4188 matches found
Google Releases Security Updates for Chrome
Google has released security updates to address multiple vulnerabilities in Chrome. Some of these vulnerabilities may lead to memory corruption or arbitrary code execution. Updates available include: Chrome 33.0.1750.154 for Windows. Chrome 33.0.1750.152 for Mac and Linux. Chrome 33.0.1750.152 fo...
Oracle Java SE Critical Patch Update Announcement - June 2013
Oracle has released a June 2013 Critical Patch Update for Oracle Java SE. This Critical Patch Update is a collection of patches for multiple security vulnerabilities in Oracle Java SE. The update contains 40 new security vulnerability fixes, including a patch for Oracle JavaDoc frame injection...
Apple Releases iOS 6.1
Apple has released iOS 6.1 for the iPhone 3GS and later, iPod touch 4th generation and later, and iPad 2 and later to address multiple vulnerabilities. These vulnerabilities may allow an attacker to operate with elevated privileges or execute arbitrary code. US-CERT encourages users and...
Google Releases Google Chrome 23.0.1271.95
Google has released Google Chrome 23.0.1271.95 for Windows, Mac, and ChromeFrame to address multiple vulnerabilities. These vulnerabilities could result in a denial of service or allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Google Chrome...
Oracle Releases Critical Patch Update for June 2012
Oracle released its Critical Patch Update for June 2012 containing 14 security fixes for the following products: JDK and JRE 7 Updates 4 and earlier JDK and JRE 6 Update 32 and earlier JDK and JRE 5.0 Update 35 and earlier SDK and JRE 1.4.237 and earlier JavaFX 2.1 and earlier US-CERT encourages...
Adobe Releases Security Advisory for Adobe Flash Player
Adobe has released a Security Advisory for Adobe Flash Player to address multiple vulnerabilities affecting the following software versions: Adobe Flash Player 11.1.102.63 and earlier versions for Windows, Macintosh, Linux, and Solaris operating systems Adobe Flash Player 11.1.111.7 and earlier...
DNSChanger Malware
UPDATE: On March 5, 2012, a federal judge agreed to allow more time for organizations and individuals to clean systems of the DNSChanger malware and extended the deadline for shutting off servers that had been keeping infected computers connected to the internet. Although the new deadline is July...
Symantec pcAnywhere Hotfix
Symantec has released an update for pcAnywhere to address multiple vulnerabilities for the following software versions running on Windows: pcAnywhere 12.5 SP3 pcAnywhere Solutions 7.1 GA, SP 1, and SP 2 US-CERT encourages users and administrators to review the Symantec pcAnywhere hot fix and appl...
Adobe Releases Security Bulletin for Adobe Shockwave Player
Adobe has released a security update for Adobe Shockwave Player to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code. These vulnerabilities affect Shockwave Player 11.6.1.629 and earlier versions for the Windows and Macintosh...
Apple Releases QuickTime 7.7.1
Apple has released QuickTime 7.7.1 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or obtain sensitive information. US-CERT encourages users and administrators to review Apple Support Article HT5016 a...
VideoLAN Releases VLC Media Player 1.1.10
VideoLAN has released VLC Media Player 1.1.10 to address an integer overflow vulnerability in the xspf demuxer. Exploitation of this vulnerability may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the release notes for VLC Media Player 1.1.10 a...
Gmail Phishing Attack
US-CERT is aware of public reports of a phishing attack that specifically targets US government and military officials' Gmail accounts. The attack arrives via an email sent from a spoofed address of an individual or agency known to the targeted user. The email contains a "view download" link that...
VideoLAN Releases Security Advisory for VLC Media Player
VideoLAN has released a security advisory to address a vulnerability in VLC Media Player. This vulnerability may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review VideoLAN security advisory VideoLAN-SA-1102 and apply any necessary updates or...
Google Releases Chrome 8.0.552.215
Google has released Chrome 8.0.552.215 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, obtain sensitive information or bypass security restrictions. US-CERT encourages users and administrators to revi...
