4188 matches found
CISA Releases One Industrial Control Systems Advisory
CISA released one Industrial Control Systems ICS advisory on July 20, 2023. This advisory provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-201-01 Schneider Electric EcoStruxure Products, Modicon PLCs, and Programmable Automation...
CISA Releases Cybersecurity Advisory on Threat Actors Exploiting Citrix CVE-2023-3519
The Cybersecurity and Infrastructure Security Agency CISA released a Cybersecurity Advisory CSA, Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells, to warn organizations about threat actors exploiting CVE-2023-3519, an unauthenticated remote code execution RCE vulnerability...
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-29298 Adobe ColdFusion Improper Access Control Vulnerability CVE-2023-38205 Adobe ColdFusion Improper Access Control Vulnerability These types of vulnerabiliti...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-3519 Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actor...
Citrix Releases Security Updates for NetScaler ADC and Gateway
Citrix has released security updates to address vulnerabilities CVE-2023-3519, CVE-2023-3466, and CVE-2023-3467 affecting NetScaler ADC and NetScaler Gatewaylink is external. An attacker can exploit one of these vulnerabilities to take control of an affected system. According to Citrix,...
Oracle Releases Security Updates
Oracle has released its Critical Patch Update Advisory, Solaris Third Party Bulletin, and Linux Bulletin for July 2023 to address vulnerabilities affecting multiple products. A remote attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users a...
CISA Releases Seven Industrial Control Systems Advisories
CISA released seven Industrial Control Systems ICS advisories on July 18, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-199-01 Rockwell Automation Kinetix 5700 DC Bus Power Supply Series A ICSA-23-199-02...
Adobe Releases Security Updates for ColdFusion
Adobe has released security updates to address a critical vulnerability CVE-2023-38203 affecting ColdFusionlink is external. An attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Adobe security release...
CISA Develops Factsheet for Free Tools for Cloud Environments
CISA has developed and published a factsheet, Free Tools for Cloud Environments, to help businesses transitioning into a cloud environment identify proper tools and techniques necessary for the protection of critical assets and data security. Free Tools for Cloud Environments provides network...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-36884 Microsoft Office and Windows HTML Remote Code Execution Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors...
NSA, CISA Release Guidance on Security Considerations for 5G Network Slicing
Today, the National Security Agency NSA and CISA published 5G Network Slicing: Security Considerations for Design, Deployment, and Maintenance. This guidance—created by the Enduring Security Framework ESF, a public-private cross-sector working group led by the NSA and CISA—presents recommendation...
Cisco Releases Security Update for SD-WAN vManage API
Cisco has released a security update to address a critical vulnerability affecting SD-WAN vManage APIlink is external. A remote attacker can exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review the Cisco security release Cisco SD-WAN...
Juniper Releases Multiple Security Updates for Juno OS
Juniper has released updates to address multiple vulnerabilities in Juno OSlink is external. An attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Juniper’s Support Portallink is external and apply the...
CISA Releases Nine Industrial Control Systems Advisories
CISA released nine Industrial Control Systems ICS advisories on July 13, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-194-01 Siemens RUGGEDCOM ROX ICSA-23-194-02 Siemens SiPass Integrated ICSA-23-194-03...
CISA Adds Two Known Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-37450 Apple Multiple Products WebKit Code Execution Vulnerability CVE-2022-29303 SolarView Compact Command Injection Vulnerability These types of vulnerabiliti...
CISA Releases One Industrial Control Systems Advisory
CISA released one Critical Industrial Control Systems ICS advisory on July 12, 2023. This advisory provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-193-01 Rockwell Automation Select Communication Modules CISA encourages users and...
CISA and FBI Release Cybersecurity Advisory on Enhanced Monitoring to Detect APT Activity Targeting Outlook Online
The Cybersecurity and Infrastructure Security Agency CISA and Federal Bureau of Investigation FBI have released a joint Cybersecurity Advisory CSA, Enhanced Monitoring to Detect APT Activity Targeting Outlook Online, to provide guidance to agencies and critical infrastructure organizations on...
Fortinet Releases Security Update for FortiOS and FortiProxy
Fortinet has released a security update to address a critical vulnerability CVE-2023-33308 affecting FortiOS and FortiProxylink is external. A remote attacker can exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review the Fortinet...
