Our news
-
Identification and Disruption of QakBot Infrastructure
SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) are releasing this joint Cybersecurity Advisory (CSA) to disseminate QakBot infrastructure indicators of compromise (IOCs) identified through FBI investigations as of August 2023. On August 25, FBI and international partners executed a coordinated operation to disrupt QakBot infrastructure worldwide. Disruption operations…
-
Juniper Networks Releases Security Advisory for Junos OS and Junos OS Evolved
Juniper Networks has released a security advisory to address a vulnerability for Junos OS and Junos OS Evolved. A cyber threat actor could exploit this vulnerability to cause a denial-of-service condition. CISA encourages users and administrators to review Juniper’s Support Portal and apply the necessary update.
-
Vulnerability Summary for the Week of August 21, 2023
High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info qemu — qemu The hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed…
-
CISA’s VDP Platform 2022 Annual Report Showcases Success
Today, the Cybersecurity and Infrastructure Security Agency (CISA) released its inaugural Vulnerability Disclosure Policy (VDP) Platform 2022 Annual Report, highlighting the service’s progress supporting vulnerability awareness and remediation across the Federal Civilian Executive Branch (FCEB). This report showcases how agencies have used the VDP Platform—launched in July 2021—to safeguard the FCEB and support risk reduction. The VDP platform…
-
Vulnerability Summary for the Week of August 14, 2023
High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info foldingathome — client_advanced_control An issue was discovered in FoldingAtHome Client Advanced Control GUI before commit 9b619ae64443997948a36dda01b420578de1af77, allows remote attackers to execute arbitrary code via crafted payload to function parse_message in file Connection.py. 2023-08-11 9.8 CVE-2020-27544MISC sourcecodester — school_faculty_scheduling_system SQL Injection vulnerability…
-
Juniper Releases Security Advisory for Multiple Vulnerabilities in Junos OS
Juniper has released a security advisory to address vulnerabilities in Junos OS on SRX Series and EX Series. A remote cyber threat actor could exploit these vulnerabilities to cause a denial-of service condition. CISA encourages users and administrators to review Juniper’s Support Portal and apply the necessary updates.
-
Atlassian Releases Security Update for Confluence Server and Data Center
Atlassian has released its security bulletin for August 2023 to address a vulnerability in Confluence Server and Data Center, CVE-2023-28709. A remote attacker can exploit this vulnerability to cause a denial-of-service condition. CISA encourages users and administrators to review Atlassian’s August 2003 Security Bulletin and apply the necessary update.
-
Vulnerability Summary for the Week of August 7, 2023
High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info phoenixcontact — wp_6xxx_series In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use an attribute of a specific HTTP POST request releated to date/time operations to gain full…
-
CISA Releases Twelve Industrial Control Systems Advisories
CISA released twelve Industrial Control Systems (ICS) advisories on August 10, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-222-01 Siemens Solid Edge, JT2Go and Teamcenter Visualization ICSA-23-222-02 Siemens Parasolid Installer ICSA-23-222-03 Siemens JT Open, JT Utilities, and Parasolid ICSA-23-222-04 Siemens Software Center ICSA-23-222-05 Siemens RUGGEDCOM CROSSBOW ICSA-23-222-06…
-
Vulnerability Summary for the Week of July 31, 2023
High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info yunyecms — yunyecms SQL injection vulnerability in yunyecms 2.0.2 allows remote attackers to run arbitrary SQL commands via XFF. 2023-07-31 9.8 CVE-2020-21662MISC raspap — raspap A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary…