Lucene search
+L
CisaMost viewed

4188 matches found

CISA
CISA
added 2022/09/15 12:0 a.m.11 views

CISA and NSA Publish Open Radio Access Network Security Considerations

CISA and the National Security Agency NSA have published Open Radio Access Network Security Considerations. This product—generated by the Enduring Security Framework ESF Open Radio Access Network RAN Working Panel, a subgroup within the cross-sector working group—assessed the benefits and securit...

1.3AI score
Exploits0References4
CISA
CISA
added 2022/09/14 12:0 a.m.11 views

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly adde...

1.6AI score
Exploits0References5
CISA
CISA
added 2022/09/02 12:0 a.m.11 views

Mozilla Releases Security Update for Thunderbird

Mozilla has released security update to address a vulnerability in Thunderbird. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review the Mozilla security advisory for Thunderbird 102.2.1 and apply the necessary...

3.3AI score
Exploits0References1
CISA
CISA
added 2022/06/28 12:0 a.m.11 views

CISA Releases Guidance on Switching to Modern Auth in Exchange Online before October 1

CISA has released guidance on switching from Basic Authentication “Basic Auth” in Microsoft Exchange Online to Modern Authentication "Modern Auth" before Microsoft begins permanently disabling Basic Auth on October 1, 2022. Basic Auth is a legacy authentication method that does not support...

2AI score
Exploits0References5
CISA
CISA
added 2022/06/08 12:0 a.m.11 views

CISA Adds 36 Known Exploited Vulnerabilities to Catalog 

CISA has added 36 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added...

1.7AI score
Exploits0References5
CISA
CISA
added 2022/05/19 12:0 a.m.11 views

CISA Releases Analysis of FY21 Risk and Vulnerability Assessments

CISA has released an analysis and infographic detailing the findings from the 112 Risk and Vulnerability Assessments RVAs conducted across multiple sectors in Fiscal Year 2021 FY21. The analysis details a sample attack path comprising 11 successive tactics, or steps, a cyber threat actor could ta...

0.2AI score
Exploits0References1
CISA
CISA
added 2022/05/11 12:0 a.m.11 views

CISA Joins Partners to Release Advisory on Protecting MSPs and their Customers

The cybersecurity authorities of the United Kingdom, Australia, Canada, New Zealand, and the United States have released joint Cybersecurity Advisory CSA, Protecting Against Cyber Threats to Managed Service Providers and their Customers, to provide guidance on how to protect against malicious cyb...

1.4AI score
Exploits0References2
CISA
CISA
added 2022/05/11 12:0 a.m.11 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added...

1.6AI score
Exploits0References5
CISA
CISA
added 2022/05/04 12:0 a.m.11 views

CISA Adds Five Known Exploited Vulnerabilities to Catalog

CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly add...

1.7AI score
Exploits0References5
CISA
CISA
added 2022/05/04 12:0 a.m.11 views

Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird

Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Mozilla Security Advisory for Firefox 10...

2.7AI score
Exploits0References3
CISA
CISA
added 2022/04/19 12:0 a.m.11 views

Oracle Releases April 2022 Critical Patch Update

Oracle has released its Critical Patch Update for April 2022 to address 520 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Oracle April 2022...

2.5AI score
Exploits0References1
CISA
CISA
added 2022/04/15 12:0 a.m.11 views

VMware Releases Security Updates for Cloud Director

VMware has released security updates to address a remote code execution vulnerability in Cloud Director. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory VMSA-2022-0013 and apply the...

3.1AI score
Exploits0References1
CISA
CISA
added 2022/04/15 12:0 a.m.11 views

CISA Adds Nine Known Exploited Vulnerabilities to Catalog

CISA has added nine new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly add...

1.7AI score
Exploits0References5
CISA
CISA
added 2022/04/12 12:0 a.m.11 views

Microsoft Releases April 2022 Security Updates

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s April 2022 Security Update Summary and Deployment...

2AI score
Exploits0References2
CISA
CISA
added 2022/04/04 12:0 a.m.11 views

CISA Adds Four Known Exploited Vulnerabilities to Catalog

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly add...

1.6AI score
Exploits0References5
CISA
CISA
added 2022/03/29 12:0 a.m.11 views

Mitigating Attacks Against Uninterruptable Power Supply Devices

CISA and the Department of Energy DOE are aware of threat actors gaining access to a variety of internet-connected uninterruptable power supply UPS devices, often through unchanged default usernames and passwords. Organizations can mitigate attacks against their UPS devices, which provide emergen...

2.2AI score
Exploits0References1
CISA
CISA
added 2022/03/08 12:0 a.m.11 views

Microsoft Releases March 2022 Security Updates

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s March 2022 Security Update Summary and...

7.1AI score
Exploits0References2
CISA
CISA
added 2022/03/07 12:0 a.m.11 views

Mozilla Releases Security Updates for Multiple Products

Mozilla has released security updates to address vulnerabilities in multiple products. An attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Mozilla security advisory MFSA 2022-09 and apply the necessary updates...

7.1AI score
Exploits0References1
CISA
CISA
added 2022/02/09 12:0 a.m.11 views

2021 Trends Show Increased Globalized Threat of Ransomware

CISA, the Federal Bureau of Investigation FBI, the National Security Agency NSA, the Australian Cyber Security Centre ACSC, and the United Kingdom’s National Cyber Security Centre NCSC-UK have released a joint Cybersecurity Advisory CSA highlighting a global increase in sophisticated, high-impact...

6.7AI score
Exploits0References3
CISA
CISA
added 2021/12/15 12:0 a.m.11 views

Immediate Steps to Strengthen Critical Infrastructure against Potential Cyberattacks

In light of persistent and ongoing cyber threats, CISA urges critical infrastructure owners and operators to take immediate steps to strengthen their computer network defenses against potential cyberattacks. CISA has released CISA Insights: Preparing For and Mitigating Potential Cyber Threats to...

6.9AI score
Exploits0References2
CISA
CISA
added 2021/11/18 12:0 a.m.11 views

Drupal Releases Security Updates

Drupal has released security updates to address vulnerabilities that could affect versions 8.9, 9.1, and 9.2. An attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Drupal Security Advisory SA-CORE-2021-011 and app...

7AI score
Exploits0References1
CISA
CISA
added 2021/10/19 12:0 a.m.11 views

Oracle Releases October 2021 Critical Patch Update

Oracle has released its Critical Patch Update for October 2021 to address 419 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Oracle October 2021...

7.1AI score
Exploits0References1
CISA
CISA
added 2021/09/23 12:0 a.m.11 views

Cisco Releases Security Updates for Multiple Products

Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Cisco Security Advisories page and apply the necessary...

7.1AI score
Exploits0References1
CISA
CISA
added 2021/09/14 12:0 a.m.11 views

Citrix Releases Security Update for ShareFile Storage Zones Controller

Citrix has released a security update to address a vulnerability affecting Citrix ShareFile storage zones controller. A remote attacker can exploit this vulnerability to take control of an affected system. CISA recommends users and administrators review Citrix Security Bulletin CTX328123 and appl...

6.9AI score
Exploits0References1
CISA
CISA
added 2021/08/27 12:0 a.m.11 views

Microsoft Azure Cosmos DB Guidance

CISA is aware of a misconfiguration vulnerability in Microsoft’s Azure Cosmos DB that may have exposed customer data. The misconfiguration has been fixed within the Azure cloud, and Microsoft has notified the customers who potentially would have been impacted. CISA strongly encourages those Azure...

6.6AI score
Exploits0References2
CISA
CISA
added 2021/08/18 12:0 a.m.11 views

Google Releases Security Updates for Chrome

Google has released Chrome version 92.0.4515.159 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates. Th...

6.9AI score
Exploits0References1
CISA
CISA
added 2021/08/18 12:0 a.m.11 views

Mozilla Releases Security Updates

Mozilla has released security updates to address vulnerabilities in Firefox and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Mozilla Security Advisory for Firefox 91.0.1 and...

7.2AI score
Exploits0References1
CISA
CISA
added 2021/07/21 12:0 a.m.11 views

2021 CWE Top 25 Most Dangerous Software Weaknesses

The Homeland Security Systems Engineering and Development Institute, sponsored by the Department of Homeland Security and operated by MITRE, has released the 2021 Common Weakness Enumeration CWE Top 25 Most Dangerous Software Weaknesses list. The Top 25 uses data from the National Vulnerability...

7AI score
Exploits0References1
CISA
CISA
added 2021/05/27 12:0 a.m.11 views

Microsoft Announces New Campaign from NOBELIUM

The Microsoft Threat Intelligence Center MSTIC has released information on the uncovering of a widespread malicious email campaign undertaken by the activity group that Microsoft tracks as NOBELIUM. NOBELIUM was initially identified in November 2020, during an intrusion at a major cybersecurity...

6.7AI score
Exploits0References3
CISA
CISA
added 2021/05/13 12:0 a.m.11 views

WordPress Releases Security Update

WordPress versions between 3.7 and 5.7.1 are affected by a security vulnerability. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 5.7.2. This product is...

6.8AI score
Exploits0References1
CISA
CISA
added 2021/05/11 12:0 a.m.11 views

Juniper Networks Releases Security Updates

Juniper Networks has released security updates to address multiple vulnerabilities in various Juniper products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Juniper's 2021-05 Out-of-Cycle Security...

7.1AI score
Exploits0References1
CISA
CISA
added 2021/04/14 12:0 a.m.11 views

Threat Actors Targeting Cybersecurity Researchers

Google and Microsoft recently published reports on advanced persistent threat APT actors targeting cybersecurity researchers. The APT actors are using fake social media profiles and legitimate-looking websites to lure security researchers into visiting malicious websites to steal information,...

7AI score
Exploits0References6
CISA
CISA
added 2021/04/13 12:0 a.m.11 views

Apply Microsoft April 2021 Security Update to Mitigate Newly Disclosed Microsoft Exchange Vulnerabilities

Microsoft's April 2021 Security Update mitigates significant vulnerabilities affecting on-premises Exchange Server 2013, 2016, and 2019. An attacker could exploit these vulnerabilities to gain access and maintain persistence on the target host. CISA strongly urges organizations to apply Microsoft...

7.1AI score
Exploits0References7
CISA
CISA
added 2021/03/10 12:0 a.m.11 views

FBI-CISA Joint Advisory on Compromise of Microsoft Exchange Server

CISA and the Federal Bureau of Investigation FBI have released a Joint Cybersecurity Advisory CSA to address recently disclosed vulnerabilities in Microsoft Exchange Server. CISA and FBI assess that adversaries could exploit these vulnerabilities to compromise networks, steal information, encrypt...

7.1AI score
Exploits0References4
CISA
CISA
added 2021/03/04 12:0 a.m.11 views

Update to Alert on Mitigating Microsoft Exchange Server Vulnerabilities

CISA is aware of threat actors using open source tools to search for vulnerable Microsoft Exchange Servers and advises entities to investigate for signs of a compromise from at least September 1, 2020. CISA has updated the Alert on the Microsoft Exchange server vulnerabilities with additional...

6.8AI score
Exploits0References3
CISA
CISA
added 2021/02/03 12:0 a.m.11 views

Google Releases Security Updates for Chrome

Google has released Chrome version 88.0.4324.146 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that that an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the Chrome Release and apply the necessary...

7.1AI score
Exploits0References1
CISA
CISA
added 2021/01/28 12:0 a.m.11 views

Data Privacy Day

January 28 is Data Privacy Day DPD, an annual effort promoting data privacy awareness and education. This year’s DPD events, sponsored by the National Cyber Security Alliance NCSA, focus on how to Own Your Privacy. The NCSA teaches users how to protect valuable data online, while encouraging...

6.6AI score
Exploits0References3
CISA
CISA
added 2021/01/12 12:0 a.m.11 views

Microsoft Releases January 2021 Security Updates

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s January 2021 Security Update Summary and...

7.2AI score
Exploits0References2
CISA
CISA
added 2020/12/08 12:0 a.m.11 views

CERT/CC Releases Information on Vulnerabilities Affecting Open-Source TCP/IP Stacks

The CERT Coordination Center CERT/CC has released information on 33 vulnerabilities, known as AMNESIA:33, affecting multiple embedded open-source Transmission Control Protocol/Internet Protocol TCP/IP stacks. A remote attacker could exploit some of these vulnerabilities to take control of an...

7AI score
Exploits0References2
CISA
CISA
added 2020/12/08 12:0 a.m.11 views

OpenSSL Releases Security Update

OpenSSL has released a security update to address a vulnerability affecting all versions of 1.0.2 and 1.1.1 released before version 1.1.1i. An attacker could exploit this vulnerability to cause a denial-of-service condition. The Cybersecurity and Infrastructure Security Agency CISA encourages use...

6.6AI score
Exploits0References1
CISA
CISA
added 2020/11/10 12:0 a.m.11 views

Microsoft Releases November 2020 Security Updates

Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review Microsoft’s...

7AI score
Exploits0References2
CISA
CISA
added 2020/11/05 12:0 a.m.11 views

Cisco Releases Security Updates for Multiple Products

Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the Cis...

7.1AI score
Exploits0References1
CISA
CISA
added 2020/10/02 12:0 a.m.11 views

Department of Treasury Releases Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments

The U.S. Department of the Treasury’s Office of Foreign Assets Control OFAC has released an Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments. Financial institutions, cyber insurance firms, and companies that facilitate payments on behalf of victims may be violating OFAC...

6.9AI score
Exploits0References2
CISA
CISA
added 2020/09/16 12:0 a.m.11 views

Adobe Releases Security Update for Media Encoder

Adobe has released a security update to address vulnerabilities in Media Encoder. An attacker could exploit these vulnerabilities to obtain sensitive information. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the Adobe Security Bulletin an...

6.7AI score
Exploits0References1
CISA
CISA
added 2020/09/14 12:0 a.m.11 views

Chinese Government-affiliated Malicious Cyber Actors Targeting U.S. Government Agencies

The Cybersecurity and Infrastructure Security Agency CISA and Federal Bureau of Investigation FBI have issued an advisory about Chinese Ministry of State Security MSS-affiliated cyber threat actors targeting U.S. government agencies. Through the National Cybersecurity Protection System, CISA has...

6.7AI score
Exploits0References2
CISA
CISA
added 2020/09/08 12:0 a.m.11 views

Microsoft Releases September 2020 Security Updates

Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review Microsoft’s...

7AI score
Exploits0References2
CISA
CISA
added 2020/09/04 12:0 a.m.11 views

DoS and DDoS Attacks against Multiple Sectors

The Cybersecurity and Infrastructure Security Agency CISA is aware of open-source reporting of targeted denial-of-service DoS and distributed denial-of-service DDoS attacks against finance and business organizations worldwide. A DoS attack is accomplished by flooding the targeted host or network...

6.8AI score
Exploits0References2
CISA
CISA
added 2020/08/31 12:0 a.m.11 views

National Insider Threat Awareness Month

September is National Insider Threat Awareness Month NIATM, which is a collaborative effort between the National Counterintelligence and Security Center NCSC, National Insider Threat Task Force NITTF, Office of the Under Secretary of Defense Intelligence and Security USDI&S, Department of Homelan...

6.7AI score
Exploits0References5
CISA
CISA
added 2020/08/19 12:0 a.m.11 views

Google Releases Security Updates for Chrome

Google has released Chrome version 84.0.4147.135 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the...

6.7AI score
Exploits0References1
CISA
CISA
added 2020/07/30 12:0 a.m.11 views

Cisco Releases Security Updates for Multiple Products

Cisco has released security updates to address vulnerabilities affecting multiple products. An unauthenticated, remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and...

7.6AI score
Exploits0References8
Total number of security vulnerabilities4188