Lucene search
K
CisaMost viewed

4188 matches found

CISA
CISA
added 2021/08/04 12:0 a.m.22 views

Google Releases Security Updates for Chrome

Google has released Chrome version 92.0.4515.131 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates. Th...

6.9AI score
Exploits0References1
CISA
CISA
added 2021/07/02 12:0 a.m.22 views

Kaseya VSA Supply-Chain Ransomware Attack

CISA is taking action to understand and address the recent supply-chain ransomware attack against Kaseya VSA and the multiple managed service providers MSPs that employ VSA software. CISA encourages organizations to review the Kaseya advisory and immediately follow their guidance to shutdown VSA...

6.9AI score
Exploits0References1
CISA
CISA
added 2021/04/27 12:0 a.m.22 views

Google Releases Security Updates for Chrome

Google has released Chrome version 90.0.4430.93 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates. Thi...

6.9AI score
Exploits0References1
CISA
CISA
added 2021/03/04 12:0 a.m.22 views

Joint NSA and CISA Guidance on Strengthening Cyber Defense Through Protective DNS

The National Security Agency NSA and CISA have released a Joint Cybersecurity Information CSI sheet with guidance on selecting a protective Domain Name System PDNS service as a key defense against malicious cyber activity. Protective DNS can greatly reduce the effectiveness of ransomware, phishin...

6.8AI score
Exploits0References1
CISA
CISA
added 2021/02/24 12:0 a.m.22 views

Mozilla Releases Security Updates for Thunderbird, Firefox ESR, and Firefox

Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Mozilla security advisories for Firefox 86,...

7.1AI score
Exploits0References3
CISA
CISA
added 2021/01/14 12:0 a.m.22 views

Juniper Networks Releases Security Updates for Multiple Products

Juniper Networks has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to cause take control of an affected system. CISA encourages users and administrators to review the Juniper Networks security advisories...

7.1AI score
Exploits0References1
CISA
CISA
added 2021/01/12 12:0 a.m.22 views

SAP Releases January 2021 Security Updates

SAP has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the SAP Security Notes for January 2021 and apply the necessa...

6.7AI score
Exploits0References1
CISA
CISA
added 2020/11/19 12:0 a.m.22 views

VMware Releases Security Updates for VMware SD-WAN Orchestrator

VMware has released security updates to address multiple vulnerabilities in VMware SD-WAN Orchestrator. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to...

7.1AI score
Exploits0References1
CISA
CISA
added 2020/08/11 12:0 a.m.22 views

Microsoft Releases August 2020 Security Updates

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review...

7.1AI score
Exploits0References2
CISA
CISA
added 2020/02/28 12:0 a.m.22 views

National Consumer Protection Week

National Consumer Protection Week NCPW is March 1–7. This annual event encourages individuals and businesses to learn about their consumer rights and how to keep themselves secure. The Federal Trade Commission FTC and its NCPW partners provide free resources to protect consumers from fraud, scams...

6.9AI score
Exploits0References4
CISA
CISA
added 2019/12/02 12:0 a.m.22 views

CISA Releases Draft of Binding Operational Directive on Developing a Vulnerability Disclosure Policy

The Cybersecurity and Infrastructure Security Agency CISA has released a draft of Binding Operational Directive BOD 20-01, Develop and Publish a Vulnerability Disclosure Policy. BOD 20-01 will require each federal agency to publish a vulnerability disclosure policy VDP. CISA has posted the draft...

6.6AI score
Exploits0References2
CISA
CISA
added 2019/08/13 12:0 a.m.22 views

Intel Releases Security Updates

Intel has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to gain an escalation of privileges on a previously infected machine. The Cybersecurity and Infrastructure Security Agency CISA encourages users and...

7.6AI score
Exploits0References7
CISA
CISA
added 2019/03/14 12:0 a.m.22 views

Microsoft Releases Security Update for Azure Linux Guest Agent

Microsoft has released an update to address a vulnerability in Azure Linux Guest Agent. An attacker could exploit this vulnerability to obtain access to sensitive information. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the Microsoft...

4CVSS1.9AI score0.05255EPSS
Exploits0References1
CISA
CISA
added 2019/01/24 12:0 a.m.22 views

CISA Releases Blog on Emergency Directive

The U.S. Department of Homeland Security DHS Cybersecurity and Infrastructure Security Agency CISA Director Christopher Krebs, has released a blog, titled “Why CISA Issued Our First Emergency Directive,” to explain considerations in issuing Emergency Directive 19-01 on January 22, 2019. The...

6.8AI score
Exploits0References3
CISA
CISA
added 2018/12/11 12:0 a.m.22 views

Microsoft Releases December 2018 Security Updates

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker could exploit some of these vulnerabilities to obtain access to sensitive information. The National Cybersecurity and Communications Integration Center NCCIC, part of the Cybersecurity and...

6.8AI score
Exploits0References2
CISA
CISA
added 2018/08/21 12:0 a.m.22 views

Ghostscript Vulnerability

NCCIC is aware of a Ghostscript vulnerability affecting various vendors. An attacker could exploit this vulnerability to take control of an affected system. NCCIC encourages users and administrators to review the Vulnerability Note VU332928, apply the necessary workarounds, and refer to vendors f...

6.8AI score
Exploits0References1
CISA
CISA
added 2017/07/21 12:0 a.m.22 views

IBM Cisco Security Update

IBM has released a security update to address some vulnerabilities in its IBM Cisco MDS Series Switches Data Center Network Manager DCNM software. Exploitation of these vulnerabilities may allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators t...

10CVSS9.1AI score0.35388EPSS
Exploits0References1
CISA
CISA
added 2016/06/02 12:0 a.m.22 views

Lenovo Accelerator Application Vulnerability

Lenovo has issued a security advisory to address a vulnerability in the Accelerator Application software. Products affected by this vulnerability include the Lenovo notebook and desktop systems preloaded with the Windows 10 operating system. Exploitation of this vulnerability may allow a remote...

6.9AI score
Exploits0References1
CISA
CISA
added 2012/01/18 12:0 a.m.22 views

Oracle Releases Critical Patch Update for January 2012

Oracle has released its Critical Patch Update for January 2012 to address 78 vulnerabilities across multiple products. This update contains the following security fixes: 2 for Oracle Database Server 1 for Oracle Fusion Middleware 3 for Oracle E-Business Suite 1 for Oracle Supply Chain Products...

4.4CVSS6.2AI score0.00356EPSS
Exploits4References3
CISA
CISA
added 2011/07/21 12:0 a.m.22 views

Foxit Releases Foxit Reader 5.0.2

The Foxit Corporation has released Foxit Reader 5.0.2 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the security release notes for Foxit Reader 5.0.2 and apply any necessary updates...

7.7AI score
Exploits0References1
CISA
CISA
added 2011/02/10 12:0 a.m.22 views

Google Releases Chrome 9.0.597.95

Google has released Chrome 9.0.597.95 for all platforms to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. This update also includes a recently released version of Adobe Flash Player th...

7.9AI score
Exploits0References1
CISA
CISA
added 2010/09/23 12:0 a.m.22 views

Cisco Releases Security Advisories

Cisco has released six security advisories to address vulnerabilities affecting the Cisco IOS Software and the Cisco Unified Communications Manager. Exploitation of these vulnerabilities may allow an attacker to cause a denial-of-service condition. US-CERT encourages users and administrators to...

6.8AI score
Exploits0References6
CISA
CISA
added 2025/03/18 12:0 p.m.21 views

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-24472link is external Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability CVE-2025-30066link is external tj-actions/changed-files GitHub Action...

8.6CVSS7.6AI score0.41008EPSS
Exploits2References7
CISA
CISA
added 2025/01/13 12:0 p.m.21 views

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-12686link is external BeyondTrust Privileged Remote Access PRA and Remote Support RS OS Command Injection Vulnerability CVE-2023-48365link is external Qlik Sen...

9.9CVSS7.8AI score0.24676EPSS
Exploits0References7
CISA
CISA
added 2024/12/03 12:0 p.m.21 views

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-45727link is external North Grid Proself Improper Restriction of XML External Entity XEE Reference Vulnerability CVE-2024-11680link is external ProjectSend...

9.8CVSS8.9AI score0.99698EPSS
Exploits22References11
CISA
CISA
added 2024/08/21 12:0 p.m.21 views

CISA Adds Four Known Exploited Vulnerabilities to Catalog

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2021-33044link is external Dahua IP Camera Authentication Bypass Vulnerability CVE-2021-33045link is external Dahua IP Camera Authentication Bypass Vulnerability...

10CVSS7.9AI score0.99871EPSS
Exploits27References9
CISA
CISA
added 2023/10/04 12:0 p.m.21 views

CISA Adds Two Known Exploited Vulnerabilities to Catalog, Removes Five KEVs

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation: CVE-2023-42793 JetBrains TeamCity Authentication Bypass Vulnerability CVE-2023-28229 Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability Thes...

