4188 matches found
CISA Releases Three Industrial Control Systems Advisories
CISA released three Industrial Control Systems ICS advisories on March 5, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-065-01 Nice Linear eMerge E3-Series ICSMA-24-065-01 Santesoft Sante FFT Imaging...
CISA, FBI, and MS-ISAC Release Advisory on Phobos Ransomware
Today, CISA, the Federal Bureau of Investigation FBI, and the Multi-State Information Sharing and Analysis Center MS-ISAC released a joint Cybersecurity Advisory CSA, StopRansomware: Phobos Ransomware, to disseminate known tactics, techniques, and procedures TTPs and indicators of compromise IOCs...
CISA Releases Resource Guide for University Cybersecurity Clinics
Today, CISA released a Resource Guide for Cybersecurity Clinics to outline ways CISA can partner with and support cybersecurity clinics and their clients. University cybersecurity clinics train students from diverse backgrounds and academic expertise to strengthen the digital defenses of...
Updated: Top Cyber Actions for Securing Water Systems
Today, CISA, the Environmental Protection Agency EPA, and the Federal Bureau of Investigation FBI updated the joint fact sheet Top Cyber Actions for Securing Water Systems. This update includes additional resources—from American Water Works Association, the WaterISAC, and MS-ISAC—to support water...
CISA Releases One Industrial Control Systems Advisory
CISA released one Industrial Control Systems ICS advisory on February 22, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-053-01 Delta Electronics CNCSoft-B DOPSoft CISA encourages users and administrators to...
Mozilla Releases Security Updates for Firefox and Thunderbird
Mozilla released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Mozilla Security Advisorie...
CISA Releases Seventeen Industrial Control Systems Advisories
CISA released seventeen Industrial Control Systems ICS advisories on February 15, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-046-01 Siemens SCALANCE W1750D ICSA-24-046-02 Siemens SIDIS Prime ICSA-24-046-0...
CISA Partners With OpenSSF Securing Software Repositories Working Group to Release Principles for Package Repository Security
Today, CISA partnered with the Open Source Security Foundation OpenSSF Securing Software Repositories Working Group to publish the Principles for Package Repository Securitylink is external framework. Recognizing the critical role package repositories play in securing open source software...
CISA and Partners Release Advisory on PRC-sponsored Volt Typhoon Activity and Supplemental Living Off the Land Guidance
Today, CISA, the National Security Agency NSA, and the Federal Bureau of Investigation FBI released a joint Cybersecurity Advisory CSA, PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure alongside supplemental Joint Guidance: Identifying and...
CISA Releases Two Industrial Control Systems Advisories
CISA released two Industrial Control Systems ICS advisories on February 1, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-032-01 Gessler GmbH WEB-MASTER ICSA-24-032-03 AVEVA Edge products formerly known as...
CISA and FBI Release Secure by Design Alert Urging Manufacturers to Eliminate Defects in SOHO Routers
Today, CISA and the Federal Bureau of Investigation FBI published guidance on Security Design Improvements for SOHO Device Manufacturers as a part of the new Secure by Design SbD Alert series that focuses on how manufacturers should shift the burden of security away from customers by integrating...
Juniper Networks Releases Security Bulletin for J-Web in Junos OS SRX Series and EX Series
Juniper Networks released a security bulletin to address multiple vulnerabilities for J-Web in Junos OS SRX Series and EX Series. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Juniper...
CISA Releases Two Industrial Control Systems Advisories
CISA released two Industrial Control Systems ICS advisories on January 25, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-025-01 MachineSense FeverWarn ICSA-24-025-02 SystemK NVR 504/508/516 CISA encourages...
Incident Response Guide for the WWS Sector
Today, CISA, the Federal Bureau of Investigation FBI, and the Environmental Protection Agency released a joint Incident Response Guide for the Water and Wastewater Systems WWS Sector. The guide includes contributions from over 25 WWS Sector organizations spanning private industry, nonprofit, and...
CISA Releases One Industrial Control Systems Advisory
CISA released one Industrial Control Systems ICS advisory on January 18, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-018-01 AVEVA PI Server CISA encourages users and administrators to review the newly...
CISA Releases One Industrial Control Systems Advisory
CISA released one Industrial Control Systems ICS advisory on January 9, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-348-01 Cambium ePMP 5GHz Force 300-25 Radio Update A CISA encourages users and...
CISA Releases Three Industrial Control Systems Advisories
CISA released three Industrial Control Systems ICS advisories on January 4, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-004-01 Rockwell Automation FactoryTalk Activation ICSA-24-004-02 Mitsubishi Electric...
Apple Releases Security Updates for Multiple Products
Apple has released security updates to address vulnerabilities in Safari, iOS, iPadOS, and macOS Sonoma. A cyber threat actor could exploit one of these vulnerabilities to obtain sensitive information. CISA encourages users and administrators to review Apple security releaseslink is external and...
FBI, CISA, and ASD’s ACSC Release Advisory on Play Ransomware
Today, the Federal Bureau of Investigation FBI, Cybersecurity and Infrastructure Security Agency CISA, and the Australian Signals Directorate’s Australian Cyber Security Centre ASD's ACSC released a joint Cybersecurity Advisory CSA, StopRansomware: Play Ransomware, to disseminate Play ransomware...
CISA Releases Advisory on Cyber Resilience for the HPH Sector
Today, CISA released a Cybersecurity Advisory, Enhancing Cyber Resilience: Insights from the CISA Healthcare and Public Health Sector Risk and Vulnerability Assessment, that details findings from our risk and vulnerability assessments of a Health and Public Health HPH Sector organization. CISA...
CISA Releases Two Industrial Control Systems Advisories
CISA released two Industrial Control Systems ICS advisories on December 12, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-346-01 Schneider Electric Easy UPS Online Monitoring Software ICSA-22-356-03 Mitsubis...
Apple Releases Security Updates for Multiple Products
Apple has released security updates to address vulnerabilities within Safari, macOS Sonoma, iOS, and iPadOS. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories and apply...
CISA, FBI, NSA, and Treasury Release Guidance on OSS in OT/ICS Environments
Today, CISA, the Federal Bureau of Investigation, the National Security Agency, and the U.S. Department of the Treasury released guidance on improving the security of open source software OSS in operational technology OT and industrial control systems ICS. In alignment with CISA’s recently releas...
Mozilla Releases Security Updates for Firefox and Thunderbird
Mozilla has released security updates to address vulnerabilities in Firefox and Thunderbird. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories and apply the necessary...
Juniper Releases Security Advisory for Juniper Secure Analytics
Juniper released a security advisory to address multiple vulnerabilities affecting Juniper Secure Analytics. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Juniper advisory JSA74298link ...
CISA Releases Roadmap for Artificial Intelligence Adoption
Today, CISA released its Roadmap for Artificial Intelligence—in alignment with White House Executive Order 14110: Safe, Secure, And Trustworthy Development and Use of Artificial Intelligence—to outline a comprehensive set of actions CISA will take along five lines of effort: 1. Responsibly use AI...
CISA Releases Four Industrial Control Systems Advisories
CISA released four Industrial Control Systems ICS advisories on November 9, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-313-01 Johnson Controls Quantum HD Unity ICSA-23-313-02 Hitachi Energy eSOMS...
CISA Releases One Industrial Control Systems Advisory
CISA released one Industrial Control Systems ICS advisory on November 7, 2023. This advisory provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-311-01 GE MiCOM S1 Agile CISA encourages users and administrators to review the newly...
CISA Published When to Issue VEX Information
Today, CISA published When to Issue Vulnerability Exploitability eXchange VEX Information, developed by a community of industry and government experts with the goal to offer some guidance and structure for the software security world, including the large and growing global SBOM community. This...
CISA Releases Nine Industrial Control Systems Advisories
CISA released nine Industrial Control Systems ICS advisories on October 26, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-299-01 Dingtian DT-R002 ICSA-23-299-02 Centralite Pearl Thermostat ICSA-23-299-03...
Apple Releases Security Advisories for Multiple Products
Apple has released security updates to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected device. CISA encourages users and administrators to review the following advisories and apply the necessary updates:...
CISA Releases Nineteen Industrial Control Systems Advisories
CISA released nineteen Industrial Control Systems ICS advisories on October 12, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-285-01 Siemens SIMATIC CP products ICSA-23-285-02 Siemens SCALANCE W1750D...
Fortinet Releases Security Updates for Multiple Products
Fortinet has released security advisories addressing vulnerabilities in multiple products. These vulnerabilities may allow cyber threat actors to take control of the affected systems. CISA encourages users and administrators to review the following Fortinet security advisories and apply the...
Cisco Releases Security Advisories for Multiple Products
Cisco has released security advisories for vulnerabilities affecting multiple Cisco products. A remote cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories and apply the...
CISA Releases Six Industrial Control Systems Advisories
CISA released six Industrial Control Systems ICS advisories on September 21, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-264-01 Real Time Automation 460 Series ICSA-23-264-02 Siemens Spectrum Power 7...
Microsoft Releases September 2023 Updates
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A cyber threat actor can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s September 2023 Security Update Guidelink i...
Apple Releases Security Updates for iOS and macOS
Apple has released security updates to address a vulnerability in multiple products. A cyber threat actor could exploit this vulnerability to take control of an affected device. CISA encourages users and administrators to review the following advisories and apply the necessary updates. iOS 15.7.9...
CISA Releases Malware Analysis Reports on Barracuda Backdoors
Updated September 7, 2023 CISA has published an additional malware analysis report associated with malicious Barracuda activity. The report provides analysis on the following malware samples: SUBMARINE – SUBMARINE is a backdoor that exploits a vulnerability on the target environment where the...
CISA Releases Capacity Enhancement Guide to Strengthen Agency Resilience to DDoS Attack
CISA has released actionable guidance for Federal Civilian Executive Branch FCEB agencies to help them evaluate and mitigate the risk of volumetric distributed denial-of-service DDoS attacks against their websites and related web services. The Capacity Enhancement Guide: Volumetric DDoS Against W...
Mozilla Releases Security Updates for Multiple Products
Mozilla has released security updates to address vulnerabilities for Firefox 117, Firefox ESR 115.2, Firefox ESR 102.15, Thunderbird 115.2, and Thunderbird 102.15. A cyber threat actor can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and...
Juniper Releases Security Advisory for Multiple Vulnerabilities in Junos OS
Juniper has released a security advisory to address vulnerabilities in Junos OS on SRX Series and EX Series. A remote cyber threat actor could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Juniper’s Support Portal link is...
CISA Releases Two Industrial Control Systems Advisories
CISA released two Industrial Control Systems ICS advisories on August 15, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-227-01 Schneider Electric EcoStruxure Control Expert, Process Expert, Modicon...
CISA Releases its Cybersecurity Strategic Plan
Today, CISA released a strategic plan to lay out how we will fulfill our cybersecurity mission over the next three years. The CISA Cybersecurity Strategic Plan aligns the following nine objectives to specific enabling measures and measures of effectiveness to drive accountability: 1. Increase...
Mozilla Releases Security Updates for Multiple Products
Mozilla has released security updates to address vulnerabilities for Firefox 116, Firefox ESR 115.1, Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrato...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-35081 Ivanti Endpoint Manager Mobile EPMM Path Traversal Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and...
CISA and Partners Release Joint Cybersecurity Advisory on Preventing Web Application Access Control Abuse
The Australian Signals Directorate’s Australian Cyber Security Centre ACSC, the Cybersecurity and Infrastructure Security Agency CISA, and the National Security Agency NSA are releasing a joint Cybersecurity Advisory CSA, Preventing Web Application Access Control Abuse, to warn vendors, designers...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-37580 Zimbra Collaboration ZCS Cross-Site Scripting XSS Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and...
CISA Releases Analysis of FY22 Risk and Vulnerability Assessments
CISA has released an analysis and infographic detailing the findings from the 121 Risk and Vulnerability Assessments RVAs conducted across multiple critical infrastructure sectors in fiscal year 2022 FY22. The analysis details a sample attack path including tactics and steps a cyber threat actor...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-36884 Microsoft Office and Windows HTML Remote Code Execution Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors...
NSA, CISA Release Guidance on Security Considerations for 5G Network Slicing
Today, the National Security Agency NSA and CISA published 5G Network Slicing: Security Considerations for Design, Deployment, and Maintenance. This guidance—created by the Enduring Security Framework ESF, a public-private cross-sector working group led by the NSA and CISA—presents recommendation...