4188 matches found
CISA Releases Two Industrial Control Systems Advisories
CISA released two Industrial Control Systems ICS advisories on February 27, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-058-01 Schneider Electric Communication Modules for Modicon M580 and Quantum...
CISA Releases Two Industrial Control Systems Advisories
CISA released two Industrial Control Systems ICS advisories on February 25, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-056-01 Rockwell Automation PowerFlex 755 ICSMA-25-030-01 Contec Health CMS8000 Patien...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-24989link is external Microsoft Power Pages Improper Access Control Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber...
CISA Releases Two Industrial Control Systems Advisories
CISA released two Industrial Control Systems ICS advisories on February 18, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-191-01 Delta Electronics CNCSoft-G2 Update A ICSA-25-035-02 Rockwell Automation...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-57727link is external SimpleHelp Path Traversal Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose...
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-24200link is external Apple iOS and iPadOS Incorrect Authorization Vulnerability CVE-2024-41710link is external Mitel SIP Phones Argument Injection Vulnerabili...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-0994link is external Trimble Cityworks Deserialization Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose...
CISA Releases Six Industrial Control Systems Advisories
CISA released six Industrial Control Systems ICS advisories on February 6, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-037-01 Schneider Electric EcoStruxure Power Monitoring Expert PME ICSA-25-037-02...
CISA and FBI Release Updated Guidance on Product Security Bad Practices
In partnership with the Federal Bureau of Investigation FBI, CISA released an update to joint guidance Product Security Bad Practices in furtherance of CISA’s Secure by Design initiative. This updated guidance incorporates public comments CISA received in response to a Request for Information,...
CISA and Partners Release Call to Action to Close the National Software Understanding Gap
Today, CISA—in partnership with the Defense Advanced Research Projects Agency DARPA, the Office of the Under Secretary of Defense for Research and Engineering OUSD R&E, and the National Security Agency NSA—published Closing the Software Understanding Gap. This report urgently implores the U.S...
CISA Releases Two Industrial Control Systems Advisories
CISA released two Industrial Control Systems ICS advisories on January 7, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-007-01 ABB ASPECT-Enterprise, NEXUS, and MATRIX Series Products ICSA-25-007-02 Nedap...
CISA Releases Eight Industrial Control Systems Advisories
CISA released eight Industrial Control Systems ICS advisories on December 19, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-354-01 Hitachi Energy RTU500 series CMU ICSA-24-354-02 Hitachi Energy SDM600...
CISA Issues BOD 25-01, Implementing Secure Practices for Cloud Services
Today, CISA issued Binding Operational Directive BOD 25-01, Implementing Secure Practices for Cloud Services to safeguard federal information and information systems. This Directive requires federal civilian agencies to identify specific cloud tenants, implement assessment tools, and align cloud...
CISA and ONCD Release Playbook for Strengthening Cybersecurity in Federal Grant Programs for Critical Infrastructure
Today, CISA and the Office of the National Cyber Director ONCD published Playbook for Strengthening Cybersecurity in Federal Grant Programs for Critical Infrastructure to assist grant-making agencies to incorporate cybersecurity into their grant programs and assist grant-recipients to build cyber...
Apple Releases Security Updates for Multiple Products
Apple released security updates to address vulnerabilities in multiple Apple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories and apply necessary updates:...
Ivanti Releases Security Updates for Multiple Products
Ivanti released security updates to address vulnerabilities in Ivanti Cloud Service Application, Ivanti Desktop and Server Management DSM, Ivanti Connect Secure and Police Secure, Ivanti Sentry, and Ivanti Patch SDK. CISA encourages users and administrators to review the following Ivanti security...
CISA Releases New Public Version of CDM Data Model Document
Today, the Cybersecurity and Infrastructure Security Agency CISA released an updated public version of the Continuous Diagnostics and Mitigation CDM Data Model Document. Version 5.0.1 aligns with fiscal year 2023 Federal Information Security Modernization Act FISMA metrics. The CDM Data Model...
CISA Releases Seven Industrial Control Systems Advisories
CISA released seven Industrial Control Systems ICS advisories on November 21, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-326-01 Automated Logic WebCTRL Premium Server ICSA-24-326-02 OSCAT Basic Library...
USDA Releases Success Story Detailing the Implementation of Phishing-Resistant Multi-Factor Authentication
Today, the Cybersecurity and Infrastructure Security Agency CISA and the U.S. Department of Agriculture USDA released Phishing-Resistant Multi-Factor Authentication MFA Success Story: USDA’s FIDO Implementation. This report details how USDA successfully implemented phishing-resistant authenticati...
Adobe Releases Security Updates for Multiple Products
Adobe released security updates to address multiple vulnerabilities in Adobe software. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the...
CISA Releases Five Industrial Control Systems Advisories
CISA released five Industrial Control Systems ICS advisories on November 12, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-317-01 Subnet Solutions PowerSYSTEM Center ICSA-24-317-02 Hitachi Energy TRO600...
CISA Releases Three Industrial Control Systems Advisories
CISA released three Industrial Control Systems ICS advisories on November 7, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-312-01 Beckhoff Automation TwinCAT Package Manager ICSA-24-312-02 Delta Electronics...
JCDC’s Industry-Government Collaboration Speeds Mitigation of CrowdStrike IT Outage
CISA, through the Joint Cyber Defense Collaborative JCDC, enabled swift, coordinated response and information sharing in the wake of a significant IT outage caused by a CrowdStrike software update. This outage, which impacted government, critical infrastructure, and industry across the globe, led...
Cisco Releases Security Bundle for Cisco ASA, FMC, and FTD Software
Cisco released its October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication to address vulnerabilities in Cisco ASA, FMC, and FTD. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users an...
CISA Releases One Industrial Control Systems Advisory
CISA released one Industrial Control Systems ICS advisory on October 22, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-296-01 ICONICS and Mitsubishi Electric Products CISA encourages users and administrators...
CISA Releases Seven Industrial Control Systems Advisories
CISA released seven Industrial Control Systems ICS advisories on October 17, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-291-01 Elvaco M-Bus Metering Gateway CMe3100 ICSA-24-291-02 LCDS LAquis SCADA...
CISA, FBI, NSA, and International Partners Release Advisory on Iranian Cyber Actors Targeting Critical Infrastructure Organizations Using Brute Force
Today, CISA—with the Federal Bureau of Investigation FBI, the National Security Agency NSA, and international partners—released joint Cybersecurity Advisory Iranian Cyber Actors Brute Force and Credential Access Activity Compromises Critical Infrastructure. This advisory provides known indicators...
CISA Releases Two Industrial Control Systems Advisories
CISA released two Industrial Control Systems ICS advisories on October 15, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-289-01 Siemens Siveillance Video Camera ICSA-24-289-02 Schneider Electric Data Center...
CISA Releases Three Industrial Control Systems Advisories
CISA released three Industrial Control Systems ICS advisories on October 3, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-277-01 TEM Opera Plus FM Family Transmitter ICSA-24-277-02 Subnet Solutions Inc...
CISA Warns of Hurricane-Related Scams
As Hurricane Helene approaches, CISA urges users to remain on alert for potential malicious cyber activity. Fraudulent emails and social media messages—often containing malicious links or attachments—are common after major natural disasters. Exercise caution in handling emails with...
Threat Actors Continue to Exploit OT/ICS through Unsophisticated Means
CISA continues to respond to active exploitation of internet-accessible operational technology OT and industrial control systems ICS devices, including those in the Water and Wastewater Systems WWS Sector. Exposed and vulnerable OT/ICS systems may allow cyber threat actors to use default...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-8963link is external Ivanti Cloud Services Appliance CSA Path Traversal Vulnerability These types of vulnerabilities are frequent attack vectors for malicious...
Apple Releases Security Updates for Multiple Products
Apple released security updates to address vulnerabilities in multiple Apple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories and apply necessary updates: i...
CISA and FBI Release Secure by Design Alert on Eliminating Cross-Site Scripting Vulnerabilities
Today, CISA and FBI released a Secure by Design Alert, Eliminating Cross-Site Scripting Vulnerabilities, as a part of our ongoing effort to reduce the prevalence of vulnerability classes at scale. Vulnerabilities like cross-site scripting XSS continue to appear in software, enabling threat actors...
