Lucene search
K
CisaMost viewed

4188 matches found

CISA
CISA
added 2021/02/09 12:0 a.m.20 views

Adobe Releases Security Updates

Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessa...

6.6AI score
Exploits0References6
CISA
CISA
added 2021/02/04 12:0 a.m.20 views

Cisco Releases Security Updates

Cisco has released security updates to address vulnerabilities in Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Cisco Advisories and apply the necessary updates. For...

8AI score
Exploits0References10
CISA
CISA
added 2021/01/21 12:0 a.m.20 views

Oracle Releases January 2021 Security Bulletin

Oracle has released its Critical Patch Update for January 2021 to address 329 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Oracle January 2021...

7.1AI score
Exploits0References1
CISA
CISA
added 2021/01/21 12:0 a.m.20 views

Google Releases Security Updates for Chrome

Google has released Chrome version 88.0.4324.96 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the Chrome Release and apply the necessary updates. This...

7AI score
Exploits0References1
CISA
CISA
added 2021/01/12 12:0 a.m.20 views

NSA Cybersecurity Directorate Releases 2020 Year in Review

The National Security Agency NSA Cybersecurity Directorate has released its 2020 Year in Review, outlining key milestones and mission outcomes achieved during NSA Cybersecurity’s first full year of existence. Highlights include NSA Cybersecurity’s contributions to the 2020 elections, Operation Wa...

6.7AI score
Exploits0References2
CISA
CISA
added 2020/12/19 12:0 a.m.20 views

CISA Updates Alert and Releases Supplemental Guidance on Emergency Directive for SolarWinds Orion Compromise

CISA has updated AA20-352A: Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations, originally released December 17. This update states that CISA has evidence of, and is currently investigating, initial access vectors in addition to...

6.7AI score
Exploits0References5
CISA
CISA
added 2020/10/13 12:0 a.m.20 views

SAP Releases October 2020 Security Updates

SAP has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. This includes an OS command injection vulnerability CVE-2020-6364 affecting SAP Solution Manager and SAP Focused...

10CVSS9.9AI score0.06408EPSS
Exploits0References1
CISA
CISA
added 2020/08/26 12:0 a.m.20 views

North Korean Malicious Cyber Activity: FASTCash

The Cybersecurity Security and Infrastructure Security Agency CISA, the Department of the Treasury, the Federal Bureau of Investigation, and U.S. Cyber Command have released a joint Technical Alert and three Malware Analysis Reports MARs on the North Korean government’s ATM cash-out scheme—referr...

6.7AI score
Exploits0References5
CISA
CISA
added 2020/07/02 12:0 a.m.20 views

Cisco Releases Security Updates for Multiple Products

Cisco has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the...

6.4AI score
Exploits0References8
CISA
CISA
added 2020/05/22 12:0 a.m.20 views

ACSC Releases Cyber Criminal and APT Tradecraft Trends for 2019-2020

The Australian Cyber Security Centre ACSC has released a summary of trends for 2019-2020 outlining tactics, techniques, and procedures TTPs used by cyber criminals and advanced persistent threat APT groups to target Australian networks. ACSC uses the MITRE Adversarial Tactics, Techniques, and...

6.8AI score
Exploits0References2
CISA
CISA
added 2020/04/02 12:0 a.m.20 views

FBI Releases Guidance on Defending Against VTC Hijacking and Zoom-bombing

The Federal Bureau of Investigation FBI has released an article on defending against video-teleconferencing VTC hijacking referred to as “Zoom-bombing” when attacks are to the Zoom VTC platform. Many organizations and individuals are increasingly dependent on VTC platforms, such as Zoom and...

6.9AI score
Exploits0References5
CISA
CISA
added 2020/02/26 12:0 a.m.20 views

New CWE List of Common Security Weaknesses

MITRE has released version 4.0 of the community-developed Common Weakness Enumeration CWE list. Previous CWE list versions describe common software security weaknesses. With version 4.0, the CWE list expands to include hardware security weaknesses. Additionally, version 4.0 simplifies the...

6.8AI score
Exploits0References2
CISA
CISA
added 2019/12/31 12:0 a.m.20 views

Reminder: CISA Publishes Weekly Vulnerability Summaries

Did you know that the Cybersecurity and Infrastructure Security Agency CISA publishes a weekly Vulnerability Bulletin? This recurring item provides a summary of all new vulnerabilities that have been recorded by the CISA-sponsored National Institute of Standards and Technology NIST National...

