Our news
-
2023 Top Routinely Exploited Vulnerabilities
Summary The following cybersecurity agencies coauthored this joint Cybersecurity Advisory (hereafter collectively referred to as the authoring agencies): United States: The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and National Security Agency (NSA) Australia: Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) Canada: Canadian Centre for Cyber Security (CCCS) New…
-
The Buzz Around Honeypots
In today’s ever evolving world of cyber threats, attackers are constantly adapting their strategy to evade detection, making the job of cybersecurity professionals a constant challenge. Each new defensive measure is met with new tactics aimed at finding a way around it. As the Irish Republican Army once remarked after a failed bombing attempt, “Today…
-
JCDC’s Collaborative Efforts Enhance Cybersecurity for the 2024 Olympic and Paralympic Games
The Cybersecurity and Infrastructure Security Agency (CISA), through the Joint Cyber Defense Collaborative (JCDC), enabled proactive coordination and information sharing to bolster cybersecurity ahead of the 2024 Olympic and Paralympic Games in Paris. Recognizing the potential for cyber threats targeting the Games, CISA worked to strengthen U.S. private sector ties and facilitate connections with key…
-
Citrix Releases Security Updates for NetScaler and Citrix Session Recording
Citrix released security updates to address multiple vulnerabilities in NetScaler ADC, NetScaler Gateway, and Citrix Session Recording. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following and apply necessary updates: NetScaler ADC and NetScaler Gateway Security Bulletin…
-
Vulnerability Summary for the Week of October 28, 2024
High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info acnoo — flutter_api Authentication Bypass Using an Alternate Path or Channel vulnerability in Acnoo Acnoo Flutter API allows Authentication Bypass.This issue affects Acnoo Flutter API: from n/a through 1.0.5. 2024-10-28 9.8 CVE-2024-50486 audit@patchstack.com adirectory–aDirectory Unrestricted Upload of File with Dangerous Type vulnerability…
-
Cyber Threats and the U.S. Election
As the presidential race is ending, cybercrime revolving around the election is at an all-time high. The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released a joint public service announcement (PSA) cautioning the widespread disinformation being spread by threat actors ahead of the U.S. general election. The announcement focused…
-
Foreign Threat Actor Conducting Large-Scale Spear-Phishing Campaign with RDP Attachments
CISA has received multiple reports of a large-scale spear-phishing campaign targeting organizations in several sectors, including government and information technology (IT). The foreign threat actor, often posing as a trusted entity, is sending spear-phishing emails containing malicious remote desktop protocol (RDP) files to targeted organizations to connect to and access files stored on the target’s…
-
Fortinet Updates Guidance and Indicators of Compromise following FortiManager Vulnerability Exploitation
Fortinet has updated their security advisory addressing a critical FortiManager vulnerability (CVE-2024-47575) to include additional workarounds and indicators of compromise (IOCs). A remote, unauthenticated cyber threat actor could exploit this vulnerability to gain access to sensitive files or take control of an affected system. At this time, all patches have been released. CISA previously added this…
-
JCDC’s Industry-Government Collaboration Speeds Mitigation of CrowdStrike IT Outage
CISA, through the Joint Cyber Defense Collaborative (JCDC), enabled swift, coordinated response and information sharing in the wake of a significant IT outage caused by a CrowdStrike software update. This outage, which impacted government, critical infrastructure, and industry across the globe, led to disruptions in essential services, including air travel, healthcare, and financial operations. Leveraging…
-
Deepfake Frights: Unmasking the Shadows of Digital Deception
October. The month the night grows longer, and spooky whispers fill the air. Your neighbor is masquerading as a world-renowned singer and her husband is living out his football superstar fantasies. October is a spectacle, and maybe it’s time to slip into your costume. Unfortunately, you are not the only one in disguise. In fact,…