Microsoft Releases July 2023 Security Updates
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s July 2023 Security Update Guidelink is external and...
Adobe Releases Security Updates for ColdFusion and InDesign
Adobe has released security updates to address vulnerabilities affecting ColdFusionlink is external and InDesignlink is external. An attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Adobe security...
Mozilla Releases Security Update for Firefox and Firefox ESR
Mozilla has released a security update to address a vulnerability in Firefox and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review Mozilla Security Advisory MFSA 2023-26link is external and apply the...
CISA Adds Five Known Vulnerabilities to Catalog
CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-32046 Microsoft Windows MSHTML Platform Privilege Escalation Vulnerability CVE-2023-32049 Microsoft Windows Defender SmartScreen Security Feature Bypass...
CISA Releases Four Industrial Control Systems Advisories
CISA released four Industrial Control Systems ICS advisories on July 11, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-192-01 Rockwell Automation Enhanced HIM ICSA-23-192-02 Sensormatic Electronics iSTAR...
Progress Software Releases Service Pack for MOVEit Transfer Vulnerabilities
Progress Software has released a Service Pack to address three newly disclosed vulnerabilities CVE-2023-36934, CVE-2023-36932, CVE-2023-36933 in MOVEit Transfer. A cyber threat actor could exploit some of these vulnerabilities to obtain sensitive information. CISA encourages users to review...
CISA Adds One Known Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2021-29256 Arm Mali GPU Kernel Driver Use-After-Free Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose...
CISA Releases Three Industrial Control Systems Advisories
CISA has released three Industrial Control Systems ICS advisories on July 6, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisory for...
CISA and Partners Release Joint Cybersecurity Advisory on Newly Identified Truebot Malware Variants
Today, the Cybersecurity and Infrastructure Security Agency CISA, Federal Bureau of Investigations FBI, the Multi-State Information Sharing and Analysis Center MS-ISAC, and the Canadian Centre for Cyber Security CCCS released a joint Cybersecurity Advisory CSA, Increased Truebot Activity Infects...
Mozilla Releases Security Advisories for Thunderbird, Firefox, and Firefox ESR
Mozilla has released security advisories to address vulnerabilities in Thunderbird, Firefox, and Firefox ESR. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories and app...
DoS and DDoS Attacks against Multiple Sectors
CISA is aware of open-source reporting of targeted denial-of-service DoS and distributed denial-of-service DDoS attacks against multiple organizations in multiple sectors. These attacks can cost an organization time and money and may impose reputational costs while resources and services are...
CISA Releases Nine Industrial Control Systems Advisories
CISA released nine Industrial Control Systems ICS advisories on June 29, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-180-01 Delta Electronics InfraSuite Device Master ICSA-23-180-02 Schneider Electric...
2023 CWE Top 25 Most Dangerous Software Weaknesses
The Homeland Security Systems Engineering and Development Institute, sponsored by the Department of Homeland Security and operated by MITRE, has released the 2023 Common Weakness Enumeration CWE Top 25 Most Dangerous Software Weaknesseslink is external. The CWE Top 25 is calculated by analyzing...
CISA Adds Eight Known Exploited Vulnerabilities to Catalog
CISA has added eight new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2019-17621 D-Link DIR-859 Router Command Execution Vulnerability CVE-2019-20500 D-Link DWL-2600AP Access Point Command Injection Vulnerability CVE-2021-25487...
CISA and NSA Release Joint Guidance on Defending Continuous Integration/Continuous Delivery (CI/CD) Environments
Today, CISA, together with the National Security Agency NSA, released a Cybersecurity Information Sheet CSI to provide recommendations and best practices for organizations to strengthen the security of their CI/CD pipelines against the threat of malicious cyber actors MCAs. Recognizing the variou...
CISA Releases SCuBA TRA and eVRF Guidance Documents
CISA has released several documents as part of the Secure Cloud Business Applications SCuBA project: The Technical Reference Architecture TRA document, previously released for public comment on April 19, 2022, is the final version of a security guide that agencies can use to adopt technology for...
CISA Releases One Industrial Control Systems Advisory
CISA released one Industrial Control Systems ICS advisory on June 27, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-178-01 Hitachi EnergyFOXMAN-UN and UNEM Products CISA encourages users and administrators t...
