of Homeland Security

WASHINGTON – Today, the Cybersecurity and Infrastructure Security Agency (CISA) launched a new one-stop shop website for election threat updates from CISA and our federal government partners. As foreign actors continue their efforts to influence and interfere with the 2024 elections, CISA is ensuring that information about the election threat environment is readily accessible.

Part of the larger #Protect2024 site launched in January, the page aims to make it easier to find specific threat related products that the American public can use to stay informed and the election community can use to prepare, including:

• Joint Statements from CISA, ODNI and FBI on threats to the 2024 election
• ODNI Election Threat Updates
• FBI and CISA “Just So You Know” Joint PSA Series

Since its initial launch, #Protect2024 has quickly grown and serves as the central point for critical resources, training lists and security services to support more than 8,000 election jurisdictions for the 2024 election cycle.

Additional resources will be made available on this page as they are released. For more information, please continue to visit #Protect2024.

###

About CISA

As the nation’s cyber defense agency and national coordinator for critical infrastructure security, the Cybersecurity and Infrastructure Security Agency leads the national effort to understand, manage, and reduce risk to the digital and physical infrastructure Americans rely on every hour of every day.

Visit CISA.gov for more information and follow us on X, Facebook, LinkedIn, Instagram. 

Source: US Department of Homeland Security

WASHINGTON: The U.S. Government is investigating the unauthorized access to commercial telecommunications infrastructure by actors affiliated with the People’s Republic of China. 

 After the FBI identified specific malicious activity targeting the sector, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) immediately notified affected companies, rendered technical assistance, and rapidly shared information to assist other potential victims. The investigation is ongoing, and we encourage any organization that believes it might be a victim to engage its local FBI field office or CISA. 

 Agencies across the U.S. Government are collaborating to aggressively mitigate this threat and are coordinating with our industry partners to strengthen cyber defenses across the commercial communications sector.

###

Source: US Department of Homeland Security