Lucene search
K
CisaMost viewed

4188 matches found

CISA
CISA
added 2020/06/19 12:0 a.m.21 views

Microsoft Releases Security Updates for Windows

Microsoft has released security updates to address a vulnerability in Windows 10 version 1903. An attacker could exploit this vulnerability to overwrite or modify a protected file and gain elevated privileges. The Cybersecurity and Infrastructure Security Agency CISA encourages users and...

8.3AI score
Exploits0References1
CISA
CISA
added 2020/05/21 12:0 a.m.21 views

CISA, IRS, USSS, and Treasury Release Joint Alert on Scams Related to Coronavirus Economic Impact Payments

The Cybersecurity and Infrastructure Security Agency CISA, U.S. Department of the Treasury, Internal Revenue Service IRS, and United States Secret Service USSS have released a Joint Alert with mitigations to help Americans avoid scams related to coronavirus economic impact payments—particularly...

6.9AI score
Exploits0References2
CISA
CISA
added 2019/07/30 12:0 a.m.21 views

Steps to Safeguard Against Ransomware Attacks

The Cybersecurity and Infrastructure Security Agency CISA, Multi-State Information Sharing & Analysis Center MS-ISAC, National Governors Association NGA, and the National Association of State Chief Information Officers NASCIO have released a Joint Ransomware Statement with recommendations for sta...

6.5AI score
Exploits0References7
CISA
CISA
added 2019/07/29 12:0 a.m.21 views

Save the Date: 2019 CISA Cybersecurity Summit

The Cybersecurity and Infrastructure Security Agency CISA will be hosting the 2019 CISA Cybersecurity Summit from September 18-20, 2019, at National Harbor, MD. This summit will provide a forum for critical infrastructure stakeholders to discuss current cybersecurity topics, including emerging...

6.9AI score
Exploits0References1
CISA
CISA
added 2018/08/02 12:0 a.m.21 views

FBI Releases Article on Securing the Internet of Things

The Federal Bureau of Investigation FBI has released an article on the risks associated with internet-connected devices, commonly referred to as the Internet of Things IoT. FBI warns that cyber threat actors can use unsecured IoT devices as proxies to anonymously pursue malicious cyber activities...

6.7AI score
Exploits0References2
CISA
CISA
added 2018/07/23 12:0 a.m.21 views

Bluetooth Vulnerability

NCCIC is aware of a vulnerability affecting Bluetooth firmware and operating system software drivers. A remote attacker could exploit this vulnerability to obtain sensitive information. NCCIC encourages users and administrators to review Vulnerability Note VU 304725 for more information and refer...

6.4AI score
Exploits0References1
CISA
CISA
added 2018/06/21 12:0 a.m.21 views

Global Threats to Information Systems

The advanced capabilities of organized hacker groups and cyber threat actors are an increasing global threat to information systems. Rising threat levels place more demands on cybersecurity personnel and network administrators to protect information systems. Protecting network infrastructure is...

6.7AI score
Exploits0References3
CISA
CISA
added 2018/03/29 12:0 a.m.21 views

IC3 Issues Alert on Tech Support Fraud

The Internet Crime Complaint Center IC3 has released an alert on tech support fraud. Tech support fraud involves criminals claiming to provide technical support to fix problems that don't exist. Their methods include placing calls, sending pop-ups, engaging misleading lock screens, and sending...

6.9AI score
Exploits0References3
CISA
CISA
added 2018/02/01 12:0 a.m.21 views

IC3 Warns of Impersonation Scams

The Internet Crime Complaint Center IC3 has released an alert on impersonation scams. In these schemes, scammers send emails impersonating IC3 to trick recipients into providing personally identifiable information or downloading malicious files. Users should use caution when reviewing unsolicited...

6.8AI score
Exploits0References2
CISA
CISA
added 2017/08/28 12:0 a.m.21 views

Potential Hurricane Harvey Phishing Scams

US-CERT warns users to remain vigilant for malicious cyber activity seeking to capitalize on interest in Hurricane Harvey. Users are advised to exercise caution in handling any email with subject line, attachments, or hyperlinks related to Hurricane Harvey, even if it appears to originate from a...

6.7AI score
Exploits0References4
CISA
CISA
added 2016/12/14 12:0 a.m.21 views

Joomla! Releases Security Update for CMS

Joomla! has released version 3.6.5 of its Content Management System CMS software to address multiple vulnerabilities. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected website. US-CERT encourages users and administrators to review the Joomla!...

7.1AI score
Exploits0References2
CISA
CISA
added 2016/11/10 12:0 a.m.21 views

Google Releases Security Updates for Chrome

Google has released Chrome version 54.0.2840.99 for Windows and version 54.0.2840.98 for Linux. These new versions address multiple vulnerabilities that, if exploited, may allow an attacker to take control of an affected system. US-CERT encourages users and administrators to review the Chrome...

7.1AI score
Exploits0References1
CISA
CISA
added 2016/06/14 12:0 a.m.21 views

Adobe Releases Security Updates

Adobe has released security updates to address vulnerabilities in DNG Software Development Kit SDK, Brackets, Creative Cloud Desktop Application, and Cold Fusion. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Users and...

7AI score
Exploits0References4
CISA
CISA
added 2016/02/24 12:0 a.m.21 views

Drupal Releases Security Updates

Drupal has released updates to address multiple vulnerabilities. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected website. Available updates include: Drupal core 6.38 for 6.x users Drupal core 7.43 for 7.x users Drupal core 8.0.4 for 8.0.x...

7.2AI score
Exploits0References1
CISA
CISA
added 2014/02/26 12:0 a.m.21 views

US Tax Season Phishing Scams and Malware Campaigns

In the past, US-CERT has received reports of an increased number of phishing scams and malware campaigns that seek to take advantage of the United States tax season. The Internal Revenue Service has issued an advisory on its website warning consumers about potential scams. Tax season phishing...

6.6AI score
Exploits0References4
CISA
CISA
added 2013/04/17 12:0 a.m.21 views

Scams Exploiting Boston Marathon Explosion

Malicious actors are exploiting the April 15 explosions at the Boston Marathon in attempts to collect money intended for charities and to spread malicious code. Fake websites and social networking accounts have been set up to take advantage of those interested in learning more details about the...

6.9AI score
Exploits0
CISA
CISA
added 2012/01/18 12:0 a.m.21 views

Oracle Releases Critical Patch Update for January 2012

Oracle has released its Critical Patch Update for January 2012 to address 78 vulnerabilities across multiple products. This update contains the following security fixes: 2 for Oracle Database Server 1 for Oracle Fusion Middleware 3 for Oracle E-Business Suite 1 for Oracle Supply Chain Products...

4.4CVSS6.2AI score0.00356EPSS
Exploits4References3
CISA
CISA
added 2011/02/23 12:0 a.m.21 views

Internet System Consortium Releases BIND Advisory

The Internet System Consortium has released an advisory to address a vulnerability affecting BIND versions 9.7.1 through 9.7.2-P3. This vulnerability may allow an attacker to cause a denial-of-service condition. US-CERT encourages users and administrators using the affected versions of BIND to...

7.1CVSS2.1AI score0.13598EPSS
Exploits1References2
CISA
CISA
added 2010/09/16 12:0 a.m.21 views

Apple Releases QuickTime 7.6.8

Apple has released QuickTime 7.6.8 to address two vulnerabilities affecting earlier versions of QuickTime for Windows. The first vulnerability is due to improper input validation in the QuickTime ActiveX control. Exploitation of this vulnerability may allow an attacker to execute arbitrary code...

7.3AI score
Exploits0References3
CISA
CISA
added 2010/08/19 12:0 a.m.21 views

Adobe Releases Security Update for Adobe Reader and Acrobat

Adobe has released an update for Reader and Acrobat to address multiple vulnerabilities. These vulnerabilities affect the following versions: Adobe Reader 9.3.3 and earlier versions for Windows, Macintosh, and UNIX Adobe Acrobat 9.3.3 and earlier versions for Windows and Macintosh Exploitation of...

7.7AI score
Exploits0References2
CISA
CISA
added 2010/03/30 12:0 a.m.21 views

Microsoft Releases Out-of-Band Security Bulletin Update

Microsoft has released an update to its Security Bulletin Summary for March 2010 and has included the out-of-band bulletin MS10-018. This bulletin addresses ten vulnerabilities in Internet Explorer, including one previously announced in Microsoft Security Advisory 981374. The most severe of these...

7.7AI score
Exploits0References4
CISA
CISA
added 2010/01/26 12:0 a.m.21 views

Google Releases Chrome 4.0.249.78

Google has released Chrome 4.0.249.78 for Windows to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, obtain sensitive information, bypass security restrictions, or cause a denial-of-service condition. US-CERT encourages users and...

7.7AI score
Exploits0References1
CISA
CISA
added 2026/01/28 12:0 p.m.20 views

Fortinet Releases Guidance to Address Ongoing Exploitation of Authentication Bypass Vulnerability CVE-2026-24858

Newly disclosed vulnerability Common Vulnerabilities and Exposures CVE-2026-24858link is external Common Weakness Enumeration CWE-288: Authentication Bypass Using an Alternate Path or Channellink is external allows malicious actors with a FortiCloud account and a registered device to log in to...