VMware Releases Security Update for vCenter Server and Cloud Foundation
VMware has released a security update to address multiple memory corruption vulnerabilities in vCenter Server and Cloud Foundation. A cyber threat actor could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review VMware Security...
CISA Adds Five Known Exploited Vulnerabilities to Catalog
CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-32434 Apple Multiple Products Integer Overflow Vulnerability CVE-2023-32435 Apple iOS and iPadOS WebKit Memory Corruption Vulnerability CVE-2023-32439 Apple...
CISA Adds Six Known Exploited Vulnerabilities to Catalog
CISA has added six new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-20887 VMware Aria Operations for Networks Command Injection Vulnerability CVE-2020-35730 Roundcube Webmail Cross-Site Scripting XSS Vulnerability CVE-2020-1264...
Apple Releases Security Updates for Multiple Products
Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected device. CISA encourages users and administrators to review the following advisories and apply the necessary updates. watchOS...
CISA Releases Four Industrial Control Systems Advisories
CISA released four Industrial Control Systems ICS advisories on June 22, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-173-02 Advantech R-SeeNet ICSA-23-173-03 SpiderControl SCADAWebServer ICSA-23-026-02...
Juniper Networks Releases Security Advisory for Junos OS and Junos OS Evolved
Juniper Networks has released a security advisory that addresses a vulnerability in Junos OS and Junos OS Evolved. A remote attacker could exploit this vulnerability to cause a denial-of-service condition. CISA encourages users and administrators to review the Juniper Security Advisory for...
ISC Releases Security Advisories for Multiple Versions of BIND 9
The Internet Systems Consortium ISC has released security advisories that address vulnerabilities affecting multiple versions of the ISC’s Berkeley Internet Name Domain BIND 9. A remote attacker could exploit these vulnerabilities to potentially cause denial-of-service conditions. CISA encourages...
CISA Releases Two Industrial Control Systems Advisories
CISA released two Industrial Control Systems ICS advisories on June 20, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-171-01 Enphase Envoy ICSA-23-171-02 Enphase Installer Toolkit Android App CISA encourages...
Progress Software Releases Security Advisory for MOVEit Transfer Vulnerability
Progress Software has released a security advisorylink is external for a privilege escalation vulnerability CVE-2023-35708 in MOVEit Transfer—a Managed File Transfer Software. A cyber threat actor could exploit this vulnerability to take control of an affected system. CISA urges users and...
CISA Releases Fourteen Industrial Control Systems Advisories
CISA released fourteen Industrial Control Systems ICS advisories on June 15, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-166-01 SUBNET PowerSYSTEM Center ICSA-23-166-02 Advantech WebAccessSCADA...
CISA, FBI, and MS-ISAC Update Joint CSA on Progress Telerik Vulnerabilities
Today, CISA, the Federal Bureau of Investigation FBI, and Multi-State Information Sharing and Analysis Center MS-ISAC released an update for joint Cybersecurity Advisory CSA Threat Actors Exploit Progress Telerik Vulnerability in U.S. Government IIS Server. This iteration of the CSA—now renamed...
Barracuda Networks Releases Update to Address ESG Vulnerability
Barracuda Networks has released an update to their advisorylink is external addressing a vulnerability—CVE-2023-2868—in their Email Security Gateway Appliance ESG. According to Barracuda, customers should replace impacted appliances immediately. CISA urges organizations to review the Barracuda...
CISA and NSA Release Joint Guidance on Hardening Baseboard Management Controllers (BMCs)
Today, CISA, together with the National Security Agency NSA, released a Cybersecurity Information Sheet CSI, highlighting threats to Baseboard Management Controller BMC implementations and detailing actions organizations can use to harden them. BMCs are trusted components designed into a computer...
CISA and Partners Release Joint Advisory on Understanding Ransomware Threat Actors: LockBit
Today, CISA, the Federal Bureau of Investigation FBI, the Multi-State Information Sharing and Analysis Center MS-ISAC, and international partners released Understanding Ransomware Threat Actors: LockBit, a joint Cybersecurity Advisory CSA to help organizations understand and defend against threat...
Cisco Releases Security Advisories for Multiple Products
Cisco has released security advisories for vulnerabilities affecting multiple Cisco products. A remote cyber threat actor could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories and apply the necessary...