4188 matches found
Microsoft Releases Update for EMET
US-CERT is aware of a vulnerability in Microsoft Enhanced Mitigation Experience Toolkit EMET versions prior to 5.5. Exploitation of this vulnerability may allow a remote attacker to bypass or disable EMET to take control of an affected system. US-CERT recommends users and administrators visit the...
Apple Releases Multiple Security Updates
Apple has released security updates for iOS, tvOS, OS X, watchOS, Safari, and Xcode to address multiple vulnerabilities, one of which could allow a remote attacker to take control of an affected system. Updates available include: iOS 9.2 for iPhone 4s and later, iPod touch 5th generation and late...
Mozilla Releases Security Updates for Firefox
The Mozilla Foundation has released security updates to address critical vulnerabilities in Firefox and Firefox ESR. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Available updates include: Firefox 41 Firefox ESR 38.3 US-CERT...
Google Releases Security Update for Chrome
Google has released Chrome version 45.0.2454.85 to address multiple vulnerabilities for Windows, Mac, and Linux. Exploitation of one of these vulnerabilities may allow an attacker to take control of an affected system. US-CERT encourages users and administrators to review the Chrome Releases page...
Guidance for Defending Against Destructive Malware
The Information Assurance Directorate of the National Security Agency NSA has released a report on Defensive Best Practices for Destructive Malware. This report details several steps network defenders can take to detect, contain, and minimize destructive malware infections. US-CERT encourages use...
Certain TLS Implementations Vulnerable to POODLE Attacks
A new variant of the POODLE attack may affect some TLS implementations on account of an issue similar to one present in SSL 3.0. Successful exploitation may enable actors to derive plaintext from encrypted communications. US-CERT encourages users and administrators to review TA14-290A for...
Adobe Releases Security Updates for Flash Player and Air
Adobe has released security updates to address multiple vulnerabilities in Flash Player and Air. Exploitation of these vulnerabilities could potentially allow an attacker to take control of the affected system. The following updates are available: Adobe Flash Player 14.0.0.125 for Windows,...
Mozilla Releases Updates for Firefox, Thunderbird, and Seamonkey
The Mozilla Foundation has released security updates to address multiple vulnerabilities in Firefox, Thunderbird, and Seamonkey. Exploitation of these vulnerabilities may allow an attacker to obtain sensitive information, cause a denial-of-service condition, execute arbitrary code, or operate wit...
Google Releases Google Chrome 31.0.1650.57
Google has released Google Chrome 31.0.1650.57 for Windows, Mac, Linux and Chrome Frame to address a vulnerability. This vulnerability could allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review the Google...
Microsoft Addresses New Watering Hole Attack in the November, 2013 Security Bulletin Release
Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer and Office as part of the Microsoft Security Bulletin Summary for November, 2013. These vulnerabilities could allow remote code execution, elevation of privilege, information disclosure or denial of...
Apple Releases OS X Mavericks v10.9
Apple has released OS X Mavericks v10.9 to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to bypass security restrictions, cause a denial-of-service condition, or execute arbitrary code. US-CERT encourages users and administrators to review Apple Support...
CERT Releases UPnP Security Advisory
Multiple vulnerabilities have been announced in libupnp, the open source portable SDK for UPnP devices. Libupnp is employed by hundreds of vendors for UPnP-enabled devices. Information is also available in CERT Vulnerability Note VU922681. US-CERT recommends that affected UPnP device vendors and...
Google Releases Google Chrome 19.0.1084.52
Google has released Google Chrome 19.0.1084.52 for Linux, Mac, Windows, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review the...
Apple Releases Multiple Security Updates
Apple has released security updates for Apple OS X and Safari to address multiple vulnerabilities for the following products: Safari 5.1.7 for Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion Server v10.7.4, OS X Lion v10.7.4, Windows 7, Vista, XP SP2 or later OS X Lion v10.7.4 and Security...
