Author: DEFENDEDGE
-
CISA Updates Guidance for Addressing Cisco IOS XE Web UI Vulnerabilities With Additional Releases
Today, CISA updated its guidance addressing two vulnerabilities, CVE-2023-20198 and CVE-2023-20273, affecting Cisco’s Internetworking Operating System (IOS) XE Software Web User Interface (UI). The guidance now notes that Cisco has fixed these vulnerabilities for the 17.6 Cisco IOS XE software release train with the 17.6.6a update. According to Cisco’s Security Advisory: Multiple Vulnerabilities in Cisco… Read more
-
CISA Announces Launch of Logging Made Easy
Today, CISA announces the launch of a new version of Logging Made Easy (LME), a straightforward log management solution for Windows-based devices that can be downloaded and self-installed for free. CISA’s version reimagines technology developed by the United Kingdom’s National Cyber Security Centre (NCSC), making it available to a wider audience. Log management makes systems more secure.… Read more
-
NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations
A plea for network defenders and software manufacturers to fix common problems. EXECUTIVE SUMMARY The National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint cybersecurity advisory (CSA) to highlight the most common cybersecurity misconfigurations in large organizations, and detail the tactics, techniques, and procedures (TTPs) actors use to exploit… Read more
-
Vulnerability Summary for the Week of October 16, 2023
High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info 1e — platform Affected 1E Platform versions have a Blind SQL Injection vulnerability that can lead to arbitrary code execution. Application of the relevant hotfix remediates this issue. for v8.1.2 apply hotfix Q23166 for v8.4.1 apply hotfix Q23164 for v9.0.1 apply hotfix… Read more
-
Vulnerability Summary for the Week of October 9, 2023
High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info 3ds — teamwork_cloud_no_magic_release A Cross-Site Request Forgery (CSRF) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x could allow with some very specific conditions an attacker to send a specifically crafted query to the server. 2023-10-09… Read more
-
Threat Actors Exploit Atlassian Confluence CVE-2023-22515 for Initial Access to Networks
SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing this joint Cybersecurity Advisory (CSA) in response to the active exploitation of CVE-2023-22515. This recently disclosed vulnerability affects certain versions of Atlassian Confluence Data Center and Server, enabling malicious cyber threat actors… Read more
-
#StopRansomware: AvosLocker Ransomware (Update)
SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov… Read more
-
Vulnerability Summary for the Week of October 2, 2023
High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info acronis — agent Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 29051. 2023-10-04 7.8 CVE-2023-44209MISC acronis — cyber_protect_home_office Sensitive information disclosure and manipulation due to missing authorization.… Read more
-
Vulnerability Summary for the Week of September 25, 2023
High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info accusoft — imagegear An out-of-bounds write vulnerability exists in the tiff_planar_adobe functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. 2023-09-25 9.8 CVE-2023-32284MISC accusoft… Read more
-
Vulnerability Summary for the Week of September 18, 2023
High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info acronis — cyber_protect_home_office Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40713. 2023-09-20 7.5 CVE-2023-5042MISC apple — multiple_products The issue was addressed with improved checks. This issue… Read more