4188 matches found
Cisco Releases May 2024 Cisco ASA, FMC, and FTD Software Security Publication
Cisco released a bundled publication for security advisories that address vulnerabilities in Cisco Adaptive Security Appliance ASA, Firepower Management Center FMC, and Firepower Threat Defense FTD software. A cyber threat actor could exploit one of these vulnerabilities to take control of an...
CISA and Partners Release Guidance for Civil Society Organizations on Mitigating Cyber Threats with Limited Resources
CISA, in partnership with the Department of Homeland Security DHS, the Federal Bureau of Investigation FBI and international partners, released Mitigating Cyber Threats with Limited Resources: Guidance for Civil Society. The joint guidance provides civil society organizations and individuals with...
CISA Releases Four Industrial Control Systems Advisories
CISA released four Industrial Control Systems ICS advisories on May 09, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-130-01 Rockwell Automation FactoryTalk Historian SE ICSA-24-130-02 alpitronic Hypercharge...
CISA and Partners Release Fact Sheet on Defending OT Operations Against Ongoing Pro-Russia Hacktivist Activity
Today, CISA, in collaboration with U.S. and international partners, published a joint fact sheet, Defending OT Operations Against Ongoing Pro-Russia Hacktivist Activity. This fact sheet provides information and mitigations associated with cyber operations conducted by pro-Russia hacktivists who...
Cisco Releases Security Advisories for Cisco Integrated Management Controller
Cisco has released security advisories for vulnerabilities in the Cisco integrated management controller. A remote cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. Users and administrators are encouraged to review the following advisories and...
CISA Releases Three Industrial Control Systems Advisories
CISA released three Industrial Control Systems ICS advisories on April 18, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-109-01 Unitronics Vision Series PLCs ICSA-21-287-03 Mitsubishi Electric MELSEC iQ-R...
CISA Publishes New Webpage Dedicated to Providing Resources for High-Risk Communities
Today, CISA published a new dedicated High-Risk Communities webpage comprised of cybersecurity resources to support civil society communities at heighted risk of digital security threats, including cyber hygiene guidance, a repository of local cyber volunteer programs, and free or discounted tool...
CISA Adds One Known Exploited JetBrains Vulnerability, CVE-2024-27198, to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-27198 JetBrains TeamCity Authentication Bypass Vulnerability CISA urges organizations to review the following JetBrains blog post and apply the necessary updates...
Adobe Releases Security Updates for Multiple Products
Adobe has released security updates to address vulnerabilities in Adobe software. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessa...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-4762 Google Chromium V8 Type Confusion Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant...
CISA Issues Emergency Directive on Ivanti Vulnerabilities
CISA has issued Emergency Directive ED 24-01 Mitigate Ivanti Connect Secure and Ivanti Policy Secure Vulnerabilities in response to active vulnerabilities in the following Ivanti products: Ivanti Connect Secure and Ivanti Policy Secure. ED 24-01 directs all Federal Civilian Executive Branch FCEB...
CISA Secure by Design Alert Urges Manufacturers to Eliminate Default Passwords
Today, CISA published guidance on How Manufacturers Can Protect Customers by Eliminating Default Passwords as a part of our new Secure by Design SbD Alert series. This SbD Alert urges technology manufacturers to proactively eliminate the risk of default password exploitation by implementing...
CISA Releases First Secure by Design Alert
Today, CISA published guidance on How Software Manufacturers Can Shield Web Management Interfaces From Malicious Cyber Activity as a part of a new Secure by Design SbD Alert series. This SbD Alert urges software manufacturers to proactively prevent the exploitation of vulnerabilities in web...
Adobe Releases Security Updates for ColdFusion
On Nov. 14, 2023, Adobe released security updates addressing vulnerabilities affecting unpatched ColdFusion software. Exploitation of some of these vulnerabilities may allow a malicious cyber actor to take control of an affected system. CISA urges organizations to review Adobe ColdFusion security...
Cisco Releases Security Advisories for Multiple Products
Cisco released security advisories for vulnerabilities affecting multiple Cisco products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories and apply the necessary...
CISA Releases Fact Sheet on Effort to Revise the National Cyber Incident Response Plan (NCIRP)
Today, the Cybersecurity and Infrastructure Security Agency CISA released a fact sheet on the effort to revise the National Cyber Incident Response Plan NCIRP. Through the Joint Cyber Defense Collaborative JCDC, CISA will work to ensure that the updated NCIRP addresses significant changes in poli...
Apple Releases Security Updates for Multiple Products
Apple has released security updates to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories and apply the necessary updates...
Mozilla Releases Security Advisories for Thunderbird and Firefox
Mozilla has released security updates to address vulnerabilities for Thunderbird 115.3, Firefox ESR 115.3, and Firefox 118. A cyber threat actor could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Mozilla security advisorie...
CISA Releases Six Industrial Control Systems Advisories
CISA released six Industrial Control Systems ICS advisories on September 26, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-269-01 Suprema BioStar 2 ICSA-23-269-02 Hitachi Energy Asset Suite 9 ICSA-23-269-03...
Mozilla Releases Security Updates for Multiple Products
Mozilla has released security updates to address a vulnerability affecting Firefox, Firefox ESR, and Thunderbird. A cyber threat actor can exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review Mozilla’s advisory MFSA 2023-40link is...
Adobe Releases Security Updates for Multiple Products
Adobe has released security updates to address vulnerabilities affecting Adobe software. A cyber threat actor can exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the...
CISA, NSA, and NIST Publish Factsheet on Quantum Readiness
Today, the Cybersecurity and Infrastructure Security Agency CISA, National Security Agency NSA and National Institute of Standards and Technology NIST released a joint factsheet, Quantum-Readiness: Migration to Post-Quantum Cryptography PQC, to inform organizations—especially those that support...
CISA, NSA, FBI, and International Partners Release Joint CSA on Top Routinely Exploited Vulnerabilities of 2022
The U.S. Cybersecurity and Infrastructure Security Agency CISA, National Security Agency NSA, Federal Bureau of Investigation FBI, and international partners are releasing a joint Cybersecurity Advisory CSA, 2022 Top Routinely Exploited Vulnerabilities. This advisory provides details on the top...
Ivanti Releases Security Updates for EPMM to address CVE-2023-35081
Ivanti has identified and released patches for a directory traversal vulnerabilitylink is external CVE-2023-35081, CWE-22link is external in Ivanti Endpoint Manager Mobile EPMM. This vulnerability allows an authenticated attacker to write arbitrary files with the operating system privileges of th...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-38606 Apple Multiple Products Kernel Unspecified Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose...
Citrix Releases Security Updates for NetScaler ADC and Gateway
Citrix has released security updates to address vulnerabilities CVE-2023-3519, CVE-2023-3466, and CVE-2023-3467 affecting NetScaler ADC and NetScaler Gatewaylink is external. An attacker can exploit one of these vulnerabilities to take control of an affected system. According to Citrix,...
CISA Releases Seven Industrial Control Systems Advisories
CISA released seven Industrial Control Systems ICS advisories on July 18, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-199-01 Rockwell Automation Kinetix 5700 DC Bus Power Supply Series A ICSA-23-199-02...
CISA Releases Four Industrial Control Systems Advisories
CISA released four Industrial Control Systems ICS advisories on July 11, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-192-01 Rockwell Automation Enhanced HIM ICSA-23-192-02 Sensormatic Electronics iSTAR...
CISA and NSA Release Joint Guidance on Defending Continuous Integration/Continuous Delivery (CI/CD) Environments
Today, CISA, together with the National Security Agency NSA, released a Cybersecurity Information Sheet CSI to provide recommendations and best practices for organizations to strengthen the security of their CI/CD pipelines against the threat of malicious cyber actors MCAs. Recognizing the variou...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-27997 Fortinet FortiOS Heap-Based Buffer Overflow Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose...
