4188 matches found
Oracle Releases Critical Patch Update Advisory for April 2024
Oracle released its quarterly Critical Patch Update Advisory for April 2024 to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. Users and administrators are encouraged to review the following...
Juniper Networks Releases Security Bulletin for Multiple Juniper Products
Juniper Networks released security updates to address multiple vulnerabilities in Junos OS, Junos OS Evolved, Paragon Active Assurance and Junos OS: EX4300 Series. A cyber threat actor could exploit some of these vulnerabilities to cause a denial-of-service condition. Users and administrators are...
CISA Releases Two Industrial Control Systems Advisories
CISA released two Industrial Control Systems ICS advisories on April 4, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-095-01 Hitachi Energy Asset Suite 9 ICSA-24-095-02 Schweitzer Engineering Laboratories SE...
Cisco Releases Security Updates for Multiple Products
Cisco released security updates to address vulnerabilities in Cisco IOS, IOS XE, and AP software. A cyber threat actor could exploit some of these vulnerabilities to cause a denial-of-service. CISA encourages users and administrators to review the following advisories and apply the necessary...
CISA and Partners Release Joint Fact Sheet for Leaders on PRC-sponsored Volt Typhoon Cyber Activity
Today, CISA, the National Security Agency NSA, Federal Bureau of Investigation FBI, and other U.S. and international partners are issuing a joint fact sheet, People’s Republic of China State-Sponsored Cyber Activity: Actions for Critical Infrastructure Leaders. Partners of this publication includ...
CISA Releases One Industrial Control Systems Advisory
CISA released one Industrial Control Systems ICS advisory on March 19, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-079-01 Franklin Fueling System EVO 550/5000 CISA encourages users and administrators to...
Repository for Software Attestation and Artifacts Now Live
Software producers who partner with the federal government can now upload their Secure Software Development Attestation Forms to CISA's Repository for Software Attestation and Artifacts. Software producers that provide the government software can fill out the form to attest to implementation of...
Cisco Releases Security Updates for IOS XR Software
Cisco released security updates to address vulnerabilities in Cisco IOS XR software. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected device. CISA encourages users and administrators to review the following advisories and apply the necessary updates:...
Microsoft Releases Security Updates for Multiple Products
Microsoft has released security updates to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following and apply the necessary updates:...
CISA Releases One Industrial Control Systems Advisory
CISA released one Industrial Control Systems ICS advisory on March 12, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-072-01 Schneider Electric EcoStruxure Power Design CISA encourages users and administrator...
CISA Publishes SCuBA Hybrid Identity Solutions Guidance
CISA has published Secure Cloud Business Applications SCuBA Hybrid Identity Solutions Guidance HISG to help users better understand identity management capabilities and securely integrate their traditional on-premises enterprise networks with cloud-based solutions. This initial publication reflec...
Adobe Releases Security Updates for Multiple Products
Adobe released security updates to address multiple vulnerabilities in Adobe software. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the...
CISA Releases One Industrial Control Systems Advisory
CISA released one Industrial Control Systems ICS advisory on March 7, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-067-01 Chirp Systems Chirp Access CISA encourages users and administrators to review the...
CISA Releases Two Industrial Control Systems Advisories
CISA released two Industrial Control Systems ICS advisories on February 29, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-060-01 Delta Electronics CNCSoft-B ICSMA-24-060-01 MicroDicom DICOM Viewer CISA...
CISA Releases Two Industrial Control Systems Advisories
CISA released two Industrial Control Systems ICS advisories on February 27, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-058-01 Mitsubishi Electric Multiple Factory Automation Products ICSMA-24-058-01...
Updated: Top Cyber Actions for Securing Water Systems
Today, CISA, the Environmental Protection Agency EPA, and the Federal Bureau of Investigation FBI updated the joint fact sheet Top Cyber Actions for Securing Water Systems. This update includes additional resources—from American Water Works Association, the WaterISAC, and MS-ISAC—to support water...
CISA Releases One Industrial Control Systems Advisory
CISA released one Industrial Control Systems ICS advisory on February 22, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-053-01 Delta Electronics CNCSoft-B DOPSoft CISA encourages users and administrators to...
CISA Releases Three Industrial Control Systems Advisories
CISA released three Industrial Control Systems ICS advisories on February 20, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-051-01 Commend WS203VICM ICSA-24-051-02 Ethercat Zeek Plugin ICSA-24-051-03...
