4188 matches found
CISA Releases Four Industrial Control Systems Advisories
CISA released four Industrial Control Systems ICS advisories on April 16, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-107-01 Measuresoft ScadaPro ICSA-24-107-02 Electrolink FM/DAB/TV Transmitter...
Compromise of Sisense Customer Data
CISA is collaborating with private industry partners to respond to a recent compromise discovered by independent security researchers impacting Sisense, a company that provides data analytics services. CISA urges Sisense customers to: Reset credentials and secrets potentially exposed to, or used ...
CISA Releases Four Industrial Control Systems Advisories
CISA released four Industrial Control Systems ICS advisories on March 26, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-086-01 Automation-Direct C-MORE EA9 HMI ICSA-24-086-02 Rockwell Automation PowerFlex 52...
CISA Releases One Industrial Control Systems Advisory
CISA released one Industrial Control Systems ICS advisory on March 21, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-081-01 Advantech WebAccess/SCADA CISA encourages users and administrators to review the...
CISA and Partners Release Joint Fact Sheet for Leaders on PRC-sponsored Volt Typhoon Cyber Activity
Today, CISA, the National Security Agency NSA, Federal Bureau of Investigation FBI, and other U.S. and international partners are issuing a joint fact sheet, People’s Republic of China State-Sponsored Cyber Activity: Actions for Critical Infrastructure Leaders. Partners of this publication includ...
Fortinet Releases Security Updates for Multiple Products
Fortinet released security updates to address vulnerabilities in multiple Fortinet products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories and apply necessary...
CISA Publishes SCuBA Hybrid Identity Solutions Guidance
CISA has published Secure Cloud Business Applications SCuBA Hybrid Identity Solutions Guidance HISG to help users better understand identity management capabilities and securely integrate their traditional on-premises enterprise networks with cloud-based solutions. This initial publication reflec...
Adobe Releases Security Updates for Multiple Products
Adobe released security updates to address multiple vulnerabilities in Adobe software. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the...
Cisco Releases Security Updates for Secure Client
Cisco released security updates to address vulnerabilities in Cisco Secure Client and Secure Client for Linux. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected device. CISA encourages users and administrators to review the following security releases...
Apple Releases Security Updates for iOS and iPadOS
Apple released security updates to address vulnerabilities in iOS and iPadOS. A cyber threat actor could exploit one of these vulnerabilities to obtain sensitive information. CISA encourages users and administrators to review the following security releases and apply the necessary updates: iOS 17...
VMware Releases Security Advisory for Multiple Products
VMware released a security advisory to address multiple vulnerabilities in ESXi, Workstation, Fusion, and Cloud Foundation. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following VMwar...
Cisco Releases Security Advisories for Cisco NX-OS Software
Cisco released security advisories to address vulnerabilities affecting Cisco NX-OS Software. A cyber threat actor could exploit one of these vulnerabilities to cause a denial-of-service condition. CISA encourages users and administrators to review the following advisories and apply the necessary...
CISA Releases Two Industrial Control Systems Advisories
CISA released two Industrial Control Systems ICS advisories on February 29, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-060-01 Delta Electronics CNCSoft-B ICSMA-24-060-01 MicroDicom DICOM Viewer CISA...
CISA Releases Two Industrial Control Systems Advisories
CISA released two Industrial Control Systems ICS advisories on February 27, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-058-01 Mitsubishi Electric Multiple Factory Automation Products ICSMA-24-058-01...
CISA Releases Three Industrial Control Systems Advisories
CISA released three Industrial Control Systems ICS advisories on February 20, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-051-01 Commend WS203VICM ICSA-24-051-02 Ethercat Zeek Plugin ICSA-24-051-03...
CISA and MS-ISAC Release Advisory on Compromised Account Used to Access State Government Organization
Today, CISA and the Multi-State Information Sharing & Analysis Center MS-ISAC released a joint Cybersecurity Advisory CSA, Threat Actor Leverages Compromised Account of Former Employee to Access State Government Organization to provide network defenders with the tactics, techniques, and procedure...
