4188 matches found
CISA Releases Three Industrial Control Systems Advisories
CISA has released three 3 Industrial Control Systems ICS advisories on December 1, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories f...
#StopRansomware: Cuba Ransomware
Today, the Federal Bureau of Investigation FBI and CISA released a joint Cybersecurity Advisory CSA StopRansomware: Cuba Ransomware to provide network defenders tactics, techniques, and procedures TTPs and indicators of compromise IOCs associated with Cuba ransomware. FBI investigations identifie...
CISA Releases Seven Industrial Control Systems Advisories
CISA released seven 7 Industrial Control Systems ICS advisories on November 29, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for...
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view the newly adde...
CISA Releases Eight Industrial Control Systems Advisories
CISA has released eight 8 Industrial Control Systems ICS advisories on 22 November 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisory for...
CISA, NSA, and ODNI Release Guidance for Customers on Securing the Software Supply Chain
Today, CISA, the National Security Agency NSA, and the Office of the Director of National Intelligence ODNI, published the third of a three-part series on securing the software supply chain: Securing Software Supply Chain Series - Recommended Practices Guide for Customers. This publication follow...
#StopRansomware: Hive
Today, CISA, the Federal Bureau of Investigation FBI, and the Department of Health and Human Services HHS released joint Cybersecurity Advisory CSA StopRansomware: Hive Ransomware to provide network defenders tactics, techniques, and procedures TTPs and indicators of compromise IOCs associated wi...
CISA Releases Two Industrial Control Systems Advisories
CISA has released two 2 Industrial Control Systems ICS advisories on November 17, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisory for...
CISA and FBI Release Advisory on Iranian Government-Sponsored APT Actors Compromising Federal Network
Today, CISA and the Federal Bureau of Investigation FBI published a joint Cybersecurity Advisory CSA, Iranian Government-Sponsored APT Actors Compromise Federal Network, Deploy Crypto Miner, Credential Harvester. The CSA provides information on an incident at a Federal Civilian Executive Branch...
Cisco Releases Security Updates for Identity Services Engine
Cisco has released security updates for vulnerabilities affecting Cisco Identity Services Engine ISE. A remote attacker could exploit some of these vulnerabilities to bypass authorization and access system files. For updates addressing vulnerabilities, see the Cisco Security Advisories page. CISA...
Mozilla Releases Security Updates for Multiple Products
Mozilla has released security updates to address vulnerabilities in Thunderbird, Firefox ESR, and Firefox. An attacker could exploit these vulnerabilities to cause user confusion or conduct spoofing attacks. CISA encourages users and administrators to review Mozilla’s security advisories for...
Samba Releases Security Updates
The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Samba security announcement CVE-2022-42898 and...
CISA Releases One Industrial Control Systems Advisory
CISA released one Industrial Control Systems ICS advisory on November 15, 2022. This advisory provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisory for technical...
CISA Has Added One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. This type of vulnerability is a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: To view the newly added...
CISA Releases Twenty Industrial Control Systems Advisories
CISA has released twenty 20 Industrial Control Systems ICS advisories on November 10, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisorie...
CISA Updates Advisory on Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite
CISA and the Multi-State Information Sharing & Analysis Center MS-ISAC have updated joint Cybersecurity Advisory AA22-228A: Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite, originally released August 16, 2022. The advisory has been updated to include an additional Malwar...
Cisco Releases Security Updates for Multiple Products
Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. CISA...
CISA Releases SSVC Methodology to Prioritize Vulnerabilities
Today CISA published its guide on Stakeholder-Specific Vulnerability Categorization SSVC, a vulnerability management methodology that assesses vulnerabilities and prioritizes remediation efforts based on exploitation status, impacts to safety, and prevalence of the affected product in a singular...
Microsoft Releases November 2022 Security Updates
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s November 2022 Security Update Guide and Deployment...
VMware Releases Security Updates
VMware has released security updates to address multiple vulnerabilities in VMware Workspace ONE Assist. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory VMSA-2022-0028 a...
Citrix Releases Security Updates for ADC and Gateway
Citrix has released security updates to address vulnerabilities in Citrix ADC and Citrix Gateway. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Citrix Security Updates CTX463706 and apply the...
CISA Adds Seven Known Exploited Vulnerabilities to Catalog
CISA has added seven vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added...
Cisco Releases Security Updates for Multiple Products
Cisco has released security updates for vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. CISA encourages...
CISA Releases Three Industrial Control Systems Advisories
CISA has released three 3 Industrial Control Systems ICS advisories on November 3, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories f...
Apple Releases Security Update for Xcode
Apple has released a security update to address vulnerabilities in Xcode. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the Apple security...
CISA Releases One Industrial Control Systems Advisory
CISA released one Industrial Control Systems ICS advisory on November 1, 2022. This advisory provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisory for technical...
CISA Upgrades to TLP 2.0
Today, CISA officially upgraded to Traffic Light Protocol TLP 2.0, which facilitates greater information sharing and collaboration. CISA made this upgrade in accordance with the recommendation from the Forum of Incident Response and Security Teams to upgrade to TLP 2.0 by January 2023. Key TLP 2....
OpenSSL Releases Security Update
OpenSSL has released a security advisory to address two vulnerabilities, CVE-2022-3602 and CVE-2022-3786, affecting OpenSSL versions 3.0.0 through 3.0.6. Both CVE-2022-3602 and CVE-2022-3786 can cause a denial of service. According to OpenSSL, a cyber threat actor leveraging CVE-2022-3786, "can...
CISA Releases Guidance on Phishing-Resistant and Numbers Matching Multifactor Authentication
CISA has released two fact sheets to highlight threats against accounts and systems using certain forms of multifactor authentication MFA. CISA strongly urges all organizations to implement phishing-resistant MFA to protect against phishing and other known cyber threats. If an organization using...
Joint CISA FBI MS-ISAC Guide on Responding to DDoS Attacks and DDoS Guidance for Federal Agencies
CISA, the Federal Bureau of Investigation FBI, and the Multi-State Information Sharing and Analysis Center MS-ISAC have released Understanding and Responding to Distributed Denial-of-Service Attacks to provide organizations proactive steps to reduce the likelihood and impact of distributed...
CISA Has Added One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. This type of vulnerability is a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: To view the newly added...
VMware Releases Security Updates
VMware has released security updates to address multiple vulnerabilities in VMware Cloud Foundation. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory VMSA-2022-002 and...
CISA Releases Four Industrial Control Systems Advisories
CISA has released four 4 Industrial Control Systems ICS advisories on October 27, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisory for...
Apple Releases Security Updates for Multiple Products
Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected device. CISA encourages users and administrators to review the Apple security updates page for the following products and app...
Samba Releases Security Updates
The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Samba Security Announcements...
CISA Upgrades to Version 2.0 of Traffic Light Protocol in One Week – Join Us!
On Nov. 1, 2022, CISA will upgrade from Traffic Light Protocol TLP 1.0 to TLP 2.0 in accordance with the recommendation by the Forum of Incident Response Security Teams FIRST that organizations move to 2.0 by the end of 2022. TLP Version 2.0 brings the following key updates: TLP:CLEAR replaces...
CISA Releases Eight Industrial Control Systems Advisories
CISA has released eight 8 Industrial Control Systems ICS advisories on October 25, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisory for...
CISA Has Added One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. This type of vulnerability is a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: To view the newly added...
CISA Adds Six Known Exploited Vulnerabilities to Catalog
CISA has added six vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added...
#StopRansomware: Daixin Team
CISA, the Federal Bureau of Investigation FBI, and the Department of Health and Human Services HHS have released a joint Cybersecurity Advisory CSA, StopRansomware: Daixin Team to provide information on the “Daixin Team,” a cybercrime group actively targeting U.S. businesses, predominantly in the...
Cisco Releases Security Update for Cisco Identity Services Engine
Cisco has released a security update to address vulnerabilities affecting Cisco Identity Services Engine ISE. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing high and low severity vulnerabilities, see the Cisco Security...
CISA Releases Three Industrial Control Systems Advisories
CISA has released three 3 Industrial Control Systems ICS advisories on October 20, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories f...
CISA Requests for Comment on Microsoft 365 Security Configuration Baselines
CISA has issued requests for comment RFCs on eight Microsoft 365 security configuration baselines as part of the Secure Cloud Business Application SCuBA project to secure federal civilian executive branch agencies’ FCEB cloud environments. The baselines: • Build on and integrate previous security...
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added...
Mozilla Releases Security Updates for Firefox
Mozilla has released security updates to address vulnerabilities in Firefox ESR and Firefox. An attacker could exploit these vulnerabilities to cause denial-of-service conditions. CISA encourages users and administrators to review Mozilla’s security advisories for Firefox ESR 102.4 and Firefox 10...
CISA Updates Advisory on Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite
CISA and the Multi-State Information Sharing & Analysis Center MS-ISAC have updated joint Cybersecurity Advisory AA22-228A: Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite, originally released August 16, 2022. The advisory has been updated to reference the addition of a...
Oracle Releases October 2022 Critical Patch Update
Oracle has released its Critical Patch Update for October 2022. This update addresses 366 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Oracle’s...
CISA Releases Two Industrial Control Systems Advisories
CISA released two Industrial Control Systems ICS advisories on October 18, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for...
CISA Releases RedEye: Red Team Campaign Visualization and Reporting Tool
CISA has released RedEye, an interactive open-source analytic tool to visualize and report Red Team command and control activities. RedEye allows an operator to quickly assess complex data, evaluate mitigation strategies, and enable effective decision making. For more information, CISA encourages...
CISA Releases Twenty-Five Industrial Control Systems Advisories
CISA has released twenty-five 25 Industrial Control Systems ICS advisories on October 13, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS...