Image source: Shutterstock Enterprise organizations, ISPs and security services providers are not adequately prepared to protect against attacks that leverage the technique, authoring agencies say. The NSA, CISA, and international partners have…
Tag: cisa
Ivanti’s New 0-Days Now in CISA’s Exploit Catalog
Image source: Shutterstock Attacks targeting CVE-2024-9379 and CVE-2024-9380 have impacted customers running the end-of-life CSA 4.6 for which the company issued the last security fix on Sept. 10. Ivanti this week issued…
Here are 4 Vulnerabilities that CISA Added to the Known Exploited Vulnerabilities Catalog This Week.
Federal agencies need to apply vendor recommended mitigations for each flaw on or before October 25. The US Cybersecurity and Infrastructure Security Agency (CISA) has added a total of four security vulnerabilities…
CISA Adds Critical TeamCity Flaw to Known Exploited Vulnerabilities Catalog
Image source: Shutterstock Move follows reports this week of threat actors actively exploiting the flaw in ransomware attacks. The US Cybersecurity and Infrastructure Security Agency (CISA) has added a recently disclosed authentication…
7 vulnerabilities that federal agencies MUST address by Nov 29
Four of the vulnerabilities are Windows zero-day bugs that Microsoft disclosed in its November security update; three affect Samsung mobile devices. The US Cybersecurity and Infrastructure Security Agency’s (CISA) Binding Operational Directive…
CISA will adopt TLP version 2.0 on Nov. 1
Prepare now for move to the new version of FIRST’s standard for sharing security information [300 words]. What: Beginning Nov. 1, 2022, CISA will officially adopt version 2.0 of the Forum of…
CISA Adds Patched Apple iOS/iPadOS Zero-Day to Known Exploited Vulnerabilities Catalog
CVE-2022-42827 is the eighth kernel level flaw so far this year for which Apple has released a patch only after active exploitation was underway [277 words]. What: CISA has added a newly…
Attackers actively exploiting VMware flaw that CISA deemed as posing “unacceptable risk” in May
Multiple campaigns are using CVE-2022-22954 to drop ransomware, coin miners and Mirai [299 words]. What: Multiple malicious campaigns are actively targeting a previously disclosed and now patched remote code execution vulnerability in…
Log4j vuln tops list of CVEs that the US govt says Chinese groups are actively exploiting
Key takeaway: Ensure that you have patched these vulnerabilities—or have mitigations for them especially if your organization is in the technology, telecommunications, defense industrial base and other critical infrastructure sectors. [216 words]…
CISA ups the ante on asset discovery and vulnerability detection on federal networks
Key takeaway: If you aren’t already doing continuous automated asset discovery and vulnerability enumeration on discovered assets, now is a good time to get started. [259 words] What: The US Cybersecurity and…