Our news
-
VMware Releases Advisory for VMware Tools Vulnerabilities
VMware released a security advisory addressing multiple vulnerabilities (CVE-2023-34057, CVE-2023-34058) in VMware Tools. A cyber actor could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the VMware advisory VMSA-2023-0024 and apply the necessary updates.
-
Vulnerability Summary for the Week of October 23, 2023
High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info projectworlds_pvt._limited — online_art_gallery Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘fnm’ parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-10-26 9.8 CVE-2023-43737MISCMISC…
-
CISA Updates Guidance for Addressing Cisco IOS XE Web UI Vulnerabilities With Additional Releases
Today, CISA updated its guidance addressing two vulnerabilities, CVE-2023-20198 and CVE-2023-20273, affecting Cisco’s Internetworking Operating System (IOS) XE Software Web User Interface (UI). The guidance now notes that Cisco has fixed these vulnerabilities for the 17.6 Cisco IOS XE software release train with the 17.6.6a update. According to Cisco’s Security Advisory: Multiple Vulnerabilities in Cisco…
-
CISA Announces Launch of Logging Made Easy
Today, CISA announces the launch of a new version of Logging Made Easy (LME), a straightforward log management solution for Windows-based devices that can be downloaded and self-installed for free. CISA’s version reimagines technology developed by the United Kingdom’s National Cyber Security Centre (NCSC), making it available to a wider audience. Log management makes systems more secure.…
-
NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations
A plea for network defenders and software manufacturers to fix common problems. EXECUTIVE SUMMARY The National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint cybersecurity advisory (CSA) to highlight the most common cybersecurity misconfigurations in large organizations, and detail the tactics, techniques, and procedures (TTPs) actors use to exploit…
-
Vulnerability Summary for the Week of October 16, 2023
High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info 1e — platform Affected 1E Platform versions have a Blind SQL Injection vulnerability that can lead to arbitrary code execution. Application of the relevant hotfix remediates this issue. for v8.1.2 apply hotfix Q23166 for v8.4.1 apply hotfix Q23164 for v9.0.1 apply hotfix…
-
Vulnerability Summary for the Week of October 9, 2023
High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info 3ds — teamwork_cloud_no_magic_release A Cross-Site Request Forgery (CSRF) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x could allow with some very specific conditions an attacker to send a specifically crafted query to the server. 2023-10-09…
-
Threat Actors Exploit Atlassian Confluence CVE-2023-22515 for Initial Access to Networks
SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing this joint Cybersecurity Advisory (CSA) in response to the active exploitation of CVE-2023-22515. This recently disclosed vulnerability affects certain versions of Atlassian Confluence Data Center and Server, enabling malicious cyber threat actors…
-
#StopRansomware: AvosLocker Ransomware (Update)
SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov…
-
Vulnerability Summary for the Week of October 2, 2023
High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info acronis — agent Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 29051. 2023-10-04 7.8 CVE-2023-44209MISC acronis — cyber_protect_home_office Sensitive information disclosure and manipulation due to missing authorization.…