Our news
-
Microsoft Releases December 2024 Security Updates
Microsoft released security updates to address vulnerabilities in multiple Microsoft products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following and apply necessary updates: Microsoft Security Update Guide for December
-
Shortening Incident Response Time and Dealing with Critical Global Emergencies.
There is not even a handful of years left to know what cybersecurity is today. As threats in cyber evolve and become ever more sophisticated, our IR (Incident Response) must adapt accordingly. At DefendEdge, we have accepted this shift from the reactive mindset to the initiative-taking approach to deliver faster, more effective responses to emergency…
-
Vulnerability Summary for the Week of December 2, 2024
High Vulnerabilities PrimaryVendor — Product Description8 Published CVSS Score Source Info SailPoint Technologies–IdentityIQ IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p2, IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p5, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p8, and all prior versions allow HTTP/HTTPS access to static content in the IdentityIQ application…
-
ASD’s ACSC, CISA, and US and International Partners Release Guidance on Choosing Secure and Verifiable Technologies
Today, CISA—in partnership with the Australian Signals Directorate Australian Cyber Security Centre (ASD ACSC), and other international partners—released updates to a Secure by Design Alert, Choosing Secure and Verifiable Technologies. Partners that provided recommendations in this alert include: The Canadian Centre for Cyber Security (CCCS). United Kingdom’s National Cyber Security Centre (NCSC-UK). New Zealand’s National…
-
CISA Releases New Public Version of CDM Data Model Document
Today, the Cybersecurity and Infrastructure Security Agency (CISA) released an updated public version of the Continuous Diagnostics and Mitigation (CDM) Data Model Document. Version 5.0.1 aligns with fiscal year 2023 Federal Information Security Modernization Act (FISMA) metrics. The CDM Data Model Document provides a comprehensive description of a common data schema to ensure that prescribed…
-
Vulnerability Summary for the Week of November 25, 2024
High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 1000 Projects–Portfolio Management System MCA A vulnerability has been found in 1000 Projects Portfolio Management System MCA 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /register.php. The manipulation of the argument name leads to sql injection.…
-
Vulnerability Summary for the Week of November 18, 2024
High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 1000projects — bookstore_management_system A vulnerability, which was classified as critical, has been found in 1000 Projects Bookstore Management System 1.0. Affected by this issue is some unknown functionality of the file /forget_password_process.php. The manipulation of the argument unm leads to sql injection. The attack…
-
Cyberattacks and Mobile Devices
There are over 17 billion smartphones in the world today, and that number grows by the day. Thanks to technological progress, there is hardly anyone these days who doesn’t have one mobile phone or an Internet of Things (IoT) device. This is provided by the growing connectivity, but these devices are subject to various security…
-
Enhancing Cyber Resilience: Insights from CISA Red Team Assessment of a US Critical Infrastructure Sector Organization
EXECUTIVE SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA) conducted a red team assessment (RTA) at the request of a critical infrastructure organization. During RTAs, CISA’s red team simulates real-world malicious cyber operations to assess an organization’s cybersecurity detection and response capabilities. In coordination with the assessed organization, CISA is releasing this Cybersecurity Advisory to…
-
CISA Releases Insights from Red Team Assessment of a U.S. Critical Infrastructure Sector Organization
Today, CISA released Enhancing Cyber Resilience: Insights from CISA Red Team Assessment of a U.S. Critical Infrastructure Sector Organization in coordination with the assessed organization. This cybersecurity advisory details lessons learned and key findings from an assessment, including the Red Team’s tactics, techniques, and procedures (TTPs) and associated network defense activity. This advisory provides comprehensive…