Category: alerts
Category Added in a WPeMatico Campaign
-
CISA and FBI Release Secure by Design Alert on Eliminating Cross-Site Scripting Vulnerabilities
Today, CISA and FBI released a Secure by Design Alert, Eliminating Cross-Site Scripting Vulnerabilities, as a part of our ongoing effort to reduce the prevalence of vulnerability classes at scale. Vulnerabilities like cross-site scripting (XSS) continue to appear in software, enabling threat actors to exploit them. However, cross-site scripting vulnerabilities are preventable and should not… Read more
-
New CISA Plan Aligns Federal Agencies in Cyber Defense
Today, the Cybersecurity and Infrastructure Security Agency (CISA) released the Federal Civilian Executive Branch (FCEB) Operational Cybersecurity Alignment (FOCAL) Plan. Developed in collaboration with FCEB agencies, this plan provides standard, essential components of enterprise operational cybersecurity and aligns the collective operational defense capabilities across the federal enterprise. Currently, federal agencies maintain their own networks and… Read more
-
Vulnerability Summary for the Week of September 9, 2024
High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info Siemens–Industrial Edge Management Pro A vulnerability has been identified in Industrial Edge Management Pro (All versions < V1.9.5), Industrial Edge Management Virtual (All versions < V2.3.1-1). Affected components do not properly validate the device tokens. This could allow an unauthenticated remote attacker… Read more
-
CISA Releases Analysis of FY23 Risk and Vulnerability Assessments
CISA has released an analysis and infographic detailing the findings from the 121 Risk and Vulnerability Assessments (RVAs) conducted across multiple critical infrastructure sectors in fiscal year 2023 (FY23). The analysis details a sample attack path including tactics and steps a cyber threat actor could follow to compromise an organization with weaknesses representative of those… Read more
-
Cisco Releases Security Updates for Cisco Smart Licensing Utility
Cisco released security updates to address two vulnerabilities (CVE-2024-20439 and CVE-2024-20440) in Cisco Smart Licensing Utility. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisory and apply the necessary updates: Cisco Smart Licensing Utility Vulnerabilities Read more
-
Ivanti Releases Security Updates for Endpoint Manager, Cloud Service Application, and Workspace Control
Ivanti released security updates to address multiple vulnerabilities in Ivanti Endpoint Manager, Cloud Service Application 4.6, and Workspace Control. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Ivanti advisories and apply the necessary guidance and updates: Ivanti Endpoint… Read more
-
Citrix Releases Security Updates for Citrix Workspace App for Windows
Citrix released security updates to address multiple vulnerabilities in the Citrix Workspace App for Windows. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following and apply necessary updates: Citrix Workspace app for Windows Security Bulletin for CVE-2024-7889 and CVE-2024-7890 Read more
-
Vulnerability Summary for the Week of September 2, 2024
High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info abcd-community — abcd A vulnerability classified as problematic has been found in ABCD ABCD2 up to 2.2.0-beta-1. This affects an unknown part of the file /common/show_image.php. The manipulation of the argument image leads to path traversal: ‘../filedir’. It is possible to initiate… Read more
-
Russian Military Cyber Actors Target US and Global Critical Infrastructure
Summary The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and National Security Agency (NSA) assess that cyber actors affiliated with the Russian General Staff Main Intelligence Directorate (GRU) 161st Specialist Training Center (Unit 29155) are responsible for computer network operations against global targets for the purposes of espionage, sabotage, and reputational… Read more
-
FBI, CISA, NSA, and US and International Partners Release Advisory on Russian Military Cyber Actors Targeting US and Global Critical Infrastructure
Today, the Federal Bureau of Investigation (FBI)—in partnership with CISA, the National Security Agency (NSA), and other U.S. and international partners—released a joint Cybersecurity Advisory Russian Military Cyber Actors Target U.S. and Global Critical Infrastructure. This advisory provides overlapping cybersecurity industry cyber threat intelligence, tactics, techniques, and procedures (TTPs) and Indicators of Compromise (IOCs) associated with… Read more