Adobe Releases Guidance for Launch Functionality Mitigation in Acrobat and Reader
Adobe has released a blog entry addressing a vulnerability in Acrobat and Reader. This vulnerability exists due to the way in which Adobe Acrobat and Adobe Reader handle launch actions embedded in PDFs. When users open a PDF that contains a launch action, they are presented with a dialog box...
Cisco Releases Multiple Security Advisories
Cisco has released three security advisories to address vulnerabilities. Security advisory cisco-sa-20100303-cucm, addresses multiple vulnerabilities in the Cisco Unified Communications Manager which affect the Session Initiation Protocol SIP, Skinny Client Control Protocol SCCP, and the Computer...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-8110link is external Gogs Path Traversal Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significan...
PRC State-Sponsored Actors Use BRICKSTORM Malware Across Public Sector and Information Technology Systems
The Cybersecurity and Infrastructure Security Agency CISA is aware of ongoing intrusions by People’s Republic of China PRC state-sponsored cyber actors using BRICKSTORM malware for long-term persistence on victim systems. BRICKSTORM is a sophisticated backdoor for VMware vSphere1,2 and Windows...
CISA Adds Three Known Exploited Vulnerabilities to Catalog
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2024-8069link is external Citrix Session Recording Deserialization of Untrusted Data Vulnerability CVE-2024-8068link is external Citrix Session Recording...
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-8875link is external N-able N-central Insecure Deserialization Vulnerability CVE-2025-8876link is external N-able N-central Command Injection Vulnerability...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-50603link is external Aviatrix Controllers OS Command Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber acto...
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-20767link is external Adobe ColdFusion Improper Access Control Vulnerability CVE-2024-35250link is external Microsoft Windows Kernel-Mode Driver Untrusted...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-50623link is external Cleo Multiple Products Unrestricted File Upload Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cybe...
CISA Adds Three Known Exploited Vulnerabilities to Catalog
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-44308link is external Apple Multiple Products Code Execution Vulnerability CVE-2024-44309link is external Apple Multiple Products Cross-Site Scripting XSS...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation , as confirmed by Fortinet. CVE-2024-47575link is external Fortinet FortiManager Missing Authentication Vulnerability These types of vulnerabilities are frequent attack...
Ivanti Releases Admin Bypass Security Update for Cloud Services Appliance
Ivanti has released a security update to address an admin bypass vulnerability CVE-2024-8963link is external affecting Ivanti Cloud Services Appliance CSA version 4.6. A cyber threat actor could exploit this vulnerability in conjunction with CVE-2024-8190link is external–detailed in a Sept. 13...
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-43461link is external Microsoft Windows MSHTML Platform Spoofing Vulnerability CVE-2024-6670link is external Progress WhatsUp Gold SQL Injection Vulnerability...
Ivanti Releases Security Updates for Avalanche, Neurons for ITSM, and Virtual Traffic Manager
Ivanti released security updates to address multiple vulnerabilities in Ivanti Avalanche, Neurons for ITSM, and Virtual Traffic Manager vTM. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. Ivanti advises users to reduce their attack surface...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2017-3506 Oracle WebLogic Server OS Command Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-5274 Google Chromium V8 Type Confusion Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant...
CISA Adds Three Known Exploited Vulnerabilities to Catalog
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2014-100005 D-Link DIR-600 Router Cross-Site Request Forgery CSRF Vulnerability CVE-2021-40655 D-Link DIR-605 Router Information Disclosure Vulnerability...
CISA Adds Three Known Exploited Vulnerabilities to Catalog
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-48788 Fortinet FortiClient EMS SQL Injection Vulnerability CVE-2021-44529 Ivanti Endpoint Manager Cloud Service Appliance EPM CSA Code Injection Vulnerabilit...
CISA and FBI Release Secure by Design Alert to Urge Manufacturers to Eliminate SQL Injection Vulnerabilities
Today, CISA and the Federal Bureau of Investigation FBI released a joint Secure by Design Alert, Eliminating SQL Injection Vulnerabilities in Software. This Alert was crafted in response to a recent, well-publicized exploitation of SQL injection SQLi defects in a managed file transfer application...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-21338 Microsoft Windows Kernel Exposed IOCTL with Insufficient Access Control Vulnerability These types of vulnerabilities are frequent attack vectors for...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-34048 VMware vCenter Server Out-of-Bounds Write Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose...
CISA Adds Three Known Exploited Vulnerabilities to Catalog
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-6549 Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability CVE-2023-6548 Citrix NetScaler ADC and NetScaler Gateway Code Injection...
Atlassian Releases Security Advisories for Multiple Products
Atlassian has released security updates to address vulnerabilities affecting multiple Atlassian products. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories and apply th...
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-41265 Qlik Sense HTTP Tunneling Vulnerability CVE-2023-41266 Qlik Sense Path Traversal Vulnerability These types of vulnerabilities are frequent attack vectors...
CISA Releases Advisory on Threat Actors Exploiting CVE-2023-26360 Vulnerability in Adobe ColdFusion
Today, CISA released a Cybersecurity Advisory CSA, Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers, to disseminate known indicators of compromise IOCs and tactics, techniques, and procedures TTPs. The vulnerability in ColdFusion CVE-2023-26360 presen...
CISA Adds Three Known Exploited Vulnerabilities to Catalog
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-36584 Microsoft Windows Mark of the Web MOTW Security Feature Bypass Vulnerability CVE-2023-1671 Sophos Web Appliance Command Injection Vulnerability...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-46604 Apache ActiveMQ Deserialization of Untrusted Data Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and...
VMware Releases Security Advisory for vCenter Server
VMware released a security advisory for vulnerabilities CVE-2023-34048, CVE-2023-34056 affecting the VMware vCenter Serverlink is external. A remote cyber actor could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the...
CISA, FBI, and MS-ISAC Release Joint Advisory on Atlassian Confluence Vulnerability CVE-2023-22515
Today, CISA, the Federal Bureau of Investigation FBI, and the Multi-State Information Sharing and Analysis Center MS-ISAC released a joint Cybersecurity Advisory CSA in response to the active exploitation of CVE-2023-22515. This critical vulnerability affects certain versions of Atlassian...
Cisco Releases Security Advisory for IOS XE Software Web UI
Cisco released a security advisory to address a vulnerability CVE-2023-20198 affecting IOS XE Software Web UIlink is external. A cyber threat actor can exploit this vulnerability to take control of an affected device. CISA encourages users and administrators to review the Cisco security...
CISA Adds Eight Known Exploited Vulnerabilities to Catalog
CISA has added eight new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2022-22265 Samsung Mobile Devices Use-After-Free Vulnerability CVE-2014-8361 Realtek SDK Improper Input Validation Vulnerability CVE-2017-6884 Zyxel EMG2926 Route...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-26359 Adobe ColdFusion Deserialization of Untrusted Data Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and...
CISA Releases Three Industrial Control Systems Advisories
CISA has released three Industrial Control Systems ICS advisories on September 22, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisory for...
Apple Releases Security Updates for iOS 12.5.4
Apple has released security updates to address vulnerabilities in iOS 12.5.4. An attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Apple security update and apply the necessary updates. This product is provid...
CISA Addresses the Rise in Ransomware Targeting Operational Technology Assets
CISA has published the Rising Ransomware Threat to OT Assets fact sheet in response to the recent increase in ransomware attacks targeting operational technology OT assets and control systems. The guidance: provides steps to prepare for, mitigate against, and respond to attacks; details how the...
Cisco Releases Security Updates for Multiple Products
Cisco has released security updates to address a vulnerability in multiple Cisco products. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review the following Cisco advisory and apply the necessary updates: Lasso SAM...