CISA and MS-ISAC Release Advisory on Compromised Account Used to Access State Government Organization
Today, CISA and the Multi-State Information Sharing & Analysis Center MS-ISAC released a joint Cybersecurity Advisory CSA, Threat Actor Leverages Compromised Account of Former Employee to Access State Government Organization to provide network defenders with the tactics, techniques, and procedure...
Priorities of the Joint Cyber Defense Collaborative for 2024
Today, CISA—on behalf of the collective group of industry and government partners that comprise the Joint Cyber Defense Collaborative JCDC—released JCDC’s 2024 Priorities. Similar to the 2023 JCDC Planning Agenda, JCDC’s 2024 Priorities will help focus the collective group on developing high-impa...
Guidance: Assembling a Group of Products for SBOM
Today, CISA published Guidance on Assembling a Group of Products created by the Software Bill of Materials SBOM Tooling & Implementation Working Group, one of the five SBOM community-driven workstreams facilitated by CISA. CISA’s community-driven working groups publish documents and reports to...
CISA Releases Nine Industrial Control Systems Advisories
CISA released nine Industrial Control Systems ICS advisories on January 11, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-011-03 Rapid Software LLC Rapid SCADA ICSA-24-011-04 Horner Automation Cscape...
CISA Releases Three Industrial Control Systems Advisories
CISA released three Industrial Control Systems ICS advisories on January 4, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-004-01 Rockwell Automation FactoryTalk Activation ICSA-24-004-02 Mitsubishi Electric...
CISA Releases Two Industrial Control Systems Advisories
CISA released two Industrial Control Systems ICS advisories on December 21, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-355-01 FXC AE1021/AE1021PE ICSA-23-355-02 QNAP VioStor NVR CISA encourages users and...
CISA Releases Microsoft 365 Secure Configuration Baselines and SCuBAGear Tool
CISA has published the finalized Microsoft 365 Secure Configuration Baselines, designed to bolster the security and resilience of organizations’ Microsoft 365 M365 cloud services. This guidance release is accompanied by the updated SCuBAGear toollink is external that assesses organizations’ M365...
Apple Releases Security Updates for Multiple Products
Apple has released security updates for Safari, iOS and iPadOS, Sonoma, Ventura, and Monterey to address multiple vulnerabilities. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the followin...
CISA Releases SCuBA Google Workspace Secure Configuration Baselines for Public Comment
Today, CISA released the draft Secure Cloud Business Applications SCuBA Google Workspace GWS Secure Configuration Baselines and the associated assessment tool ScubaGoggleslink is external for public comment. The draft baselines offer minimum viable security configurations for nine GWS services:...
Microsoft Releases Security Updates for Multiple Products
Microsoft has released security updates to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s December Security Update Guidelink is...
CISA Releases Five Industrial Control Systems Advisories
CISA released five Industrial Control Systems ICS advisories on December 7, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-341-01 Mitsubishi Electric FA Engineering Software Products ICSA-23-341-02 Schweitzer...
CISA Releases Joint Guide for Software Manufacturers: The Case for Memory Safe Roadmaps
Today, as part of the Secure by Design campaign, CISA published The Case for Memory Safe Roadmaps: Why Both C-Suite Executives and Technical Experts Need to Take Memory Safe Coding Seriously in collaboration with the following partners: United States National Security Agency United States Federal...
CISA Releases The Mitigation Guide: Healthcare and Public Health (HPH) Sector
Today, CISA released the Mitigation Guide: Healthcare and Public Health HPH Sector as a supplemental companion to the HPH Cyber Risk Summary, published July 19, 2023. This guide provides defensive mitigation strategy recommendations and best practices to combat pervasive cyber threats affecting...
CISA Releases Fourteen Industrial Control Systems Advisories
CISA released fourteen Industrial Control Systems ICS advisories on November 16, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-320-01 Red Lion Sixnet RTUs ICSA-23-320-02 Hitachi Energy MACH System Software...
CISA Releases Two Industrial Control Systems Advisories
CISA released two Industrial Control Systems ICS advisories on November 14, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-318-01 AVEVA Operations Control Logger ICSA-23-318-02 Rockwell Automation SIS...
CISA Releases Update to Royal Ransomware Advisory
Today, the Federal Bureau of Investigation FBI and the Cybersecurity and Infrastructure Security Agency CISA released an update to joint Cybersecurity Advisory CSA StopRansomware: Royal Ransomware. The updated advisory provides network defenders with additional information on tactics, techniques,...
CISA, NSA, and Partners Release New Guidance on Securing the Software Supply Chain
Today, CISA, the National Security Agency NSA, and partners released Securing the Software Supply Chain: Recommended Practices for Software Bill of Materials Consumption. Developed through the Enduring Security Framework ESF, this guidance provides software developers and suppliers with industry...
Mozilla Releases Security Advisories for Multiple Products
Mozilla has released security updates to address vulnerabilities in Firefox and Thunderbird. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Mozilla advisories for more...
Oracle Releases October 2023 Critical Patch Update Advisory
Oracle has released its Critical Patch Update Advisory for October 2023 to address 387 vulnerabilities across multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Oracle...
FBI and CISA Release Update on AvosLocker Advisory
Today, the Federal Bureau of Investigation FBI and the Cybersecurity and Infrastructure Security Agency CISA released a joint Cybersecurity Advisory CSA, StopRansomware: AvosLocker Ransomware Update to disseminate known indicators of compromise IOCs, tactics, techniques, and procedures TTPs, and...
Apple Releases Security Updates for iOS and iPadOS
Apple has released security updates to address vulnerabilities in iOS and iPadOS. A cyber threat actor could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisory and apply the necessary updates: iOS 17.0.3 a...
NSA and CISA Release Advisory on Top Ten Cybersecurity Misconfigurations
Today, the National Security Agency NSA and Cybersecurity and Infrastructure Security Agency CISA released a joint cybersecurity advisory CSA, NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations, which provides the most common cybersecurity misconfigurations in large...
Cisco Releases Security Advisories for Multiple Products
Cisco released security advisories for vulnerabilities affecting multiple Cisco products. A remote cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories and apply the necessa...
Apple Releases Security Updates for Multiple Products
Apple has released security updates to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected device. CISA encourages users and administrators to review the following advisories and apply the necessary updates...
CISA Releases Four Industrial Control Systems Advisories
CISA released four Industrial Control Systems ICS advisories on September 19, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-262-01 Siemens SIMATIC PCS neo Administration Console ICSA-23-262-03 Omron...
CISA Releases its Open Source Software Security Roadmap
Today, CISA released an Open Source Software Security Roadmap to lay out—in alignment with the National Cybersecurity Strategy and the CISA Cybersecurity Strategic Plan—how we will partner with federal agencies, open source software OSS consumers, and the OSS community, to secure OSS...
NSA, FBI, and CISA Release Cybersecurity Information Sheet on Deepfake Threats
Today, the National Security Agency NSA, the Federal Bureau of Investigation FBI, and the Cybersecurity and Infrastructure Security Agency CISA released a Cybersecurity Information Sheet CSI, Contextualizing Deepfake Threats to Organizations, which provides an overview of synthetic media threats,...
Cisco Releases Security Advisories for Multiple Products
Cisco has released security advisories to address vulnerabilities affecting multiple Cisco products. A cyber threat actor can exploit some of these vulnerabilities to take control of an affected system or cause a denial-of service condition. CISA encourages users and administrators to review the...
CISA Releases Four Industrial Control Systems Advisories
CISA released four Industrial Control Systems ICS advisories on September 7, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-250-01 Dover Fueling Solutions MAGLINK LX Console ICSA-23-250-02 Phoenix Contact TC...
VMware Releases Security Updates for Aria Operations for Networks
VMware has released security updates to address multiple vulnerabilities in Aria Operations for Networks. A cyber threat actor can exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory...
CISA Releases Four Industrial Control Systems Advisories
CISA released four Industrial Control Systems ICS advisories on August 22, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-234-01 Hitachi Energy AFF66x ICSA-23-234-02 Trane Thermostats ICSA-23-234-03 Rockwell...
CISA Releases JCDC Remote Monitoring and Management (RMM) Cyber Defense Plan
Today, CISA released the Remote Monitoring and Management RMM Cyber Defense Plan, the first proactive Plan developed by industry and government partners through the Joint Cyber Defense Collaborative JCDC. This plan addresses systemic risks facing the exploitation of RMM software. Cyber threat...