6.8AI score
Exploits0References2
CISA
CISA
added 2019/10/30 12:0 a.m.20 views

MS-ISAC Releases EOS Software Report List

The Multi-State Information Sharing and Analysis Center MS-ISAC has released an end-of-support EOS software report list. Software that has reached its EOS date no longer receives security updates and patches from the vendor and is, therefore, susceptible to exploitation from security...

6.9AI score
Exploits0References2
CISA
CISA
added 2019/09/25 12:0 a.m.20 views

VMware Releases Security Updates

VMware has released security updates to address vulnerabilities in Cloud Foundation and Harbor Container Registry for Pivotal Cloud Foundry. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA...

7AI score
Exploits0References1
CISA
CISA
added 2019/09/20 12:0 a.m.20 views

CISA Releases Four New Insights Products

The Cybersecurity and Infrastructure Security Agency CISA has released four new CISA Insights products informed by U.S. intelligence and real-world events. Each of the following products provides a description of the threat, lessons learned, recommendations, and additional relevant resources:...

6.8AI score
Exploits0References5
CISA
CISA
added 2019/09/04 12:0 a.m.20 views

Supermicro Releases Security Updates

Supermicro has released security updates to address vulnerabilities affecting the Baseboard Management Controller BMC component of Supermicro X9, X10, and X11 platforms. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and...

7.1AI score
Exploits0References2
CISA
CISA
added 2019/08/01 12:0 a.m.20 views

NIST Publishes Multifactor Authentication Practice Guide

The National Institute of Standards and Technology NIST National Cybersecurity Center of Excellence NCCoE has published NIST Cybersecurity Practice Guide: Multifactor Authentication for E-Commerce. The guide provides e-commerce organizations multifactor authentication MFA protection methods they...

7.1AI score
Exploits0References1
CISA
CISA
added 2018/11/06 12:0 a.m.20 views

Self-Encrypting Solid-State Drive Vulnerabilities

NCCIC is aware of reports of vulnerabilities in the hardware encryption of certain self-encrypting solid-state drives. An attacker could exploit these vulnerabilities to obtain access to sensitive information. NCCIC encourages users and administrators to review Vulnerability Note VU 395981,...

6.7AI score
Exploits0References3
CISA
CISA
added 2018/04/16 12:0 a.m.20 views

Russian Malicious Cyber Activity

The Department of Homeland Security DHS, Federal Bureau of Investigation FBI, and the United Kingdom’s UK National Cyber Security Centre NCSC released a joint Technical Alert TA about malicious cyber activity carried out by the Russian Government. The U.S. Government refers to malicious cyber...

6.8AI score
Exploits0References1
CISA
CISA
added 2018/04/13 12:0 a.m.20 views

VMware Releases Security Updates

VMware has released security updates to address a vulnerability in vRealize Automation. An attacker could exploit this vulnerability to take control of an affected system. NCCIC encourages users and administrators to review the VMware Security Advisory VMSA-2018-0009 and apply the necessary...

6.7AI score
Exploits0References1
CISA
CISA
added 2018/01/26 12:0 a.m.20 views

Data Privacy Day

January 28 is Data Privacy Day DPD, an annual international effort to promote the importance of data privacy. DPD is sponsored in the United States by the National Cyber Security Alliance NCSA with the theme, Respecting Privacy, Safeguarding Data, and Enabling Trust. The NCSA Stay Safe Online...

6.7AI score
Exploits0References7
CISA
CISA
added 2017/07/06 12:0 a.m.20 views

IRS Launches 'Don't Take the Bait' Series

As part of its Security Summit effort, the Internal Revenue Service IRS will be launching a new educational series called "Don't Take the Bait" on July 11, 2017. As part of the "Protect Your Clients, Protect Yourself" campaign, this series will provide information about phishing scams targeting t...

6.6AI score
Exploits0References3
CISA
CISA
added 2017/04/11 12:0 a.m.20 views

Adobe Releases Security Updates

Adobe has released security updates to address vulnerabilities in Adobe Campaign, Flash Player, Acrobat and Reader, Photoshop CC, and Creative Cloud. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Users and administrators are...

7AI score
Exploits0References5
CISA
CISA
added 2016/11/15 12:0 a.m.20 views

Mozilla Releases Security Updates

Mozilla has released security updates to address multiple vulnerabilities in Firefox and Firefox ESR. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. Available updates include: Firefox 50 Firefox ESR 45.5 Users and administrators are encouraged...

7.4AI score
Exploits0References1
CISA
CISA
added 2016/04/08 12:0 a.m.20 views

Adobe Releases Updates for Flash Player

Adobe has released security updates to address multiple vulnerabilities in Flash Player. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review Adobe Security Bulletin APSB16-10 and apply t...

7.1AI score
Exploits0References1
CISA
CISA
added 2015/12/15 12:0 a.m.20 views

Securing Home and Small Business Routers

Home and Small Business routers have become the ideal target for attackers seeking to gain control over a user's gateway to the Internet. Router misconfigurations e.g., default credentials, interfaces open to the Internet or the lack of security precautions e.g., absence of updates may make users...

6.9AI score
Exploits0References2
CISA
CISA
added 2015/01/15 12:0 a.m.20 views

Affordable Care Act Phishing Campaign

US-CERT is aware of a phishing campaign purporting to come from a U.S. Federal Government Agency. The phishing emails reference the Affordable Care Act in the subject and claim to direct users to health coverage information, but instead direct them to sites which attempt to elicit private...

6.6AI score
Exploits0References2
CISA
CISA
added 2011/10/19 12:0 a.m.20 views

Cisco Releases Two Security Advisories

Cisco has released two security advisories to address vulnerabilities affecting CiscoWorks Common Services and Cisco Show and Share. These vulnerabilities may allow an attacker to execute arbitrary code or bypass security restrictions. US-CERT encourages users and administrators to review Cisco...

7.9AI score
Exploits0References2
CISA
CISA
added 2011/06/15 12:0 a.m.20 views

Adobe Releases Security Bulletin for Critical Vulnerability in Flash Player

Adobe has released security bulletin APSB11-18 to alert users of a critical vulnerability in Adobe Flash Player. The following versions are affected: 10.3.181.23 and earlier for Windows, Macintosh, Linux, and Solaris 10.3.185.23 and earlier for Android Adobe indicates that it has received reports...

6.8AI score
Exploits0References2
CISA
CISA
added 2010/10/06 12:0 a.m.20 views

Adobe Releases Security Updates for Reader and Acrobat

Adobe has released updates for Adobe Reader and Acrobat for Windows, Macintosh, and UNIX. These updates address multiple vulnerabilities including those described in Adobe security advisory APSA10-02 and Flash Player security bulletin APSB10-22. Exploitation of these vulnerabilities may allow an...

7.8AI score
Exploits0References6
CISA
CISA
added 2010/02/10 12:0 a.m.20 views

Cisco Releases Advisory for IronPort Encryption Appliance

Cisco has released an advisory to address multiple vulnerabilities in IronPort Encryption Appliance. Exploitation of these vulnerabilities may allow a remote, unauthenticated attacker to execute arbitrary code or obtain sensitive information. US-CERT encourages users and administrators to review...

7.9AI score
Exploits0References3
CISA
CISA
added 2010/01/12 12:0 a.m.20 views

Microsoft Releases January Security Bulletin

Microsoft has released an update to address a vulnerability in Microsoft Windows in its Microsoft Security Bulletin Summary for January 2010. This vulnerability may allow an attacker to execute arbitrary code. An attacker may be able to exploit this vulnerability by convincing a user to view...

7.3AI score
Exploits0References2
CISA
CISA
added 2025/01/22 12:0 p.m.19 views

CISA and FBI Release Advisory on How Threat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications

CISA, in partnership with the Federal Bureau of Investigation FBI, released Threat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications. This advisory was crafted in response to exploitation of vulnerabilities—CVE-2024-8963, an administrative bypass vulnerability; CVE-2024-9379, a...

9.4CVSS8.3AI score0.98557EPSS
Exploits3References7
CISA
CISA
added 2024/12/30 12:0 p.m.19 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-3393link is external Palo Alto Networks PAN-OS Malformed DNS Packet Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber...

8.7CVSS7.8AI score0.26636EPSS
Exploits0References6
CISA
CISA
added 2024/11/14 12:0 p.m.19 views

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-9463link is external Palo Alto Networks Expedition OS Command Injection Vulnerability CVE-2024-9465link is external Palo Alto Networks Expedition SQL Injection...

9.9CVSS8.5AI score0.99597EPSS
Exploits3References7
CISA
CISA
added 2024/10/15 12:0 p.m.19 views

Guidance: Framing Software Component Transparency: Establishing a Common Software Bill of Materials (SBOM)

Today, CISA published the Framing Software Component Transparency, created by the Software Bill of Materials SBOM Tooling & Implementation Working Group, one of the five SBOM community-driven workstreams facilitated by CISA. CISA’s community-driven working groups publish documents and reports to...

6.9AI score
Exploits0References2
CISA
CISA
added 2024/10/09 12:0 p.m.19 views

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-23113link is external Fortinet Multiple Products Format String Vulnerability CVE-2024-9379link is external Ivanti Cloud Services Appliance CSA SQL Injection...