Cisco Releases Multiple Security Advisories
Cisco has released nine security advisories to address multiple vulnerabilities affecting Cisco IOS software. These vulnerabilities may allow an attacker to execute arbitrary code, operate at elevated privileges, or cause a denial-of-service condition. US-CERT encourages users and administrators ...
Google Releases Chrome 17.0.963.65
Google has released Chrome 17.0.963.65 for Linux, Macintosh, Windows, and Google Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review th...
Adobe Releases Security Advisory for Adobe Flash Player
Adobe has released a security advisory to alert users of vulnerabilities affecting the following software: Adobe Flash Player 11.1.102.55 and earlier versions for Windows, Macintosh, Linux, and Solaris operating systems Adobe Flash Player 11.1.112.61 and earlier versions for Android 4.x Adobe Fla...
Multiple Programming Language Implementations Vulnerable to Hash Table Collision Attacks
US-CERT is aware of reports stating that multiple programming language implementations, including web platforms, are vulnerable to hash table collision attacks. This vulnerability could be used by an attacker to launch a denial-of-service attack against websites using affected products. The Ruby...
RIM Releases Security Advisory for BlackBerry Enterprise Server
RIM has released a security advisory to address a vulnerability in the BlackBerry Administration API included in the BlackBerry Enterprise Server. The vulnerability may allow an attacker with user permissions granted to the BlackBerry Administration API to disclose sensitive information or cause ...
Cisco Releases Security Advisory for Cisco Unified Communications Manager
Cisco has released a security advisory to address multiple vulnerabilities in Cisco Unified Communications Manager. These vulnerabilities may allow an attacker to perform SQL injection attacks, conduct directory traversal attacks, or cause a denial-of-service condition. US-CERT encourages users a...
Firefox 3.5 and 3.6 Vulnerability
Mozilla has released a blog entry indicating that it is aware of a critical vulnerability affecting Firefox 3.5 and Firefox 3.6. This vulnerability may allow an attacker to execute arbitrary code. The blog entry indicates that active exploitation of this vulnerability has been detected. Update: T...
Mozilla Releases Firefox 3.6.4
The Mozilla Foundation has released Firefox 3.6.4 and Firefox 3.5.10 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, obtain sensitive information, or conduct cross-site scripting attacks. Some of thes...
RealNetworks, Inc. Releases Updates to Address Vulnerabilities
RealNetworks, Inc. has released updates to address multiple vulnerabilities in several versions of RealPlayer for Windows, Mac, and Linux and several versions of the Helix Player for Linux. These vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and...
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2022-0492link is external Linux Kernel Improper Authentication Vulnerability CVE-2025-48595link is external Android Framework Integer Overflow Vulnerability The...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-68613link is external n8n Improper Control of Dynamically-Managed Code Resources Vulnerability This type of vulnerability is a frequent attack vector for...
CISA Adds Six Known Exploited Vulnerabilities to Catalog
CISA has added six new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-21510link is external Microsoft Windows Shell Protection Mechanism Failure Vulnerability CVE-2026-21513link is external Microsoft MSHTML Framework Security...
CISA Releases Ten Industrial Control Systems Advisories
CISA released ten Industrial Control Systems ICS advisories on August 7, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-219-01 Delta Electronics DIAView ICSA-25-219-02 Johnson Controls FX80 and FX90...
Ivanti Releases Security Updates for Connect Secure, Policy Secure, and ZTA Gateways
Updated April 8, 2025 CISA updated these mitigations based on identification of a new malware variant called RESURGE that could undermine the effectiveness of the mitigations previously provided. For more information on RESURGE, see MAR-25993211.R1.V1.CLEAR and CISA Releases Malware Analysis Repo...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation , as confirmed by Fortinet. CVE-2025-24085link is external Apple Multiple Products Use-After-Free Vulnerability These types of vulnerabilities are frequent attack vectors...
CISA Adds Three Known Exploited Vulnerabilities to Catalog
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-1212link is external Progress Kemp LoadMaster OS Command Injection Vulnerability CVE-2024-0012link is external Palo Alto Networks PAN-OS Management Interface...
Fortinet Updates Guidance and Indicators of Compromise following FortiManager Vulnerability Exploitation
Fortinet has updated their security advisory addressing a critical FortiManager vulnerability CVE-2024-47575 to include additional workarounds and indicators of compromise IOCs. A remote, unauthenticated cyber threat actor could exploit this vulnerability to gain access to sensitive files or take...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-40711link is external Veeam Backup and Replication Deserialization Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-45519link is external Synacor Zimbra Collaboration Command Execution Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-8190link is external Ivanti Cloud Services Appliance OS Command Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious...
CISA Adds Six Known Exploited Vulnerabilities to Catalog
CISA has added six new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-38189 Microsoft Project Remote Code Execution Vulnerability CVE-2024-38178 Microsoft Windows Scripting Engine Memory Corruption Vulnerability CVE-2024-38213...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-37085 VMware ESXi Authentication Bypass Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-36401 OSGeo GeoServer GeoTools Eval Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose...
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-4610 ARM Mali GPU Kernel Driver Use-After-Free Vulnerability CVE-2024-4577 PHP-CGI OS Command Injection Vulnerability These types of vulnerabilities are freque...
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-30051 Microsoft DWM Core Library Privilege Escalation Vulnerability CVE-2024-30040 Microsoft Windows MSHTML Platform Security Feature Bypass Vulnerability Thes...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-4671 Google Chromium in Visuals Use-After-Free Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose...
CISA Adds Three Known Exploited Vulnerabilities to Catalog
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-20353 Cisco ASA and FTD Denial of Service Vulnerability CVE-2024-20359 Cisco ASA and FTD Privilege Escalation Vulnerability CVE-2024-4040 CrushFTP VFS Sandbo...
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-23225 Apple iOS and iPadOS Memory Corruption Vulnerability CVE-2024-23296 Apple iOS and iPadOS Memory Corruption Vulnerability These types of vulnerabilities a...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-21762 Fortinet FortiOS Out-of-Bound Write Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significan...
CISA Adds Six Known Exploited Vulnerabilities to Catalog
CISA has added six new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-38203 Adobe ColdFusion Deserialization of Untrusted Data Vulnerability CVE-2023-29300 Adobe ColdFusion Deserialization of Untrusted Data Vulnerability...
CISA, FBI, MS-ISAC, and ASD’s ACSC Release Advisory on LockBit Affiliates Exploiting Citrix Bleed
Today, the Cybersecurity and Infrastructure Security Agency CISA, Federal Bureau of Investigation FBI, Multi-State Information Sharing & Analysis Center MS-ISAC, and Australian Signals Directorate’s Australian Cyber Security Center ASD’s ACSC released a joint Cybersecurity Advisory CSA,...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-22518 Atlassian Confluence Data Center and Server Improper Authorization Vulnerability These types of vulnerabilities are frequent attack vectors for malicious...
Citrix Releases Security Updates for Multiple Products
Citrix has released security updates to address vulnerabilities affecting multiple products. A malicious cyber actor can exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Citrix security bulletins and apply...
CISA Releases Two Industrial Control Systems Advisories
CISA released two Industrial Control Systems ICS advisories on May 9, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-129-02 Hitachi Energy MSM ICSA-21-334-02 Mitsubishi MELSEC and MELIPC Series Update F CISA...
CISA Releases Twelve Industrial Control Systems Advisories
CISA released twelve Industrial Control Systems ICS advisories on January 12, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for...
CISA, NSA, and ODNI Release Guidance for Customers on Securing the Software Supply Chain
Today, CISA, the National Security Agency NSA, and the Office of the Director of National Intelligence ODNI, published the third of a three-part series on securing the software supply chain: Securing Software Supply Chain Series - Recommended Practices Guide for Customers. This publication follow...