4188 matches found
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added...
CISA and FBI Update Advisory on Destructive Malware Targeting Organizations in Ukraine
CISA and the Federal Bureau of Investigation FBI have updated joint Cybersecurity Advisory AA22-057A: Destructive Malware Targeting Organizations in Ukraine, originally released February 26, 2022. The advisory has been updated to include additional indicators of compromise for WhisperGate and...
Cisco Releases Security Updates for Multiple Products
Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. CISA encourages...
CISA Releases Security Advisories for Rockwell Automation Products
CISA has released two Industrial Controls Systems Advisories ICSAs detailing vulnerabilities in Rockwell Automation products. An attacker could exploit these vulnerabilities to inject code on affected system. CISA encourages users and administrators to review ICSA-22-090-05: Rockwell Automation...
Google Releases Security Updates for Chrome
Google has released Chrome version 98.0.4758.102 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. One of these vulnerabilities has been detected in exploits in the wild. CISA encourages users and administrato...
Adobe Releases Security Updates for Commerce and Magento Open Source
Adobe has released security updates to address a vulnerability affecting Adobe Commerce and Magento Open Source. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability has been detected in exploits in the wild. CISA encourages users and administrato...
CISA Releases Final Version of Guidance: IPv6 Considerations for TIC 3.0
CISA has released the final version of Internet Protocol version 6 IPv6 Considerations for Trusted Internet Connections TIC 3.0. This guidance supports the federal government-wide deployment and use of the modernized network protocol. The final version includes feedback provided during the public...
F5 Releases January 2022 Quarterly Security Notification
F5 has released its January 2022 Quarterly Security Notification addressing vulnerabilities affecting multiple versions of BIG-IP, BIG-IQ, and NGINX Controller API Management. A remote attacker could exploit these vulnerabilities to either deny service to, or take control of, an affected system...
CISA Urges Organizations to Implement Immediate Cybersecurity Measures to Protect Against Potential Threats
In response to recent malicious cyber incidents in Ukraine—including the defacement of government websites and the presence of potentially destructive malware on Ukrainian systems—CISA has published CISA Insights: Implement Cybersecurity Measures Now to Protect Against Potential Critical Threats...
Apple Releases Security Updates for iOS and iPadOS
Apple has released security updates to address a vulnerability affecting iOS 15.2.1 and iPadOS 15.2.1. An attacker could exploit this vulnerability to cause a denial-of-service condition. CISA encourages users and administrators to review the Apple security page for iOS 15.2.1 and iPadOS 15.2.1 a...
Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird
Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Mozilla security advisories for Firefox...
CISA Releases Advisory on Vulnerabilities in Multiple Data Distribution Service Implementations
CISA has released an Industrial Control Systems Advisory ICSA related to a public report detailing vulnerabilities found in multiple open-source and proprietary Object Management Group OMG Data-Distribution Service DDS implementations. Successful exploitation of these vulnerabilities could result...
VMware Releases Security Update for Tanzu Application Service for VMs
VMware has released a security update to address a vulnerability in Tanzu Application Service for VMs. A remote attacker could exploit this vulnerability to cause a denial-of-service condition. CISA encourages users and administrators to review VMware Security Advisory VMSA-2021-0026 and apply th...
Apple Releases Security Update for iCloud for Windows 13
Apple has released a security update to address multiple vulnerabilities in iCloud for Windows 13. An attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Apple security page and apply the necessary update. This...
SAP Releases November 2021 Security Updates
SAP has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the SAP Security Notes for November 2021 and apply the...
Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird
Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Mozilla security advisories for Firefox...
Google Releases Security Updates for Chrome
Google has released Chrome version 95.0.4638.69 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. Some of these vulnerabilities have been detected in exploits in the wild. CISA encourages users and...
Adobe Releases Security Updates for Multiple Products
Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Adobe’s Security Bulletins and apply the necessary updates...
GPS Daemon (GPSD) Rollover Bug
Critical Infrastructure CI owners and operators, and other users who obtain Coordinated Universal Time UTC from Global Positioning System GPS devices, should be aware of a GPS Daemon GPSD bug in GPSD versions 3.20 released December 31, 2019 through 3.22 released January 8, 2021. On October 24,...
Juniper Networks Releases Security Updates for Multiple Products
Juniper Networks has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Juniper Networks security advisories page an...
Adobe Releases Security Updates for Multiple Products
Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessa...
Adobe Releases Security Updates for Multiple Products
Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Adobe’s Security Bulletins and apply the necessary updates...
SAP Releases September 2021 Security Updates
SAP has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the SAP Security Notes for September 2021 and apply the...
Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird
Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Mozilla security advisories for Firefox...
VMware Releases Security Updates for Multiple Products
VMware has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory VMSA-2021-0018 and apply the necessary...
Hurricane-Related Scams
CISA warns users to remain on alert for malicious cyber activity targeting potential disaster victims and charitable donors following a hurricane. Fraudulent emails—often containing malicious links or attachments—are common after major natural disasters. Exercise caution in handling emails with...
