4188 matches found
Fortinet Releases Security Update for FortiOS and FortiProxy
Fortinet has released a security update to address a critical vulnerability CVE-2023-33308 affecting FortiOS and FortiProxylink is external. A remote attacker can exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review the Fortinet...
CISA Adds Five Known Vulnerabilities to Catalog
CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-32046 Microsoft Windows MSHTML Platform Privilege Escalation Vulnerability CVE-2023-32049 Microsoft Windows Defender SmartScreen Security Feature Bypass...
CISA and NSA Release Joint Guidance on Hardening Baseboard Management Controllers (BMCs)
Today, CISA, together with the National Security Agency NSA, released a Cybersecurity Information Sheet CSI, highlighting threats to Baseboard Management Controller BMC implementations and detailing actions organizations can use to harden them. BMCs are trusted components designed into a computer...
VMware Releases Security Update for Aria Operations for Networks
VMware has released a security update to address multiple vulnerabilities in Aria Operations for Networks Formerly vRealize Network Insight. The vulnerabilities were evaluated to fall within the critical severity range, as a malicious actor with network access may be able to perform a command...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-34362 Progress MOVEit Transfer SQL Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-28771 Zyxel Multiple Firewalls OS Command Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-2868 Barracuda Networks ESG Appliance Improper Input Validation Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber acto...
CISA Warns of Hurricane/Typhoon-Related Scams
CISA urges users to remain on alert for malicious cyber activity following a natural disaster such as a hurricane or typhoon, as attackers target potential disaster victims by leveraging social engineering tactics, techniques, and procedures TTPs. Social engineering TTPs include phishing attacks...
CISA and Partners Release Cybersecurity Advisory Guidance detailing PRC state-sponsored actors evading detection by “Living off the Land”
Today, CISA joined the National Security Agency NSA, the Federal Bureau of Investigation FBI, and international partners in releasing a joint cybersecurity advisory highlighting recently discovered activities conducted by a People’s Republic of China PRC state-sponsored cyber threat actor. This...
CISA Adds Three Known Exploited Vulnerabilities to Catalog
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-32409 Apple Multiple Products WebKit Sandbox Escape Vulnerability CVE-2023-28204 Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability CVE-2023-323...
Cisco Releases Security Advisory for Small Business Series Switches
Cisco released a security advisory to address multiple vulnerabilities affecting the web-based user interface of certain Cisco Small Business Series Switcheslink is external. A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition or execute arbitrary code wit...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-29336 Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation up to SYSTEM privileges. These types of vulnerabilities are...
Abuse of the Service Location Protocol May Lead to DoS Attacks
The Service Location Protocol SLP, RFC 2608link is external allows an unauthenticated remote attacker to register arbitrary services. This could allow an attacker to use spoofed UDP traffic to conduct a denial-of-service DoS attack with a significant amplification factor. Researchers from Bitsigh...
CISA Adds Three Known Exploited Vulnerabilities to Catalog
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-28432 MinIO Information Disclosure Vulnerability CVE-2023-27350 PaperCut MF/NG Improper Access Control Vulnerability CVE-2023-2136 Google Chrome Skia Integer...
CISA Releases One Industrial Control Systems Advisory
CISA released one Industrial Control Systems ICS advisory on April 20, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical...
APT28 Exploits Known Vulnerability To Carry Out Reconnaissance and Deploy Malware on Cisco Routers
NCSClink is external, NSA, CISA, and FBI have released a joint advisory to provide details of tactics, techniques, and procedures TTPs associated with APT28's exploitation of Cisco routers in 2021. By exploiting the vulnerability CVE-2017-6742link is external, APT28 used infrastructure to...
CISA Releases Three Industrial Control Systems Advisories
CISA has released three 3 Industrial Control Systems ICS advisories on November 3, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories f...
Google Releases Security Updates for Chrome
Google has released Chrome version 100.0.4896.127 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take control of an affected system. This vulnerability has been detected in exploits in the wild. CISA encourages users and administrators to...
Adobe Releases Security Updates for Multiple Products
Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessa...
Oracle Releases July 2020 Security Bulletin
Oracle has released its Critical Patch Update for July 2020 to address 433 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and...
Google Releases Security Updates
Google has released Chrome version 81.0.4044.113 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the...
Cisco Releases Security Advisories
Cisco has released advisories describing Apache Struts 2 vulnerabilities potentially affecting multiple products. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review the Cisco Security Advisories...
Microsoft Releases May 2017 Security Updates
Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of a system. US-CERT encourages users and administrators to review Microsoft's May 2017 Security Update Summary and Deployment Information...
Vulnerabilities Identified in Network Time Protocol Daemon (ntpd)
The Network Time Foundation's NTP Project has has released version ntp-4.2.8p10 to address multiple vulnerabilities in ntpd. Exploitation of some of these vulnerabilities may allow a remote attacker to cause a denial-of-service condition. US-CERT encourages users and administrators to review the...
Cisco Releases Security Updates
Cisco has released security updates to address vulnerabilities in its Application Policy Infrastructure Controller, IOS software, and the Unified MeetingPlace Conferencing products. Exploitation of these vulnerabilities may allow a remote attacker to gain unauthorized access, cause a...
CISA and Partners Release Asset Inventory Guidance for Operational Technology Owners and Operators
CISA, along with the National Security Agency, the Federal Bureau of Investigation, Environmental Protection Agency, and several international partners, released comprehensive guidance to help operational technology OT owners and operators across all critical infrastructure sectors create and...
Joint Advisory Issued on Protecting Against Interlock Ransomware
CISA, in partnership with the Federal Bureau of Investigation FBI, the Department of Health and Human Services, and the Multi-State Information Sharing and Analysis Center issued a joint Cybersecurity Advisory to help protect businesses and critical infrastructure organizations in North America a...
CISA Releases One Industrial Control Systems Advisory
CISA released one Industrial Control Systems ICS advisory on July 8, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-189-01 Emerson ValveLink Products CISA encourages users and administrators to review newly...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-6554link is external Google Chromium V8 Type Confusion Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors an...
CISA Releases Seven Industrial Control Systems Advisories
CISA released seven Industrial Control Systems ICS advisories on July 1, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-182-01 FESTO Didactic CP, MPS 200, and MPS 400 Firmware ICSA-25-182-02 FESTO Automation...
CISA and Partners Urge Critical Infrastructure to Stay Vigilant in the Current Geopolitical Environment
Today, CISA, in collaboration with the Federal Bureau of Investigation FBI, the Department of Defense Cyber Crime Center DC3, and the National Security Agency NSA, released a Fact Sheet urging organizations to remain vigilant against potential targeted cyber operations by Iranian state-sponsored ...
CISA Releases Ten Industrial Control Systems Advisories
CISA released ten Industrial Control Systems ICS advisories on June 12, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-162-01 Siemens Tecnomatix Plant Simulation ICSA-25-162-02 Siemens RUGGEDCOM APE1808...
CISA Releases Seven Industrial Control Systems Advisories
CISA released seven Industrial Control Systems ICS advisories on June 5, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-155-01 CyberData 011209 SIP Emergency Intercom ICSA-25-155-02 Hitachi Energy Relion 670,...
CISA Releases Five Industrial Control Systems Advisories
CISA released five Industrial Control Systems ICS advisories on May 29, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-148-01 Siemens SiPass ICSA-25-148-02 Siemens SiPass Integrated ICSA-25-148-03 Consilium...
CISA Releases One Industrial Control Systems Advisory
CISA released one Industrial Control Systems ICS advisory on May 27, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-146-01 Johnson Controls iSTAR Configuration Utility ICU Tool CISA encourages users and...
CISA Releases Twenty-Two Industrial Control Systems Advisories
CISA released twenty-two Industrial Control Systems ICS advisories on May 15, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-135-01 Siemens RUGGEDCOM APE1808 Devices ICSA-25-135-02 Siemens INTRALOG WMS...
