Author: DEFENDEDGE

Mozilla has released a security update to address a vulnerability in Firefox and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review Mozilla Security Advisory MFSA 2023-26 and apply the necessary update. Read more

  High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info sem-cms — semcms File Upload vulnerability in SEMCMS PHP 3.7 allows remote attackers to upload arbitrary files and gain escalated privileges. 2023-06-30 9.8 CVE-2020-18432MISCMISC flatnest_project — flatnest All versions of the package flatnest are vulnerable to Prototype Pollution via the… Read more

Progress Software has released a Service Pack to address three newly disclosed vulnerabilities (CVE-2023-36934, CVE-2023-36932, CVE-2023-36933) in MOVEit Transfer. A cyber threat actor could exploit some of these vulnerabilities to obtain sensitive information.  CISA encourages users to review Progress Software’s MOVEit Transfer article and apply product updates as applicable for security improvements. Read more

SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Canadian Centre for Cyber Security (CCCS) are releasing this joint Cybersecurity Advisory (CSA) in response to cyber threat actors leveraging newly identified Truebot malware variants against organizations in the United States… Read more

  High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info apple — mac_os_x A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.6.6, macOS Monterey 12.3, Security Update 2022-004 Catalina. A remote user may cause an unexpected app termination or… Read more

CISA is aware of open-source reporting of targeted denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks against multiple organizations in multiple sectors. These attacks can cost an organization time and money and may impose reputational costs while resources and services are inaccessible. If you think you or your business is experiencing a DoS or DDoS attack,… Read more

The Homeland Security Systems Engineering and Development Institute, sponsored by the Department of Homeland Security and operated by MITRE, has released the 2023 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses. The CWE Top 25 is calculated by analyzing public vulnerability data in the National Vulnerability Data (NVD) for root cause mappings to… Read more

Today, CISA, together with the National Security Agency (NSA), released a Cybersecurity Information Sheet (CSI) to provide recommendations and best practices for organizations to strengthen the security of their CI/CD pipelines against the threat of malicious cyber actors (MCAs). Recognizing the various types of security threats that could affect CI/CD operations and taking steps to… Read more

CISA has released several documents as part of the Secure Cloud Business Applications (SCuBA) project: The Technical Reference Architecture (TRA) document, previously released for public comment on April 19, 2022, is the final version of a security guide that agencies can use to adopt technology for cloud deployment, adaptable solutions, secure architecture, and zero trust… Read more