9.8CVSS8.3AI score0.99979EPSS
Exploits22References12
CISA
CISA
added 2023/09/21 12:0 p.m.21 views

ISC Releases Security Advisories for BIND 9

The Internet Systems Consortium ISC has released security advisories to address vulnerabilities affecting ISC’s Berkeley Internet Name Domain BIND 9. A malicious cyber actor could exploit these vulnerabilities to cause denial-of-service conditions. CISA encourages users and administrators to revi...

7.5CVSS8.1AI score0.02626EPSS
Exploits0References2
CISA
CISA
added 2023/08/24 12:0 p.m.21 views

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-38831 RARLAB WinRAR Code Execution Vulnerability CVE-2023-32315 Ignite Realtime Openfire Path Traversal Vulnerability These types of vulnerabilities are freque...

8.6CVSS7.9AI score0.99999EPSS
Exploits64References9
CISA
CISA
added 2022/12/16 12:0 a.m.21 views

FBI, FDA OCI, and USDA Release Joint Cybersecurity Advisory Regarding Business Email Compromise Schemes Used to Steal Food

The Federal Bureau of Investigation FBI, the Food and Drug Administration Office of Criminal Investigations FDA OCI, and the U.S. Department of Agriculture USDA have released a joint Cybersecurity Advisory CSA detailing recently observed incidents of criminal actors using business email compromis...

Exploits0References1
CISA
CISA
added 2022/10/20 12:0 a.m.21 views

CISA Requests for Comment on Microsoft 365 Security Configuration Baselines

CISA has issued requests for comment RFCs on eight Microsoft 365 security configuration baselines as part of the Secure Cloud Business Application SCuBA project to secure federal civilian executive branch agencies’ FCEB cloud environments. The baselines: • Build on and integrate previous security...

1.5AI score
Exploits0References3
CISA
CISA
added 2022/08/29 12:0 a.m.21 views

CISA Releases 12 Industrial Control Systems Advisories

CISA has released 12 Industrial Control Systems ICS advisories on August 30, 2022. These advisories provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for...

Exploits0References12
CISA
CISA
added 2022/03/24 12:0 a.m.21 views

State-Sponsored Russian Cyber Actors Targeted Energy Sector from 2011 to 2018

CISA, the Federal Bureau of Investigation, and the Department of Energy have released a joint Cybersecurity Advisory CSA detailing campaigns conducted by state-sponsored Russian cyber actors from 2011 to 2018 that targeted U.S. and international Energy Sector organizations. The CSA highlights...

1.9AI score
Exploits0References3
CISA
CISA
added 2022/01/27 12:0 a.m.21 views

FBI Releases PIN on Iranian Cyber Group Emennet Pasargad

The Federal Bureau of Investigation FBI has released a Private Industry Notification PIN that provides a historical overview of Iran-based cyber company Emennet Pasargad’s tactics, techniques, and procedures to enable readers to identify and defend against the group’s malicious cyber activities...

6.8AI score
Exploits0References1
CISA
CISA
added 2022/01/12 12:0 a.m.21 views

CNMF Identifies and Discloses Malware used by Iranian APT MuddyWater

U.S. Cyber Command’s Cyber National Mission Force CNMF has identified multiple open-source tools used by an Iranian advanced persistent threat APT group known as MuddyWater. According to CNMF, “MuddyWater has been seen using a variety of techniques to maintain access to victim networks. These...

7AI score
Exploits0References2
CISA
CISA
added 2021/08/25 12:0 a.m.21 views

F5 Releases August 2021 Security Advisory

F5 has released a security advisory on vulnerabilities affecting multiple versions of BIG-IP and BIG-IQ for August 2021. CISA encourages users and administrators to review the F5 security advisory and install updated software or apply the necessary mitigations as soon as possible. This product is...

7AI score
Exploits0References2
CISA
CISA
added 2021/08/10 12:0 a.m.21 views

Mozilla Releases Security Updates for Firefox

Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Mozilla Security Advisory for Firefox 91...

7.1AI score
Exploits0References3
CISA
CISA
added 2021/07/28 12:0 a.m.21 views

Top Routinely Exploited Vulnerabilities

CISA, the Australian Cyber Security Centre ACSC, the United Kingdom’s National Cyber Security Centre NCSC, and the U.S. Federal Bureau of Investigation FBI have released the Joint Cybersecurity Advisory Top Routinely Exploited Vulnerabilities, which details the top vulnerabilities routinely...