9.8CVSS5.8AI score0.85844EPSS
Exploits1References23
CISA
CISA
added 2025/09/29 12:0 p.m.20 views

CISA Adds Five Known Exploited Vulnerabilities to Catalog

CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2021-21311link is external Adminer Server-Side Request Forgery Vulnerability CVE-2025-20352link is external Cisco IOS and IOS XE Software SNMP Denial of Servic...

10CVSS8.1AI score0.99614EPSS
Exploits76References10
CISA
CISA
added 2024/07/10 12:0 p.m.20 views

CISA and FBI Release Secure by Design Alert on Eliminating OS Command Injection Vulnerabilities

Today, CISA and FBI are releasing their newest Secure by Design Alert in the series, Eliminating OS Command Injection Vulnerabilities, in response to recent well-publicized threat actor campaigns that exploited OS command injection defects in network edge devices CVE-2024-20399link is external,...

10CVSS9.2AI score0.99999EPSS
Exploits62References6
CISA
CISA
added 2024/04/12 12:0 p.m.20 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-3400 Palo Alto Networks PAN-OS Command Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose...

10CVSS9.1AI score0.99999EPSS
Exploits50References6
CISA
CISA
added 2023/11/02 12:0 p.m.20 views

Atlassian Releases Security Advisory for Confluence Data Center and Server

Atlassian released a security advisory to address a vulnerability CVE-2023-22518 affecting Confluence Data Center and Server. A cyber actor could exploit this vulnerability to obtain sensitive information. CISA encourages users and administrators to review CVE-2023-22518 - Improper Authorization...

10CVSS9.4AI score0.99999EPSS
Exploits14References1
CISA
CISA
added 2023/10/20 12:0 p.m.20 views

CISA Releases Guidance for Addressing Cisco IOS XE Web UI Vulnerabilities

Today, CISA, in response to active, widespread exploitation, released guidance addressing two vulnerabilities, CVE-2023-20198 and CVE-2023-20273, affecting Cisco’s Internetworking Operating System IOS XE Software Web User Interface UI. An unauthenticated remote actor could exploit these...

10CVSS9AI score0.99571EPSS
Exploits27References3
CISA
CISA
added 2023/10/05 12:0 p.m.20 views

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation: CVE-2023-40044 Progress WSFTP Server Deserialization of Untrusted Data Vulnerability CVE-2023-42824 Apple iOS and iPadOS Kernel Privilege Escalation Vulnerability...

10CVSS9.1AI score0.99156EPSS
Exploits44References8
CISA
CISA
added 2023/01/26 12:0 a.m.20 views

CISA Releases Eight Industrial Control Systems Advisories

CISA released eight Industrial Control Systems ICS advisories on January 26, 2023.These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for...

1.8AI score
Exploits0References8
CISA
CISA
added 2023/01/17 12:0 a.m.20 views

CISA Releases Four Industrial Control Systems Advisories

CISA released four Industrial Control Systems ICS advisories on January 17, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for...

1.4AI score
Exploits0References4
CISA
CISA
added 2023/01/12 12:0 a.m.20 views

Juniper Networks Releases Security Updates for Multiple Products

Juniper Networks has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Juniper Networks’ security advisories page and...

1.8AI score
Exploits0References1
CISA
CISA
added 2022/12/20 12:0 a.m.20 views

CISA Releases Six Industrial Control Systems Advisories

CISA released six Industrial Control Systems ICS advisories on December 20, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for...

2.6AI score
Exploits0References6
CISA
CISA
added 2022/08/02 12:0 a.m.20 views

CISA and ACSC Release Top 2021 Malware Strains

CISA and the Australian Cyber Security Centre ACSC have published a joint Cybersecurity Advisory on the top malware strains observed in 2021. Malicious cyber actors often use malware to covertly compromise and then gain access to a computer or mobile device. As malicious cyber actors have been...

1AI score
Exploits0References5
CISA
CISA
added 2022/07/18 12:0 a.m.20 views

CISA Updates Advisory on Cyber Actors Continued Exploitation of Log4Shell in VMware Horizon Systems

CISA has updated the joint CISA-United States Coast Guard Cyber Command CGCYBER Cybersecurity Advisory AA22-174A: Malicious Cyber Actors Continue to Exploit Log4Shell in VMware Horizon, originally released June 23, 2022. The advisory now includes IOCs provided in Malware Analysis Report...

1.2AI score
Exploits0References2
CISA
CISA
added 2022/03/22 12:0 a.m.20 views

FBI and FinCEN Release Advisory on AvosLocker Ransomware

The Federal Bureau of Investigation FBI and the Department of the Treasury’s Financial Crimes Enforcement Network FinCEN have released a joint Cybersecurity Advisory identifying indicators of compromise associated with AvosLocker ransomware. AvosLocker is a ransomware-as-a-service affiliate-based...

