Our news

  • Microsoft Releases November 2024 Security Updates

    Microsoft released security updates to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following and apply necessary updates: Microsoft Security Update Guide for November

    READ MORE

  • Ivanti Releases Security Updates for Multiple Products

    Ivanti released security updates to address vulnerabilities in Ivanti Endpoint Manager (EPM), Ivanti Avalanche, Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti Security Access Client. CISA encourages users and administrators to review the following Ivanti security advisories and apply the necessary guidance and updates: Ivanti Security Advisory EPM Ivanti Security Advisory Avalanche Ivanti Security Advisory…

    READ MORE

  • Vulnerability Summary for the Week of November 4, 2024

    High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 1000 Projects–Beauty Parlour Management System  A vulnerability, which was classified as critical, has been found in 1000 Projects Beauty Parlour Management System 1.0. This issue affects some unknown processing of the file /admin/admin-profile.php. The manipulation of the argument adminname leads to sql injection. The…

    READ MORE

  • 2023 Top Routinely Exploited Vulnerabilities

    Summary The following cybersecurity agencies coauthored this joint Cybersecurity Advisory (hereafter collectively referred to as the authoring agencies): United States: The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and National Security Agency (NSA) Australia: Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) Canada: Canadian Centre for Cyber Security (CCCS) New…

    READ MORE

  • The Buzz Around Honeypots  

    In today’s ever evolving world of cyber threats, attackers are constantly adapting their strategy to evade detection, making the job of cybersecurity professionals a constant challenge. Each new defensive measure is met with new tactics aimed at finding a way around it. As the Irish Republican Army once remarked after a failed bombing attempt, “Today…

    READ MORE

  • JCDC’s Collaborative Efforts Enhance Cybersecurity for the 2024 Olympic and Paralympic Games

    The Cybersecurity and Infrastructure Security Agency (CISA), through the Joint Cyber Defense Collaborative (JCDC), enabled proactive coordination and information sharing to bolster cybersecurity ahead of the 2024 Olympic and Paralympic Games in Paris. Recognizing the potential for cyber threats targeting the Games, CISA worked to strengthen U.S. private sector ties and facilitate connections with key…

    READ MORE

  • Citrix Releases Security Updates for NetScaler and Citrix Session Recording

    Citrix released security updates to address multiple vulnerabilities in NetScaler ADC, NetScaler Gateway, and Citrix Session Recording. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.    CISA encourages users and administrators to review the following and apply necessary updates:    NetScaler ADC and NetScaler Gateway Security Bulletin…

    READ MORE

  • Vulnerability Summary for the Week of October 28, 2024

    High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info acnoo — flutter_api  Authentication Bypass Using an Alternate Path or Channel vulnerability in Acnoo Acnoo Flutter API allows Authentication Bypass.This issue affects Acnoo Flutter API: from n/a through 1.0.5. 2024-10-28 9.8 CVE-2024-50486 audit@patchstack.com  adirectory–aDirectory  Unrestricted Upload of File with Dangerous Type vulnerability…

    READ MORE

  • Cyber Threats and the U.S. Election

    As the presidential race is ending, cybercrime revolving around the election is at an all-time high. The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released a joint public service announcement (PSA) cautioning the widespread disinformation being spread by threat actors ahead of the U.S. general election. The announcement focused…

    READ MORE

  • Foreign Threat Actor Conducting Large-Scale Spear-Phishing Campaign with RDP Attachments

    CISA has received multiple reports of a large-scale spear-phishing campaign targeting organizations in several sectors, including government and information technology (IT). The foreign threat actor, often posing as a trusted entity, is sending spear-phishing emails containing malicious remote desktop protocol (RDP) files to targeted organizations to connect to and access files stored on the target’s…

    READ MORE