Category: alerts
Category Added in a WPeMatico Campaign
-
CISA Releases Nine Industrial Control Systems Advisories
CISA released nine Industrial Control Systems (ICS) advisories on July 13, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-194-01 Siemens RUGGEDCOM ROX ICSA-23-194-02 Siemens SiPass Integrated ICSA-23-194-03 Siemens SIMATIC CN 4100 ICSA-23-194-04 Siemens SIMATIC MV500 Devices ICSA-23-194-05 Rockwell Automation PowerMonitor 1000 ICSA-23-194-06 Honeywell Experion PKS, LX and… Read more
-
Cisco Releases Security Update for SD-WAN vManage API
Cisco has released a security update to address a critical vulnerability affecting SD-WAN vManage API. A remote attacker can exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review the Cisco security release Cisco SD-WAN vManage Unauthenticated REST API Access Vulnerability and apply the necessary updates. Read more
-
Juniper Releases Multiple Security Updates for Juno OS
Juniper has released updates to address multiple vulnerabilities in Juno OS. An attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Juniper’s Support Portal and apply the necessary updates. Read more
-
CISA and FBI Release Cybersecurity Advisory on Enhanced Monitoring to Detect APT Activity Targeting Outlook Online
The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) have released a joint Cybersecurity Advisory (CSA), Enhanced Monitoring to Detect APT Activity Targeting Outlook Online, to provide guidance to agencies and critical infrastructure organizations on enhancing monitoring in Microsoft Exchange Online environments. In June 2023, a Federal Civilian Executive Branch (FCEB)… Read more
-
Enhanced Monitoring to Detect APT Activity Targeting Outlook Online
SUMMARY In June 2023, a Federal Civilian Executive Branch (FCEB) agency identified suspicious activity in their Microsoft 365 (M365) cloud environment. The agency reported the activity to Microsoft and the Cybersecurity and Infrastructure Security Agency (CISA), and Microsoft determined that advanced persistent threat (APT) actors accessed and exfiltrated unclassified Exchange Online Outlook data. CISA and… Read more
-
Mozilla Releases Security Update for Firefox and Firefox ESR
Mozilla has released a security update to address a vulnerability in Firefox and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review Mozilla Security Advisory MFSA 2023-26 and apply the necessary update. Read more
-
Vulnerability Summary for the Week of July 3, 2023
High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info sem-cms — semcms File Upload vulnerability in SEMCMS PHP 3.7 allows remote attackers to upload arbitrary files and gain escalated privileges. 2023-06-30 9.8 CVE-2020-18432MISCMISC flatnest_project — flatnest All versions of the package flatnest are vulnerable to Prototype Pollution via the… Read more
-
Progress Software Releases Service Pack for MOVEit Transfer Vulnerabilities
Progress Software has released a Service Pack to address three newly disclosed vulnerabilities (CVE-2023-36934, CVE-2023-36932, CVE-2023-36933) in MOVEit Transfer. A cyber threat actor could exploit some of these vulnerabilities to obtain sensitive information. CISA encourages users to review Progress Software’s MOVEit Transfer article and apply product updates as applicable for security improvements. Read more
-
Increased Truebot Activity Infects U.S. and Canada Based Networks
SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Canadian Centre for Cyber Security (CCCS) are releasing this joint Cybersecurity Advisory (CSA) in response to cyber threat actors leveraging newly identified Truebot malware variants against organizations in the United States… Read more
-
Vulnerability Summary for the Week of June 26, 2023
High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info apple — mac_os_x A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.6.6, macOS Monterey 12.3, Security Update 2022-004 Catalina. A remote user may cause an unexpected app termination or… Read more