9.8CVSS10AI score0.62988EPSS
Exploits8References8
CISA
CISA
added 2024/07/09 12:0 p.m.19 views

Citrix Releases Security Updates for Multiple Products

Citrix released security updates to address vulnerabilities in multiple Citrix products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following and apply necessary updates: NetScaler...

9.4CVSS7.3AI score0.21331EPSS
Exploits0References6
CISA
CISA
added 2024/02/15 12:0 p.m.19 views

Updated: New Software Updates and Mitigations to Defend Against Exploitation of Ivanti Connect Secure and Policy Secure Gateways

Note: CISA will update this Alert with more information as it becomes available. Updated Feb. 15, 2024: On Feb. 14, 2024, Ivanti released new software updates for Ivanti Connect Secure and Ivanti Policy Secure. Review Ivanti's updated KB articlelink is external for more information. End of Feb. 1...

9.1CVSS10AI score0.99999EPSS
Exploits27References21
CISA
CISA
added 2024/01/18 12:0 p.m.19 views

Citrix Releases Security Updates for NetScaler ADC and NetScaler Gateway

Citrix released security updates to address vulnerabilities CVE-2023-6548 and CVE-2023-6549 in NetScaler ADC and NetScaler Gateway. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Citrix...

8.8CVSS8.6AI score0.57633EPSS
Exploits0References1
CISA
CISA
added 2023/11/15 12:0 p.m.19 views

CISA, FBI, and MS-ISAC Release Advisory on Rhysida Ransomware

Today, the Cybersecurity and Infrastructure Security Agency CISA, the Federal Bureau of Investigation FBI, and the Multi-State Information Sharing and Analysis Center MS-ISAC released a joint Cybersecurity Advisory CSA, StopRansomware: Rhysida Ransomware, to disseminate known Rhysida ransomware...

10CVSS7.6AI score0.99512EPSS
Exploits75References4
CISA
CISA
added 2023/11/01 12:0 p.m.19 views

CISA Updates Guidance for Addressing Cisco IOS XE Web UI Vulnerabilities

Today, CISA updated its guidance addressing two vulnerabilities, CVE-2023-20198 and CVE-2023-20273, affecting Cisco’s Internetworking Operating System IOS XE Software Web User Interface UI. The guidance now notes that Cisco has fixed these vulnerabilities for the 17.3 Cisco IOS XE software releas...

10CVSS8.8AI score0.99571EPSS
Exploits27References4
CISA
CISA
added 2023/02/14 12:0 a.m.19 views

Adobe Releases Security Updates for Multiple Products

Adobe has released security updates to address multiple vulnerabilities in Adobe software. An attacker can exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates...

1.4AI score
Exploits0References9
CISA
CISA
added 2023/01/26 12:0 a.m.19 views

JCDC Announces 2023 Planning Agenda

Today, the Joint Cyber Defense Collaborative JCDC announced its 2023 Planning Agenda. This release marks a major milestone in the continued evolution and maturation of the collaborative’s planning efforts. JCDC’s Planning Agenda brings together government and private sector partners to develop an...

1.5AI score
Exploits0References4
CISA
CISA
added 2022/11/10 12:0 a.m.19 views

CISA Releases Twenty Industrial Control Systems Advisories

CISA has released twenty 20 Industrial Control Systems ICS advisories on November 10, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisorie...

2.7AI score
Exploits0References20
CISA
CISA
added 2022/08/25 12:0 a.m.19 views

CISA releases 1 Industrial Control Systems Advisory

CISA has released 1 Industrial Control Systems ICS advisory on August 25, 2022. This advisory provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisory for technical...

2.8AI score
Exploits0References1
CISA
CISA
added 2022/08/10 12:0 a.m.19 views

Palo Alto Networks Releases Security Update for PAN-OS

Palo Alto Networks has released a security update to address a vulnerability in PAN-OS firewall configurations. A remote attacker could exploit this vulnerability to conduct a reflected denial-of service. CISA encourages users and administrators to review the Palo Alto Networks Security Advisory...

2.2AI score0.02041EPSS
Exploits0References1
CISA
CISA
added 2022/07/28 12:0 a.m.19 views

CISA Releases Log4Shell-Related MAR

From May through June 2022, CISA responded to an organization that was compromised by an exploitation of an unpatched and unmitigated Log4Shell vulnerability in a VMware Horizon server. CISA analyzed five malware samples obtained from the organization’s network and released a Malware Analysis...

1.4AI score
Exploits0References5
CISA
CISA
added 2022/07/12 12:0 a.m.19 views

Microsoft Releases July 2022 Security Updates

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s July 2022 Security Update and Deployment Informatio...

1.7AI score
Exploits0References2
Total number of security vulnerabilities4188