2.5AI score
Exploits0References2
CISA
CISA
added 2022/01/13 12:0 a.m.20 views

Juniper Networks Releases Security Updates for Multiple Products

Juniper Networks has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Juniper Networks security advisories page an...

7.1AI score
Exploits0References1
CISA
CISA
added 2021/11/18 12:0 a.m.20 views

NCSC Releases 2021 Annual Review

The United Kingdom UK National Cyber Security Centre NCSC has released its Annual Review 2021, which focuses on its response to evolving and challenging cyber threats. The publication contains highlights of NCSC’s collaboration with trusted cybersecurity partners, including CISA. Examples include...

6.8AI score
Exploits0References6
CISA
CISA
added 2021/11/09 12:0 a.m.20 views

Citrix Releases Security Updates

Citrix has released security updates to address vulnerabilities affecting multiple versions of Citrix Application Delivery Controller ADC, Gateway, and SD-WAN WANOP. An attacker could exploit these vulnerabilities to cause a denial-of-service condition. CISA encourages users and administrators to...

6.9AI score
Exploits0References1
CISA
CISA
added 2021/11/04 12:0 a.m.20 views

BrakTooth Proof of Concept Tool Demonstrates Bluetooth Vulnerabilities

On November 1, 2021, researchers publicly released a BrakTooth proof-of-concept PoC tool to test Bluetooth-enabled devices against potential Bluetooth exploits using the researcher’s software tools. BrakTooth—originally disclosed in August 2021—is a family of security vulnerabilities in commercia...

7.4AI score
Exploits0References2
CISA
CISA
added 2021/10/18 12:0 a.m.20 views

CISA, FBI, and NSA Release Joint Cybersecurity Advisory on BlackMatter Ransomware

CISA, the Federal Bureau of Investigation FBI, and the National Security Agency NSA have released joint Cybersecurity Advisory CSA: BlackMatter Ransomware. Since July 2021, malicious cyber actors have used BlackMatter ransomware to target multiple U.S. critical infrastructure entities, including ...

6.8AI score
Exploits0References3
CISA
CISA
added 2021/10/08 12:0 a.m.20 views

NSA Releases Guidance on Avoiding the Dangers of Wildcard TLS Certificates and ALPACA Techniques

The National Security Agency NSA has released a Cybersecurity Information CSI sheet with guidance to help secure the Department of Defense, National Security Systems, and Defense Industrial Base organizations from poorly implemented wildcard Transport Layer Security TLS certificates and the...

6.7AI score
Exploits0References1
CISA
CISA
added 2021/07/22 12:0 a.m.20 views

Drupal Releases Security Updates

Drupal has released security updates to address a critical third-party-library vulnerability that could affect Drupal 7, 8.9, 9.1, and 9.2. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review the Drupal security...

6.8AI score
Exploits0References1
CISA
CISA
added 2021/07/13 12:0 a.m.20 views

Apache Releases Security Advisory for Tomcat

The Apache Software Foundation has released a security advisory to address a vulnerability in multiple versions of Tomcat. An attacker could exploit this vulnerability to obtain sensitive information. CISA encourages users and administrators to review Apache’s security advisory and apply the...

6.5AI score
Exploits0References2
CISA
CISA
added 2021/06/03 12:0 a.m.20 views

Cisco Releases Security Updates for Multiple Products

Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. CISA encourages...

7AI score
Exploits0References6
CISA
CISA
added 2021/05/27 12:0 a.m.20 views

Drupal Releases Security Updates

Drupal has released security updates to address a vulnerability affecting Drupal 8.9, 9.0, and 9.1. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review Drupal Advisory SA-CORE-2021-003 and apply the necessary updat...

6.8AI score
Exploits0References1
CISA
CISA
added 2021/05/20 12:0 a.m.20 views

Cisco Releases Security Updates for Multiple Products  

Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. CISA...

7.5AI score
Exploits0References3
CISA
CISA
added 2021/05/19 12:0 a.m.20 views

Update to CISA-FBI Joint Cybersecurity Advisory on DarkSide Ransomware

CISA and the Federal Bureau of Investigation FBI have updated Joint Cybersecurity Advisory AA21-131A: DarkSide Ransomware: Best Practices for Preventing Disruption from Ransomware Attacks, originally released May 11, 2021. This update provides a downloadable STIX file of indicators of compromise...

6.9AI score
Exploits0References2
CISA
CISA
added 2021/05/07 12:0 a.m.20 views

Exim Releases Security Update

Exim has released a security update to address multiple vulnerabilities in Exim versions prior to 4.94.2. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Exim 4.94.2 update page and apply t...

7.1AI score
Exploits0References2
CISA
CISA
added 2021/04/27 12:0 a.m.20 views

Apple Releases Security Updates

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Apple security pages for the following products and apply the...

6.9AI score
Exploits0References9
Total number of security vulnerabilities4188