6.8AI score
Exploits0References2
CISA
CISA
added 2021/06/02 12:0 a.m.21 views

Mozilla Releases Security Updates for Firefox

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Mozilla Security Advisory for Firefox 89 and Firefox E...

7.2AI score
Exploits0References2
CISA
CISA
added 2021/05/11 12:0 a.m.21 views

Microsoft Releases May 2021 Security Updates

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s May 2021 Security Update Summary and Deployme...

7.2AI score
Exploits0References2
CISA
CISA
added 2021/04/15 12:0 a.m.21 views

Google Releases Security Updates for Chrome

Google has updated the stable channel for Chrome to 90.0.4430.72 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the Chrome release and apply the necessary...

7AI score
Exploits0References1
CISA
CISA
added 2021/04/06 12:0 a.m.21 views

Malicious Cyber Activity Targeting Critical SAP Applications

SAP systems running outdated or misconfigured software are exposed to increased risks of malicious attacks. SAP applications help organizations manage critical business processes—such as enterprise resource planning, product lifecycle management, customer relationship management, and supply chain...

6.3AI score
Exploits0References6
CISA
CISA
added 2021/03/23 12:0 a.m.21 views

Adobe Releases Security Updates for ColdFusion

Adobe has released security updates to address a vulnerability affecting ColdFusion. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review Adobe Security Bulletin APSB21-16 and apply the necessary updates. This produ...

6.4AI score
Exploits0References1
CISA
CISA
added 2021/03/18 12:0 a.m.21 views

Cisco Releases Security Updates

Cisco has released security updates to address a vulnerability in Cisco Small Business routers. A remote attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review Cisco Advisory cisco-sa-rv-132w134w-overflow-Pptt4H2p and...

6.8AI score
Exploits0References1
CISA
CISA
added 2021/03/06 12:0 a.m.21 views

Microsoft IOC Detection Tool for Exchange Server Vulnerabilities

Microsoft has released an updated script that scans Exchange log files for indicators of compromise IOCs associated with the vulnerabilities disclosed on March 2, 2021. CISA is aware of widespread domestic and international exploitation of these vulnerabilities and strongly recommends organizatio...

6.8AI score
Exploits0References9
CISA
CISA
added 2021/02/26 12:0 a.m.21 views

NSA Releases Guidance on Zero Trust Security Model

The National Security Agency NSA has released Cybersecurity Information Sheet: Embracing a Zero Trust Security Model, which provides information about, and recommendations for, implementing Zero Trust within networks. The Zero Trust security model is a coordinated system management strategy that...

6.6AI score
Exploits0References2
CISA
CISA
added 2021/01/21 12:0 a.m.21 views

CERT/CC and CISA Report Multiple Vulnerabilities in Dnsmasq

CISA and the CERT Coordination Center CERT/CC are aware of multiple vulnerabilities affecting Dnsmasq version 2.82 and prior. Dnsmasq is a widely-used, open-source software that provides Domain Name Service forwarding and caching and is common in Internet-of-Things IoT and other embedded devices....

7AI score
Exploits0References2
CISA
CISA
added 2020/12/02 12:0 a.m.21 views

Xerox Releases Security Updates for DocuShare

Xerox has released security updates for DocuShare 6.6.1, 7.0, and 7.5 to address a vulnerability that could allow an unauthenticated attacker to obtain sensitive information. The Cybersecurity and Infrastructure Security Agency CISA urges users and administrators review Xerox Mini Bulletin XRX20W...

6.8AI score
Exploits0References1
CISA
CISA
added 2020/11/24 12:0 a.m.21 views

Online Holiday Shopping Scams

With more commerce occurring online this year, and with the holiday season upon us, the Cybersecurity and Infrastructure Security Agency CISA reminds shoppers to remain vigilant. Be especially cautious of fraudulent sites spoofing reputable businesses, unsolicited emails purporting to be from...

6.7AI score
Exploits0References8
CISA
CISA
added 2020/10/28 12:0 a.m.21 views

Ransomware Activity Targeting the Healthcare and Public Health Sector

The Cybersecurity and Infrastructure Security Agency CISA, the Federal Bureau of Investigation FBI, and the U.S. Department of Health and Human Services HHS have credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers. CISA, FBI, and HHS have...

6.6AI score
Exploits0References3
Total number of security vulnerabilities4188