Author: DEFENDEDGE

Today, as part of the Secure by Design campaign, CISA published The Case for Memory Safe Roadmaps: Why Both C-Suite Executives and Technical Experts Need to Take Memory Safe Coding Seriously in collaboration with the following partners: United States National Security Agency United States Federal Bureau of Investigation Australian Signals Directorate’s Australian Cyber Security Centre… Read more

Today, CISA released a Cybersecurity Advisory (CSA), Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers, to disseminate known indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs). The vulnerability in ColdFusion (CVE-2023-26360) presents as an improper access control issue and exploitation of this CVE can result in arbitrary code execution.… Read more

SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA) is releasing a Cybersecurity Advisory (CSA) in response to confirmed exploitation of CVE-2023-26360 by unidentified threat actors at a Federal Civilian Executive Branch (FCEB) agency. This vulnerability presents as an improper access control issue impacting Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5… Read more

 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info apache — dolphinscheduler Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler. The information exposed to unauthorized actors may include sensitive data such as database credentials. Users who can’t upgrade to the fixed version can also set environment… Read more

Today, CISA, the Federal Bureau of Investigation (FBI), National Security Agency (NSA), Environmental Protection Agency (EPA), and the Israel National Cyber Directorate (INCD) released a joint Cybersecurity Advisory (CSA) IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors in response to the active exploitation of Unitronics programmable logic controllers (PLCs) in multiple sectors, including U.S. Water and… Read more

Today, CISA, the Federal Bureau of Investigation (FBI), National Security Agency (NSA), Environmental Protection Agency (EPA), and the Israel National Cyber Directorate (INCD) released a joint Cybersecurity Advisory (CSA) IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors in response to the active exploitation of Unitronics programmable logic controllers (PLCs) in multiple sectors, including U.S. Water and… Read more

SUMMARY The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Environmental Protection Agency (EPA), and the Israel National Cyber Directorate (INCD)—hereafter referred to as “the authoring agencies”—are disseminating this joint Cybersecurity Advisory (CSA) to highlight continued malicious cyber activity against operational technology devices by Iranian Government Islamic Revolutionary… Read more

CISA is continually collaborating with partners across government and the private sector. As a result of this collaboration, CISA has concluded that there is insufficient evidence to keep the following CVE in the catalog and has removed it: CVE-2022-28958 DIR-816L Remote Code Execution Vulnerability Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited… Read more

CISA has assisted a researcher with coordinating the disclosure of multiple researcher-discovered vulnerabilities affecting web-based case and document management systems used by multiple state, county, and municipal courts. Affected systems include products from Tyler Technologies and Catalis and custom software used by specific counties in Florida. In summary, the vulnerabilities allow an unauthenticated, remote attacker… Read more

Today, CISA published guidance on How Software Manufacturers Can Shield Web Management Interfaces From Malicious Cyber Activity as a part of a new Secure by Design (SbD) Alert series.    This SbD Alert urges software manufacturers to proactively prevent the exploitation of vulnerabilities in web management interfaces by designing and developing their products using SbD… Read more