4188 matches found
Ivanti Releases Security Updates for Endpoint Manager Mobile (EPMM) CVE-2023-35078
A vulnerability discovered in Ivanti Endpoint Manager Mobile EPMM, previously branded MobileIron Core allows unauthenticated access to specific API paths. An attacker with access to these API paths can access personally identifiable information PII such as names, phone numbers, and other mobile...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-35081 Ivanti Endpoint Manager Mobile EPMM Path Traversal Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and...
CISA Releases Analysis of FY22 Risk and Vulnerability Assessments
CISA has released an analysis and infographic detailing the findings from the 121 Risk and Vulnerability Assessments RVAs conducted across multiple critical infrastructure sectors in fiscal year 2022 FY22. The analysis details a sample attack path including tactics and steps a cyber threat actor...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-35078 Ivanti Endpoint Manager Mobile Authentication Bypass Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors an...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-3519 Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actor...
CISA and Partners Release Joint Cybersecurity Advisory on Newly Identified Truebot Malware Variants
Today, the Cybersecurity and Infrastructure Security Agency CISA, Federal Bureau of Investigations FBI, the Multi-State Information Sharing and Analysis Center MS-ISAC, and the Canadian Centre for Cyber Security CCCS released a joint Cybersecurity Advisory CSA, Increased Truebot Activity Infects...
CISA Adds Six Known Exploited Vulnerabilities to Catalog
CISA has added six new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-20887 VMware Aria Operations for Networks Command Injection Vulnerability CVE-2020-35730 Roundcube Webmail Cross-Site Scripting XSS Vulnerability CVE-2020-1264...
CISA and Partners Release Joint Advisory on Understanding Ransomware Threat Actors: LockBit
Today, CISA, the Federal Bureau of Investigation FBI, the Multi-State Information Sharing and Analysis Center MS-ISAC, and international partners released Understanding Ransomware Threat Actors: LockBit, a joint Cybersecurity Advisory CSA to help organizations understand and defend against threat...
CISA Issues BOD 23-02: Mitigating the Risk from Internet-Exposed Management Interfaces
Today, CISA issued Binding Operational Directive BOD 23-02: Mitigating the Risk from Internet-Exposed Management Interfaces, requiring Federal Civilian Executive Branch FCEB agencies to reduce risks posed by internet-exposed networked management interfaces on federal information systems. This...
Progress Software Releases Security Advisory for MOVEit Transfer
Progress Software has released a security advisorylink is external for a SQL injection vulnerability CVE-2023-34362link is external in MOVEit Transfer—a Managed File Transfer Softwarelink is external. A cyber threat actor could exploit this vulnerability to take over an affected system. CISA urge...
CISA and Partners Update the #StopRansomware Guide, Developed through the Joint Ransomware Task Force (JRTF)
Today, CISA, the Federal Bureau of Investigation FBI, the National Security Agency NSA, and the Multi-State Information Sharing and Analysis Center MS-ISAC published an updated version of the StopRansomware Guide, as ransomware actors have accelerated their tactics and techniques since its initia...
CISA Adds Seven Known Exploited Vulnerabilities to Catalog
CISA has added seven new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-25717 Multiple Ruckus Wireless Products CSRF and RCE Vulnerability CVE-2021-3560 Red Hat Polkit Incorrect Authorization Vulnerability CVE-2014-0196 Linux...
Microsoft Releases April 2023 Security Updates
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s April 2023 Security Update Guidelink is external an...
Adobe Releases Security Updates for Multiple Products
Adobe has released security updates to address multiple vulnerabilities in Adobe software. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessa...
Cisco Releases Security Updates for Multiple Products
Cisco has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the Cis...
Microsoft Releases October 2020 Security Updates
Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review Microsoft’s...
October is National Cybersecurity Awareness Month
October is National Cybersecurity Awareness Month NCSAM, which is a collaborative effort between the Cybersecurity and Infrastructure Security Agency CISA and its public and private partners—including the National Cyber Security Alliance—to ensure every American has the resources they need to sta...
Cisco Releases Security Updates for ASA and FTD Software
Cisco has released security updates to address a vulnerability in Adaptive Security Appliance ASA Software and Firepower Threat Defense FTD Software Web Service. A remote attacker could exploit this vulnerability to obtain sensitive information. The Cybersecurity and Infrastructure Security Agenc...
Mozilla Releases Security Updates for Firefox and Firefox ESR
Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the...
Google Releases Security Updates for Chrome
Google has released Chrome version 76.0.3809.87 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that an attacker could exploit to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to revie...
Apple Releases Multiple Security Updates
Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the App...
Microsoft Releases February Security Bulletin
Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, and Office as part of the Microsoft Security Bulletin Summary for February 2011. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, obtain...
CISA Strengthens Commitment to SLTT Governments
The Cybersecurity and Infrastructure Security Agency CISA announced that it has transitioned to a new model to better equip state, local, tribal, and territorial SLTT governments to strengthen shared responsibility nationwide. CISA is supporting our SLTT partners with access to grant funding,...
CISA Releases One Industrial Control Systems Advisory
CISA released one Industrial Control Systems ICS advisory on September 25, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-268-01 Dingtian DT-R002 CISA encourages users and administrators to review newly...
SonicWall Releases Advisory for Customers after Security Incident
SonicWall released a security advisory to assist their customers with protecting systems impacted by the MySonicWall cloud backup file incident. SonicWall’s investigation found that a malicious actor performed a series of brute force techniques against their MySonicWall.com web portal to gain...
CISA Releases Eleven Industrial Control Systems Advisories
CISA released eleven Industrial Control Systems ICS advisories on September 11, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-254-01 Siemens SIMOTION Tools ICSA-25-254-02 Siemens SIMATIC Virtualization as a...
CISA Releases Fourteen Industrial Control Systems Advisories
CISA released fourteen Industrial Control Systems ICS advisories on September 9, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-252-01 Rockwell Automation ThinManager ICSA-25-252-02 ABB Cylon Aspect BMS/BAS...
CISA Releases Five Industrial Control Systems Advisories
CISA released five Industrial Control Systems ICS advisories on September 4, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-247-01 Honeywell OneWireless Wireless Device Manager WDM ICSA-25-217-01 Mitsubishi...
CISA Releases Three Industrial Control Systems Advisories
CISA released three Industrial Control Systems ICS advisories on August 21, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-233-01 Mitsubishi Electric Corporation MELSEC iQ-F Series CPU Module ICSA-25-177-01...
CISA Releases Four Industrial Control Systems Advisories
CISA released four Industrial Control Systems ICS advisories on August 19, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-231-01 Siemens Desigo CC Product Family and SENTRON Powermanager ICSA-25-231-02 Siemen...
CISA Releases Two Industrial Control Systems Advisories
CISA released two Industrial Control Systems ICS advisories on July 31, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-212-01 Güralp FMUS Series Seismic Monitoring Devices ICSA-25-212-02 Rockwell Automation...
CISA and USCG Issue Joint Advisory to Strengthen Cyber Hygiene in Critical Infrastructure
CISA, in partnership with the U.S. Coast Guard USCG, released a joint Cybersecurity Advisory aimed at helping critical infrastructure organizations improve their cyber hygiene. This follows a proactive threat hunt engagement conducted at a U.S. critical infrastructure facility. During this...
Eviction Strategies Tool Released
Today, CISA released the Eviction Strategies Tool to provide cyber defenders with critical support and assistance during the containment and eviction phases of incident response. This tool includes: Cyber Eviction Strategies Playbook Next Generation Playbook-NG : A web-based application for...
CISA Releases Five Industrial Control Systems Advisories
CISA released five Industrial Control Systems ICS advisories on July 29, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-210-01 National Instruments LabVIEW ICSA-25-210-02 Samsung HVAC DMS ICSA-25-210-03 Delta...
CISA Releases Six Industrial Control Systems Advisories
CISA released six Industrial Control Systems ICS advisories on July 15, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-196-01 Hitachi Energy Asset Suite ICSA-25-196-02 ABB RMC-100 ICSA-25-196-03 LITEON IC48A...
CISA Releases Thirteen Industrial Control Systems Advisories
CISA released thirteen Industrial Control Systems ICS advisories on July 10, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-191-01 Siemens SINEC NMS ICSA-25-191-02 Siemens Solid Edge ICSA-25-191-03 Siemens TI...
New Guidance Released for Reducing Memory-Related Vulnerabilities
Today, CISA, in partnership with the National Security Agency NSA, released a joint guide on reducing memory-related vulnerabilities in modern software development. Memory safety vulnerabilities pose serious risks to national security and critical infrastructure. Adopting memory safe languages MS...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-5419link is external Google Chromium V8 Out-of-Bounds Read and Write Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber...
New Best Practices Guide for Securing AI Data Released
Today, CISA, the National Security Agency, the Federal Bureau of Investigation, and international partners released a joint Cybersecurity Information Sheet on AI Data Security: Best Practices for Securing Data Used to Train & Operate AI Systems. This information sheet highlights the critical role...
Threat Actors Target U.S. Critical Infrastructure with LummaC2 Malware
Today, CISA and the Federal Bureau of Investigation released a joint Cybersecurity Advisory, LummaC2 Malware Targeting U.S. Critical Infrastructure Sectors. This advisory details the tactics, techniques, and procedures, and indicators of compromise IOCs linked to threat actors deploying LummaC2...
CISA Releases Thirteen Industrial Control Systems Advisories
CISA released thirteen Industrial Control Systems ICS advisories on May 20, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-140-01 ABUP IoT Cloud Platform ICSA-25-140-02 National Instruments Circuit Design Sui...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-27363link is external FreeType Out-of-Bounds Write Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose...
CISA Releases Five Industrial Control Systems Advisories
CISA released five Industrial Control Systems ICS advisories on April 22, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-112-01 Siemens TeleControl Server Basic SQL ICSA-25-112-02 Siemens TeleControl Server...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2021-20035link is external SonicWall SMA100 Appliances OS Command Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyb...
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-53197link is external Linux Kernel Out-of-Bounds Access Vulnerability CVE-2024-53150link is external Linux Kernel Out-of-Bounds Read Vulnerability These types ...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-30154link is external reviewdog action-setup GitHub Action Embedded Malicious Code Vulnerability These types of vulnerabilities are frequent attack vectors for...
CISA Releases Seven Industrial Control Systems Advisories
CISA released seven Industrial Control Systems ICS advisories on March 18, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-077-01 Schneider Electric EcoStruxure Power Automation System User Interface EPAS-UI...
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-24201link is external Apple Multiple Products WebKit Out-of-Bounds Write Vulnerability CVE-2025-21590link is external Juniper Junos OS Improper Isolation or...
CISA Adds Five Known Exploited Vulnerabilities to Catalog
CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-25181link is external Advantive VeraCore SQL Injection Vulnerability CVE-2024-57968link is external Advantive VeraCore Unrestricted File Upload Vulnerability...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-57727link is external SimpleHelp Path Traversal Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose...