Lucene search
K

8 matches found

Malwarebytes
Malwarebytes
added 2024/02/02 2:18 p.m.41 views

CISA: Disconnect vulnerable Ivanti products TODAY

In an emergency directive, the Cybersecurity and Infrastructure Security Agency CISA has ordered all federal agencies to disconnect all instances of Ivanti Connect Secure and Policy Secure solution products from agency networks no later than 11:59PM on Friday February 2, 2024. Besides the Ivanti...

6.5CVSS7.3AI score0.99999EPSS
Exploits26
Malwarebytes
Malwarebytes
added 2022/10/06 11:0 a.m.10 views

BOD 23-01: Improving asset visibility and vulnerability detection on federal networks

On October 3, 2022, the Cybersecurity and Infrastructure Security Agency CISA issued Binding Operational Directive 23-01 BOD 23-10. This directive requires all Federal Civilian Executive Branch FCEB entities to maintain an inventory of all IPv4- and IPv6-networked assets, perform regular, periodi...

0.9AI score
Exploits0
Qualys Blog
Qualys Blog
added 2022/02/23 5:39 a.m.1210 views

Managing CISA Known Exploited Vulnerabilities with Qualys VMDR

CISA released a directive in November 2021, recommending urgent and prioritized remediation of actively exploited vulnerabilities. Both government agencies and corporations should heed this advice. This blog outlines how Qualys Vulnerability Management, Detection & Response can be used by any...

10CVSS0.6AI score0.99999EPSS
Exploits2416
The Hacker News
The Hacker News
added 2021/12/03 9:23 a.m.58 views

Why Everyone Needs to Take the Latest CISA Directive Seriously

Government agencies publish notices and directives all the time. Usually, these are only relevant to government departments, which means that nobody else really pays attention. It's easy to see why you would assume that a directive from CISA just doesn't relate to your organization. But, in the...

7.8CVSS8.5AI score0.65005EPSS
Exploits8
ThreatPost
ThreatPost
added 2021/11/09 9:41 p.m.92 views

Microsoft Nov. Patch Tuesday Fixes Six Zero-Days, 55 Bugs

Microsoft reported a total of 55 vulnerabilities, six of which are rated critical, with the remaining 49 being rated important. The flaws are found in Microsoft Windows and Windows Components, Azure, Azure RTOS, Azure Sphere, Microsoft Dynamics, Microsoft Edge Chromium-based, Exchange Server,...

9.8CVSS9.2AI score0.99999EPSS
Exploits75References20
The Hacker News
The Hacker News
added 2021/05/04 7:52 a.m.129 views

Critical Patch Out for Critical Pulse Secure VPN 0-Day Under Attack

Ivanti, the company behind Pulse Secure VPN appliances, has released a security patch to remediate a critical security vulnerability that was found being actively exploited in the wild by at least two different threat actors. Tracked as CVE-2021-22893 CVSS score 10, the flaw concerns "multiple us...

10CVSS1.6AI score0.47172EPSS
Exploits9
Schneier on Security
Schneier on Security
added 2020/12/17 8:18 p.m.27 views

More on the SolarWinds Breach

The New York Times has more details. About 18,000 private and government users downloaded a Russian tainted software update -­ a Trojan horse of sorts ­- that gave its hackers a foothold into victims systems, according to SolarWinds, the company whose software was compromised. Among those who use...

0.3AI score
Exploits0
ThreatPost
ThreatPost
added 2020/10/06 7:44 p.m.43 views

Grindr's Bug Bounty Pledge Doesn't Translate to Security

SAS@Home 2020– After a Grindr security flaw was disclosed this week, the dating site promised it would launch a bug-bounty program in an effort to “keep its service secure.” But Katie Moussouris, CEO of Luta Security and a bug bounty program expert, warned at this week’s SAS@home virtual event th...

7.6AI score
Exploits0References15
Rows per page
Query Builder