Update to How CISA Shares Cyber-Related Alerts and Notifications
Update May 13 : In an effort to enhance user experience and highlight the most timely and actionable information for cyber defenders, CISA announced a shift in how we share cybersecurity alerts and advisories. We recognize this has caused some confusion in the cyber community. As such, we have...
CISA Releases Two Industrial Control Systems Advisories
CISA released two Industrial Control Systems ICS advisories on May 1, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-121-01 KUNBUS GmbH Revolution Pi ICSMA-25-121-01 MicroDicom DICOM Viewer CISA encourages...
CISA Adds Three Known Exploited Vulnerabilities to Catalog
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-1976link is external Broadcom Brocade Fabric OS Code Injection Vulnerability CVE-2025-42599link is external Qualitia Active! Mail Stack-Based Buffer Overflow...
CISA Releases Six Industrial Control Systems Advisories
CISA released six Industrial Control Systems ICS advisories on April 17, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-107-01 Schneider Electric Trio Q Licensed Data Radio ICSA-25-107-02 Schneider Electric...
CISA Releases Nine Industrial Control Systems Advisories
CISA released nine Industrial Control Systems ICS advisories on April 15, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-105-01 Siemens Mendix Runtime ICSA-25-105-02 Siemens Industrial Edge Device Kit...
CISA Releases Ten Industrial Control Systems Advisories
CISA released ten Industrial Control Systems ICS advisories on April 10, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-100-01 Siemens License Server ICSA-25-100-02 Siemens SIDIS Prime ICSA-25-100-03 Siemens...
NSA, CISA, FBI, and International Partners Release Cybersecurity Advisory on “Fast Flux,” a National Security Threat
Today, CISA—in partnership with the National Security Agency NSA, Federal Bureau of Investigation FBI, Australian Signals Directorate’s Australian Cyber Security Centre ASD’s ACSC, Canadian Centre for Cyber Security CCCS, and New Zealand’s National Cyber Security Centre NCSC-NZ—released joint...
CISA Releases Five Industrial Control Systems Advisories
CISA released five Industrial Control Systems ICS advisories on April 3, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-093-01 Hitachi Energy RTU500 Series ICSA-25-093-02 Hitachi Energy TRMTracker...
Supply Chain Compromise of Third-Party tj-actions/changed-files (CVE-2025-30066) and reviewdog/action-setup@v1 (CVE-2025-30154)
A popular third-party GitHub Action, tj-actions/changed-files tracked as CVE-2025-30066link is external, was compromised. tj-actions/changed-files is designed to detect which files have changed in a pull request or commit. The supply chain compromise allows for information disclosure of secrets...
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2019-9874link is external Sitecore CMS and Experience Platform XP Deserialization Vulnerability CVE-2019-9875link is external Sitecore CMS and Experience Platform X...
FBI Warns of Data Extortion Scam Targeting Corporate Executives
The Federal Bureau of Investigation FBI Internet Crime Complaint Center IC3 has released an alert warning of a scam involving criminal actors masquerading as the “BianLian Group.” The cyber criminals target corporate executives by sending extortion letters threatening to release victims’ sensitiv...
CISA Adds Four Known Exploited Vulnerabilities to Catalog
CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-50302link is external Linux Kernel Use of Uninitialized Resource Vulnerability CVE-2025-22225link is external VMware ESXi Arbitrary Write Vulnerability...
CISA Releases Two Industrial Control Systems Advisories
CISA released two Industrial Control Systems ICS advisories on February 25, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-056-01 Rockwell Automation PowerFlex 755 ICSMA-25-030-01 Contec Health CMS8000 Patien...
CISA Releases Two Industrial Control Systems Advisories
CISA released two Industrial Control Systems ICS advisories on February 18, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-191-01 Delta Electronics CNCSoft-G2 Update A ICSA-25-035-02 Rockwell Automation...