CISA Releases Four Industrial Control Systems Advisories
CISA released four Industrial Control Systems ICS advisory on September 5, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-249-01 Hughes Network Systems WL3000 Fusion Software ICSMA-24-249-01 Baxter Connex...
CISA and Partners Release Advisory on Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations
Today, CISA—in partnership with the Federal Bureau of Investigation FBI and the Department of Defense Cyber Crime Center DC3—released Iran-based Cyber Actors Enabling Ransomware Attacks on U.S. Organizations. This joint advisory warns of cyber actors, known in the private sector as Pioneer Kitten...
CISA Releases Secure by Demand Guidance
Today, CISA and the Federal Bureau of Investigation FBI have released Secure by Demand Guide: How Software Customers Can Drive a Secure Technology Ecosystem to help organizations drive a secure technology ecosystem by ensuring their software manufacturers prioritize secure technology from the...
CISA Releases One Industrial Control Systems Advisory
CISA released one Industrial Control Systems ICS advisory on August 6, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-219-01 Delta Electronics DIAScreen CISA encourages users and administrators to review the...
Apple Releases Security Updates for Multiple Products
Apple released security updates to address vulnerabilities in Safari, iOS, iPadOS, macOS, watchOS, tvOS, and visionOS. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisorie...
Ivanti Releases Security Updates for Endpoint Manager
Ivanti released security updates to address vulnerabilities in Ivanti Endpoint Manager EPM and Ivanti Endpoint Manager for Mobile EPMM. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the...
Cisco Releases Security Updates for Multiple Products
Cisco released security updates to address vulnerabilities in Cisco software. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories and apply necessary updates: Cisco Secu...
AT&T Discloses Breach of Customer Data
On July 12, AT&T released a public statement on unauthorized access of customer data from a third-party cloud platform. AT&T also provided recommendations and resources for affected customers. CISA encourages customers to review the following AT&T article for additional information and follow...
CISA Releases Advisory Detailing Red Team Activity During Assessment of US FCEB Organization, Highlighting Necessity of Defense-in-Depth
Today, CISA released CISA Red Team’s Operations Against a Federal Civilian Executive Branch Organization Highlights the Necessity of Defense-in-Depth in coordination with the assessed organization. This Cybersecurity Advisory CSA details key findings and lessons learned from a 2023 assessment,...
CISA Releases Two Industrial Control Systems Advisories
CISA released two Industrial Control Systems ICS advisories on June 25, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-177-01 ABB Ability System 800xA ICSA-24-177-02 PTC Creo Elements/Direct License Server CI...
CISA Releases One Industrial Control Systems Advisory
CISA released one Industrial Control Systems ICS advisory on June 18, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-170-01 RAD Data Communications SecFlow-2 CISA encourages users and administrators to review...
CISA and Partners Release Guidance for Modern Approaches to Network Access Security
Today, CISA, in partnership with the Federal Bureau of Investigation FBI, released guidance, Modern Approaches to Network Access Security, along with the following organizations: New Zealand’s Government Communications Security Bureau GCSB; New Zealand’s Computer Emergency Response Team CERT-NZ;...
CISA Releases Six Industrial Control Systems Advisories
CISA released six Industrial Control Systems ICS advisories on June 11, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-163-01 Rockwell Automation ControlLogix, GuardLogix, and CompactLogix ICSA-24-163-02 AVEV...
CISA Releases Four Industrial Control Systems Advisories
CISA released four Industrial Control Systems ICS advisories on June 6, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-158-01 Emerson PACSystem and Fanuc ICSA-24-158-02 Emerson Ovation ICSA-24-158-03 Mitsubis...
CISA Releases One Industrial Control Systems Advisory
CISA released one Industrial Control Systems ICS advisory on May 28, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-149-01 Campbell Scientific CSI Web Server CISA encourages users and administrators to review...
CISA Releases One Industrial Control Systems Advisory
CISA released one Industrial Control Systems ICS advisory on May 23, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-144-01 AutomationDirect Productivity PLCs CISA encourages users and administrators to review...