CISA Releases One Industrial Control Systems Advisory
CISA released one Industrial Control Systems ICS advisory on February 13, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-044-01 Mitsubishi Electric MELSEC iQ-R Series Safety CPU and SIL2 Process CPU CISA...
Microsoft Releases Security Updates for Multiple Products
Microsoft has released security updates to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s February Security Update Guidelink is...
Guidance: Assembling a Group of Products for SBOM
Today, CISA published Guidance on Assembling a Group of Products created by the Software Bill of Materials SBOM Tooling & Implementation Working Group, one of the five SBOM community-driven workstreams facilitated by CISA. CISA’s community-driven working groups publish documents and reports to...
CISA Releases Six Industrial Control Systems Advisories
CISA released six Industrial Control Systems ICS advisories on January 23, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-023-01 APsystems Energy Communication Unit ECU-C Power Control Software ICSA-24-023-02...
Apple Releases Security Updates for Multiple Products
Apple has released security updates for iOS and iPadOS, macOS, Safari, watchOS, and tvOS. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Apple security releaselink is external and apply...
Drupal Releases Security Advisory for Drupal Core
Drupal released a security advisory to address a vulnerability affecting multiple Drupal core versions. A cyber threat actor could exploit this vulnerability to cause a denial-of-service condition. CISA encourages users and administrators to review Drupal security advisory SA-CORE-2024-001link is...
Oracle Releases Critical Patch Update Advisory for January 2024
Oracle released its Critical Patch Update Advisory for January 2024 to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Oracle’s January 2024...
CISA Releases Two Industrial Control Systems Advisories
CISA released two Industrial Control Systems ICS advisories on January 16, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-016-01 SEW-EURODRIVE MOVITOOLS MotionStudio ICSA-24-016-02 Integration Objects OPC UA...
Microsoft Releases Security Updates for Multiple Products
Microsoft has released security updates to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s January Security Update Guidelink is...
Fortinet Releases Security Updates for FortiOS and FortiProxy
Fortinet has released a security update to address a vulnerability in FortiOS and FortiProxy software. A cyber threat actor could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review the FG-IR-23-315 FortiOS & FortiProxy - Improper...
Juniper Releases Security Advisory for Juniper Secure Analytics
Juniper released a security advisory to address multiple vulnerabilities affecting Juniper Secure Analytics. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Juniper advisory JSA75636link ...
Mozilla Releases Security Updates for Firefox and Thunderbird
Mozilla has released security updates to address vulnerabilities in Firefox and Thunderbird. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories and apply the necessary...
CISA Releases Seven Industrial Control Systems Advisories
CISA released seven Industrial Control Systems ICS advisories on December 19, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-353-01 Subnet Solutions Inc. PowerSYSTEM Center ICSA-23-353-02 EFACEC BCU 500...
Fortinet Releases Security Updates for Multiple Products
Fortinet has released security updates to address vulnerabilities in multiple Fortinet products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories and apply necessary...
Adobe Releases Security Updates for Multiple Products
Adobe has released security updates to address multiple vulnerabilities in Adobe software. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Adobe Security Bulletins and apply th...
CISA Releases Joint Guide for Software Manufacturers: The Case for Memory Safe Roadmaps
Today, as part of the Secure by Design campaign, CISA published The Case for Memory Safe Roadmaps: Why Both C-Suite Executives and Technical Experts Need to Take Memory Safe Coding Seriously in collaboration with the following partners: United States National Security Agency United States Federal...
CISA Releases Two Industrial Control Systems Advisories
CISA released two Industrial Control Systems ICS advisories on December 5, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-339-01 Zebra ZTC Industrial ZT400 and Desktop GK420d ICSA-23-208-03 Mitsubishi Electri...
CISA and Partners Release Joint Advisory on IRGC-Affiliated Cyber Actors Exploiting PLCs
Today, CISA, the Federal Bureau of Investigation FBI, National Security Agency NSA, Environmental Protection Agency EPA, and the Israel National Cyber Directorate INCD released a joint Cybersecurity Advisory CSA IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors in response to the acti...
CISA Releases Four Industrial Control Systems Advisories
CISA released four Industrial Control Systems ICS advisories on November 30, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-334-01 Delta Electronics DOPSoft ICSA-23-334-02 Yokogawa STARDOM ICSA-23-334-03 PTC...
CISA Releases Four Industrial Control Systems Advisories
CISA released four Industrial Control Systems ICS advisories on November 28, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-331-01 Delta Electronics InfraSuite Device Master ICSA-23-331-02 Franklin Electric...
CISA Releases Five Industrial Control Systems Advisories
CISA released five Industrial Control Systems ICS advisories on November 21, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-325-01 WAGO PFC200 Series ICSA-23-325-02 Fuji Electric Tellus Lite V-Simulator...
CISA Releases Fourteen Industrial Control Systems Advisories
CISA released fourteen Industrial Control Systems ICS advisories on November 16, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-320-01 Red Lion Sixnet RTUs ICSA-23-320-02 Hitachi Energy MACH System Software...
Adobe Releases Security Updates for Multiple Products
Adobe has released security updates to address vulnerabilities affecting multiple Adobe products. A cyber threat actor could exploit some of these vulnerabilities to take control of affected system. CISA encourages users and administrators to review the following advisories and apply the necessar...
CISA Releases Two Industrial Control Systems Advisories
CISA released two Industrial Control Systems ICS advisories on November 14, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-318-01 AVEVA Operations Control Logger ICSA-23-318-02 Rockwell Automation SIS...
ASD's ACSC and CISA Release Business Continuity in a Box
Today, the Australian Signals Directorate’s Australian Cyber Security Centre ASD's ACSC and CISA released Business Continuity in a Box. Business Continuity in a Box, developed by ACSC with contributions from CISA, assists organizations with swiftly and securely standing up critical business...
CISA, NSA, and Partners Release New Guidance on Securing the Software Supply Chain
Today, CISA, the National Security Agency NSA, and partners released Securing the Software Supply Chain: Recommended Practices for Software Bill of Materials Consumption. Developed through the Enduring Security Framework ESF, this guidance provides software developers and suppliers with industry...
CISA Releases Six Industrial Control Systems Advisories
CISA released six Industrial Control Systems ICS advisories on November 2, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-306-01 Red Lion Crimson ICSA-23-306-02 Mitsubishi Electric MELSEC iQ-F Series CPU Modu...
CISA Releases Three Industrial Control Systems Advisories
CISA released three Industrial Control Systems ICS advisories on October 31, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-304-02 INEA ME RTU ICSA-23-304-03 Zavio IP Camera ICSA-23-208-03 Mitsubishi Electric...
CISA, NSA, FBI, and MS-ISAC Release Update to #StopRansomware Guide
Today, the Cybersecurity and Infrastructure Security Agency CISA, the National Security Agency NSA, the Federal Bureau of Investigation FBI, and the Multi-State Information Sharing and Analysis Center MS-ISAC released an updated version of the joint StopRansomware Guide. The update includes new...
CISA Releases One Industrial Control Systems Advisory
CISA released one Industrial Control Systems ICS advisory on October 19, 2023. This advisory provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-143-02 Hitachi Energy’s RTU500 Series Product UPDATE B CISA encourages users and...
Oracle Releases October 2023 Critical Patch Update Advisory
Oracle has released its Critical Patch Update Advisory for October 2023 to address 387 vulnerabilities across multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Oracle...
CISA Releases Two Industrial Control Systems Advisories
CISA released two Industrial Control Systems ICS advisories on October 17, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-290-01 Schneider Electric EcoStruxure Power Monitoring Expert and Power Operation...
CISA, NSA, FBI, and International Partners Release Updated Secure by Design Guidance
Today, the U.S. Cybersecurity and Infrastructure Security Agency CISA, National Security Agency NSA, and Federal Bureau of Investigation FBI released an update to Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-by- Design and -Default with the following...
CISA Releases New Resources Identifying Known Exploited Vulnerabilities and Misconfigurations Linked to Ransomware
Today, as part of the Ransomware Vulnerability Warning Pilot RVWP, CISA launched two new resources for combating ransomware campaigns: A “Known to be Used in Ransomware Campaigns” column in the KEV Catalog that identifies KEVs associated with ransomware campaigns. A “Misconfigurations and...