Drupal Releases Security Updates
Drupal has released security updates to address vulnerabilities that could affect versions 8.9, 9.1, and 9.2. An attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Drupal Security Advisory SA-CORE-2021-005 and app...
CISA Releases Security Advisory for InterNiche Products
CISA has released an Industrial Control Systems ICS advisory detailing multiple vulnerabilities in InterNiche products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the ICS Advisory ICSA-21-217-01...
Apple Releases Security Updates
Apple has released security updates to address a vulnerability in multiple products. An attacker could exploit this vulnerability to take control of an affected device. CISA encourages users and administrators to review the security update page for the following products and apply the necessary...
Juniper Networks Releases Security Updates for Multiple Products
Juniper Networks has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Juniper Networks security advisories page an...
Kaseya Ransomware Attack: Guidance and Resources
CISA has created a webpage to provide information and guidance for the recent ransomware attack against Kaseya customers that include managed service providers MSPs and customers of those MSPs. CISA encourages affected organizations to review Kaseya Ransomware Attack: Guidance for Affected MSPs a...
Mozilla Releases Security Updates for Firefox
Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Mozilla Security Advisory for Firefox 90 and Firefox E...
Citrix Releases Security Updates for Hypervisor
Citrix has released security updates to address vulnerabilities in Hypervisor. An attacker could exploit these vulnerabilities to cause a denial-of-service condition. CISA encourages users and administrators to review Citrix Security Update CTX316325 and apply the necessary updates. This product ...
Adobe Releases Security Updates for Multiple Products
Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Adobe’s Security Bulletins and apply the necessary updates...
SAP Releases June 2021 Security Updates
SAP has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the SAP Security Notes for June 2021 and apply the necessary...
Joint CISA-FBI Cybersecurity Advisory on Sophisticated Spearphishing Campaign
CISA and the Federal Bureau of Investigation FBI are responding to an ongoing spearphishing campaign targeting government organizations, intergovernmental organizations, and non-governmental organizations. A sophisticated cyber threat actor leveraged a compromised end-user account from Constant...
Citrix Releases Security Updates for Workspace App for Windows
Citrix has released security updates to address a vulnerability in Citrix Workspace App for Windows. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review Citrix Security Update CTX307794 and apply the necessary...
VMware Releases Security Update
VMware has released a security update to address a vulnerability in VMware vRealize Business for Cloud. A remote attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory VMSA-2021-0007 and apply th...
Codecov Releases New Detections for Supply Chain Compromise
CISA is aware of a compromise of the Codecov software supply chain in which a malicious threat actor made unauthorized alterations of Codecov’s Bash Uploader script, beginning on January 31, 2021. Upon discovering the compromise on April 1, 2021, Codecov immediately remediated the affected script...
Drupal Releases Security Updates
Drupal has released security updates to address a vulnerability affecting Drupal 7, 8.9, 9.0, and 9.1. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review Drupal Advisory SA-CORE-2021-002 and apply the necessary...
Adobe Releases Security Updates
Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary...
Updates on Microsoft Exchange Server Vulnerabilities
CISA has added two new Malware Analysis Reports MARs to Alert AA21-062A: Mitigate Microsoft Exchange Server Vulnerabilities. MAR-10331466-1.v1: China Chopper Webshell identifies a China Chopper webshell observed in post-compromised Microsoft Exchange Servers. After successfully exploiting a...
Apple Releases Security Updates
Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Apple security pages for the following products and apply the...
VMware Releases Security Update
VMware has released a security update to address a vulnerability in View Planner. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory VMSA-2021-0003 and apply the necessary update. This...
CISA Releases Free Detection Tool for Azure/M365 Environment
CISA has created a free tool for detecting unusual and potentially malicious activity that threatens users and applications in an Azure/Microsoft O365 environment. The tool is intended for use by incident responders and is narrowly focused on activity that is endemic to the recent identity- and...
NCSC Releases 2020 Annual Review
The United Kingdom UK National Cyber Security Centre NCSC has released its Annual Review 2020, which focuses on its response to evolving and challenging cyber threats. Recognizing cybersecurity as a “team sport,” the publication includes highlights of NCSC’s collaboration with many partners,...
Mozilla Releases Security Update for Thunderbird
Mozilla has released a security update to address a vulnerability in Thunderbird. An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the Mozilla Security Adviso...
CISA and FBI Release Joint Advisories Regarding Russian and Iranian APT Actors
The Cybersecurity and Infrastructure Security Agency CISA and the Federal Bureau of Investigation FBI have released two joint cybersecurity advisories on widespread advanced persistent threat APT activity. Joint Cybersecurity Advisory: AA20-296A Russian State-Sponsored Advanced Persistent Threat...
VMware Releases Security Updates for Multiple Products
VMware has released security updates to address vulnerabilities affecting multiple products. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review...
Juniper Networks Releases Security Updates for Multiple Products
Juniper Networks has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to...