Fortinet Releases Security Updates for FortiOS and FortiProxy
Fortinet has released security updates to address a heap-based buffer overflow vulnerability CVE-2023-27997 in FortiOS and FortiProxy. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review Fortinet security advisory...
Juniper Networks Releases Security Updates
Juniper Networks has released security updates to address vulnerabilities affecting Junos OSlink is external, Paragon Active Assurance PAAlink is external, and Juniper Secure Analytics JSA Serieslink is external. An attacker could exploit some of these vulnerabilities to take control of an affect...
Cisco Releases Security Advisories for Multiple Products
Cisco released security updates for vulnerabilities affecting multiple products. A remote attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Cisco Security Advisories page and apply the necessary updates. This...
CISA Releases One Industrial Control Systems Advisory
CISA released one Industrial Control Systems ICS advisory on January 31, 2023. This advisory provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisory for technical...
VMware Releases Security Updates
VMware has released security updates to address multiple vulnerabilities in VMware Workspace ONE Assist. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory VMSA-2022-0028 a...
Apple Releases Security Updates for Multiple Products
Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected device. CISA encourages users and administrators to review the Apple security updates page for the following products and app...
Mozilla Releases Security Updates for Firefox
Mozilla has released security updates to address vulnerabilities in Firefox ESR and Firefox. An attacker could exploit these vulnerabilities to cause denial-of-service conditions. CISA encourages users and administrators to review Mozilla’s security advisories for Firefox ESR 102.4 and Firefox 10...
CISA Updates Advisory on Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite
CISA and the Multi-State Information Sharing & Analysis Center MS-ISAC have updated joint Cybersecurity Advisory AA22-228A: Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite, originally released August 16, 2022. The advisory has been updated to reference the addition of a...
CISA Releases Two Industrial Control Systems Advisories
CISA released two 2 Industrial Control Systems ICS advisories on October 06, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for...
CISA Issues Binding Operational Directive 23-01: Improving Asset Visibility and Vulnerability Detection on Federal Networks
CISA has issued Binding Operational Directive BOD 23-01: Improving Asset Visibility and Vulnerability Detection on Federal Networks, which seeks improve asset visibility and vulnerability enumeration across the federal enterprise. Although BOD 23-01 is only applicable to federal civilian executiv...
#StopRansomware: Vice Society
CISA, the Federal Bureau of Investigation FBI, and the Multi-State Information Sharing and Analysis Center MS-ISAC have released a joint Cybersecurity Advisory CSA, StopRansomware: Vice Society, to disseminate tactics, techniques, and procedures TTPs and indicators of compromise IOCs associated...
CISA Updates Advisory on Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite
CISA and the Multi-State Information Sharing & Analysis Center MS-ISAC have updated joint Cybersecurity Advisory AA22-228A: Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite, originally released August 16, 2022. The advisory has been updated to include additional detection...
CISA releases 7 Industrial Control Systems Advisories
CISA has released 7 Industrial Control Systems ICS advisories on August 23, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for...
CISA Adds One Known Exploited Vulnerabilities to Catalog
CISA has added a new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added...
Apple Releases Security Updates for Multiple Products
Apple has released security updates to address vulnerabilities in macOS Monterey, iOS and iPadOS, and Safari. An attacker could exploit one of these vulnerabilities to take control of an affected device. CISA encourages users and administrators to review the Apple security updates page for the...
CISA Adds Seven Known Exploited Vulnerabilities to Catalog
CISA has added seven new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly...
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly adde...
Drupal Releases Security Update
Drupal has released security updates to address vulnerabilities affecting Drupal 9.3 and 9.4. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Drupal security advisory SA-CORE-2022-015 and apply the...
OpenSSL Releases Security Update
OpenSSL has released a security update to address a vulnerability affecting OpenSSL 3.0.4. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review the OpenSSL advisory and upgrade to the appropriate version. This produ...
Adobe Releases Security Updates for Multiple Products
Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary...