Apple Releases Security Updates for Multiple Products

Apple released security updates to address vulnerabilities in multiple Apple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories and apply necessary updates: i...

ASD’s ACSC, CISA, FBI, NSA, and International Partners Release Guidance on Principles of OT Cybersecurity for Critical Infrastructure Organizations

Today, the Australian Signals Directorate’s Australian Cyber Security Centre ASD’s ACSC—in partnership with CISA, U.S. government and international partners—released the guide Principles of Operational Technology Cybersecuritylink is external. This guidance provides critical information on how to...

VMware Releases Security Advisory for VMware Cloud Foundation and vCenter Server

VMware released a security advisory addressing vulnerabilities in the VMware Cloud Foundation and the vCenter Server. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following VMware...

CISA Releases Twenty-Five Industrial Control Systems Advisories

CISA released twenty-five Industrial Control Systems ICS advisories on September 12, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-256-01 Siemens SINEMA Remote Connect Server ICSA-24-256-02 Siemens SINUMERIK...

CISA Releases One Industrial Control Systems Advisory

CISA released one Industrial Control Systems ICS advisory on August 8, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-221-01 Dorsett Controls InfoScan CISA encourages users and administrators to review the...

CISA and Partners Release Advisory on Black Basta Ransomware

Today, CISA, in partnership with the Federal Bureau of Investigation FBI, the Department of Health and Human Services HHS, and the Multi-State Information Sharing and Analysis Center MS-ISAC released joint Cybersecurity Advisory CSA StopRansomware: Black Basta to provide cybersecurity defenders...

CISA Releases One Industrial Control Systems Advisory

CISA released one Industrial Control Systems ICS advisory on April 2, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-093-01 IOSIX IO-1020 Micro ELD CISA encourages users and administrators to review the newly...

CISA Releases Two Industrial Control Systems Advisories

CISA released two Industrial Control Systems ICS advisories on February 8, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-039-01 Qolsys IQ Panel 4, IQ4 HUB ICSA-23-082-06 ProPump and Controls Osprey Pump...

VMware Releases Security Advisory for Aria Operations for Networks

VMware released a security advisory to address multiple vulnerabilities in Aria Operations for Networks. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review VMware security advisory...

CISA Releases Two Industrial Control Systems Advisories

CISA released two Industrial Control Systems ICS advisories on February 6, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-037-01 HID Global Encoders ICSA-24-037-02 HID Global Reader Configuration Cards CISA...

CISA Releases Eight Industrial Control Systems Advisories

CISA released eight Industrial Control Systems ICS advisories on January 30, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-030-01 Emerson Rosemount GC370XA, GC700XA, GC1500XA ICSA-24-030-02 Mitsubishi Electr...

Mozilla Releases Security Updates for Thunderbird and Firefox

Mozilla has released security updates to address vulnerabilities in Thunderbird and Firefox. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories and apply the necessary...

CISA Releases One Industrial Control Systems Advisory

CISA released one Industrial Control Systems ICS advisory on January 9, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-348-01 Cambium ePMP 5GHz Force 300-25 Radio Update A CISA encourages users and...

Apple Releases Security Updates for Multiple Products

Apple has released security updates to address vulnerabilities in Safari, iOS, iPadOS, and macOS Sonoma. A cyber threat actor could exploit one of these vulnerabilities to obtain sensitive information. CISA encourages users and administrators to review Apple security releaseslink is external and...

CISA and International Partners Release Advisory on Russia-based Threat Actor Group, Star Blizzard

Today, the Cybersecurity and Infrastructure Security Agency CISA—in coordination with the United Kingdom’s National Cyber Security Centre UK-NCSC, Australian Signals Directorate’s Australian Cyber Security Centre ASD’s ACSC, Canadian Centre for Cyber Security CCCS, New Zealand National Cyber...

CISA and UK NCSC Unveil Joint Guidelines for Secure AI System Development

Today, in a landmark collaboration, the U.S. Cybersecurity and Infrastructure Security Agency CISA and the UK National Cyber Security Centre NCSC are proud to announce the release of the Guidelines for Secure AI System Developmentlink is external. Co-sealed by 23 domestic and international...

Microsoft Releases November 2023 Security Updates

Microsoft has released updates addressing multiple vulnerabilities in Microsoft software. A cyber threat actor can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s November 2023 Security Update Guidelink is...

CISA Releases One Industrial Control Systems Advisory

CISA released one Industrial Control Systems ICS advisory on October 24, 2023. This advisory provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-297-01 Rockwell Automation Stratix 5800 and Stratix 5200 CISA encourages users and...

CISA Releases One Industrial Control Systems Advisory

CISA released one Industrial Control Systems ICS advisory on October 10, 2023. This advisory provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-19-029-02 Mitsubishi Electric MELSEC-Q Series PLCs CISA Update A CISA encourages users and...

Cisco Releases Security Advisories for Multiple Products

Cisco has released security advisories for vulnerabilities affecting multiple Cisco products. A remote cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories and apply the...

FBI and CISA Release Advisory on Snatch Ransomware

Today, the Federal Bureau of Investigation FBI and the Cybersecurity and Infrastructure Security Agency CISA released joint Cybersecurity Advisory CSA StopRansomware: Snatch Ransomware, which provides indicators of compromise IOCs and tactics, techniques, and procedures TTPs associated with the...

Mozilla Releases Security Updates for Multiple Products

Mozilla has released security updates to address vulnerabilities for Firefox 116, Firefox ESR 115.1, Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrato...

CISA Releases One Industrial Control Systems Advisory

CISA released one Industrial Control Systems ICS advisory on August 1, 2023. This advisory provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-213-01 APSystems Altenergy Power Control CISA encourages users and administrators to review...

CISA Releases Five Industrial Control Systems Advisories

CISA released five Industrial Control Systems ICS advisories on July 27, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-208-01 ETIC Telecom RAS Authentication ICSA-23-208-02 PTC KEPServerEX ICSA-23-208-03...

Apple Releases Security Updates for Multiple Products

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected device. CISA encourages users and administrators to review the following advisories and apply the necessary updates. iOS 16.6...

CISA Releases Four Industrial Control Systems Advisories

CISA released four Industrial Control Systems ICS advisories on July 25, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-206-01 AXIS A1001 ICSA-23-206-02 Rockwell Automation ThinManager ThinServer ICSA-23-206-...

Oracle Releases Security Updates

Oracle has released its Critical Patch Update Advisory, Solaris Third Party Bulletin, and Linux Bulletin for July 2023 to address vulnerabilities affecting multiple products. A remote attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users a...

CISA Develops Factsheet for Free Tools for Cloud Environments

CISA has developed and published a factsheet, Free Tools for Cloud Environments, to help businesses transitioning into a cloud environment identify proper tools and techniques necessary for the protection of critical assets and data security. Free Tools for Cloud Environments provides network...

Cisco Releases Security Update for SD-WAN vManage API

Cisco has released a security update to address a critical vulnerability affecting SD-WAN vManage APIlink is external. A remote attacker can exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review the Cisco security release Cisco SD-WAN...

CISA and FBI Release Cybersecurity Advisory on Enhanced Monitoring to Detect APT Activity Targeting Outlook Online

The Cybersecurity and Infrastructure Security Agency CISA and Federal Bureau of Investigation FBI have released a joint Cybersecurity Advisory CSA, Enhanced Monitoring to Detect APT Activity Targeting Outlook Online, to provide guidance to agencies and critical infrastructure organizations on...

Microsoft Releases July 2023 Security Updates

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s July 2023 Security Update Guidelink is external and...

Adobe Releases Security Updates for ColdFusion and InDesign

Adobe has released security updates to address vulnerabilities affecting ColdFusionlink is external and InDesignlink is external. An attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Adobe security...

CISA Releases Three Industrial Control Systems Advisories

CISA has released three Industrial Control Systems ICS advisories on July 6, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisory for...

Mozilla Releases Security Advisories for Thunderbird, Firefox, and Firefox ESR

Mozilla has released security advisories to address vulnerabilities in Thunderbird, Firefox, and Firefox ESR. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories and app...

DoS and DDoS Attacks against Multiple Sectors

CISA is aware of open-source reporting of targeted denial-of-service DoS and distributed denial-of-service DDoS attacks against multiple organizations in multiple sectors. These attacks can cost an organization time and money and may impose reputational costs while resources and services are...

CISA and NSA Release Joint Guidance on Defending Continuous Integration/Continuous Delivery (CI/CD) Environments

Today, CISA, together with the National Security Agency NSA, released a Cybersecurity Information Sheet CSI to provide recommendations and best practices for organizations to strengthen the security of their CI/CD pipelines against the threat of malicious cyber actors MCAs. Recognizing the variou...

CISA Releases SCuBA TRA and eVRF Guidance Documents

CISA has released several documents as part of the Secure Cloud Business Applications SCuBA project: The Technical Reference Architecture TRA document, previously released for public comment on April 19, 2022, is the final version of a security guide that agencies can use to adopt technology for...

CISA Releases One Industrial Control Systems Advisory

CISA released one Industrial Control Systems ICS advisory on June 27, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-178-01 Hitachi EnergyFOXMAN-UN and UNEM Products CISA encourages users and administrators t...

VMware Releases Security Update for vCenter Server and Cloud Foundation

VMware has released a security update to address multiple memory corruption vulnerabilities in vCenter Server and Cloud Foundation. A cyber threat actor could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review VMware Security...

Apple Releases Security Updates for Multiple Products

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected device. CISA encourages users and administrators to review the following advisories and apply the necessary updates. watchOS...

CISA Releases Two Industrial Control Systems Advisories

CISA released two Industrial Control Systems ICS advisories on June 20, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-171-01 Enphase Envoy ICSA-23-171-02 Enphase Installer Toolkit Android App CISA encourages...

CISA Releases Fourteen Industrial Control Systems Advisories

CISA released fourteen Industrial Control Systems ICS advisories on June 15, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-166-01 SUBNET PowerSYSTEM Center ICSA-23-166-02 Advantech WebAccessSCADA...

Cisco Releases Security Advisories for Multiple Products

Cisco has released security advisories for vulnerabilities affecting multiple Cisco products. A remote cyber threat actor could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories and apply the necessary...

Adobe Releases Security Updates for Multiple Products

Adobe has released security updates to address multiple vulnerabilities in Adobe software. An attacker can exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates...

Microsoft Releases June 2023 Security Updates

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s June 2023 Security Update Guidelink is external and...

CISA Releases Two Industrial Control Systems Advisories

CISA released two Industrial Control Systems ICS advisories on June 8, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-159-01 ​Atlas Copco Power Focus 6000 ICSA-23-159-02 ​Sensormatic Electronics Illustra Pro...

VMware Releases Security Update for Aria Operations for Networks

VMware has released a security update to address multiple vulnerabilities in Aria Operations for Networks Formerly vRealize Network Insight. The vulnerabilities were evaluated to fall within the critical severity range, as a malicious actor with network access may be able to perform a command...

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-3079 Google Chromium V8 Type Confusion Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant...

CISA and FBI Release #StopRansomware: CL0P Ransomware Gang Exploits MOVEit Vulnerability

CISA and FBI released a joint Cybersecurity Advisory CSA CL0P Ransomware Gang Exploits MOVEit Vulnerability in response to a recent vulnerability exploitation attributed to CL0P Ransomware Gang. This joint guide provides indicators of compromise IOCs and tactics, techniques, and procedures TTPs...

CISA Releases Two Industrial Control Systems Advisories

CISA released two Industrial Control Systems ICS advisories on June 6, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-157-01 Delta Electronics CNCSoft-B DOPSoft ICSA-23-157-02 Mitsubishi Electric MELSEC iQ-R...