Skip to Content

In a joint cybersecurity advisory, the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Multi-State Information Sharing and Analysis Center (MS-ISAC) warn that threat actors used legitimate remote monitoring and management software to gain access to the networks of multiple federal civilian executive branch agencies. The advisory includes technical details, indicators of …

Read More about Joint Warning from CISA, NSA, and MS-ISAC on Remote Monitoring and Management Software

The US Cybersecurity and Infrastructure Security Agency (CISA) has published a dozen advisories warning of vulnerabilities in various Industrial Control Systems (ICS). Affected products include Sewio RTLS Studio, 2 RONDS Equipment Predictive Maintenance Solution, InHand Networks InRouter, Panasonic Sanyo CCTV Network Camera, SAUTER Controls Nova 200 – 220 Series (PLC 6), Johnson Controls Metasys, Hitachi …

Read More about CISA Publishes a Dozen ICS Advisories

The US Cybersecurity and Infrastructure Security Agency (CISA) has added two privilege elevation vulnerabilities – one in Microsoft Exchange Server and one in Windows – to its Known Exploited Vulnerabilities (KDEV) Catalog. US Federal Civilian Executive Branch Agencies have until January 31 to mitigate the flaws. Note CVE-2022-41080 – an Exchange privilege escalation flaw from …

Read More about CISA Adds Two Flaws to Known Exploited Vulnerabilities Catalog

Updated on 2023-01-09: Hitachi Energy Vulnerabilities The US Cybersecurity and Infrastructure Security Agency (CISA) has published three Industrial Control System (ICS) advisories regarding vulnerabilities in Hitachi Energy products. The flaws affect Hitachi Energy UNEM, Hitachi Energy FOXMAN-UN, and Hitachi Energy Lumada Asset Performance Management. Hitachi has addressed the vulnerabilities and urges users to update to …

Read More about Hitachi Energy Vulnerabilities

Updated on 2022-12-30 The US Cybersecurity and Infrastructure Security Agency (CISA) has added two JasperReports vulnerabilities to its known exploited vulnerabilities catalog: CVE-2018-5430 (CVSS score: 7.7) and CVE-2018-18809 (CVSS score: 9.9). The flaws were disclosed in 2018; fixes are available for both flaws. CISA says it has become aware that the vulnerabilities – an information …

Read More about CISA Adds JasperReports Flaws from 2018 to Known Exploited Vulnerabilities Catalog

The US Cybersecurity and Infrastructure Security Agency (CISA) has published three advisories regarding vulnerabilities in Rockwell Automation controllers. Rockwell has released updates to address two of the vulnerabilities: an improper access control issue in Rockwell Automation Studio 5000 Logix Emulate and an improper input validation issue in Rockwell Automation GuardLogix and ControlLogix controllers. Rockwell has …

Read More about Vulnerabilities in Rockwell Automation Controllers

The US Cybersecurity and Infrastructure Security Agency (CISA) has added an unspecified vulnerability in Oracle Fusion Middleware to its Known Exploited Vulnerabilities (KEV) catalog. The flaw affects Oracle Fusion Middleware Access Manager and “allows an unauthenticated attacker with network access via HTTP to take over the Access Manager product.” CISA has specified a mitigation due …

Read More about CISA Adds Oracle Fusion Middleware Flaw to Known Exploited Vulnerabilities Catalog

Updated on 2022-12-12 The Hive ransomware group claimed responsibility for ongoing disruptions to computer systems at Knox College, Illinois. It claimed to have encrypted critical infrastructure and data. Read more: Knox College president addresses ransomware incident as notorious group claims credit Updated on 2022-12-09 The Hive ransomware group claimed to have posted the customer data …

Read More about Hive Ransomware Development

Updated on 2022-12-29 The Log4Shell vulnerability remains a big threat to organizations even after a year since it received security patches. It is found that around 40% of software continues to use vulnerable versions of Apache Log4j. Read more: Lessons Learned: The Log4J Vulnerability 12 Months On Updated on 2022-12-12: Log4Shell one-year anniversary Happy birthday …

Read More about Log4j library still vulnerable to the Log4Shell exploit

Updated on 2022-11-14: CISA Publishes Stakeholder-Specific Vulnerability Categorization Guide The US Cybersecurity and Infrastructure Security Agency (CISA) has published a Stakeholder-Specific Vulnerability Categorization Guide to help government agencies and other organizations prioritize vulnerability management. The guide includes information about how CISA scores vulnerabilities, and describes its decision tree model. Note The SVCC guide derives from …

Read More about CISA Publishes Stakeholder-Specific Vulnerability Categorization Guide

The US Cybersecurity and Infrastructure Security Agency (CISA) has published three separate industrial control system (ICS) advisories. The vulnerabilities affect ETIC Telecom remote Access Server, Nokia ASIK AirScale System Module, and Delta Industrial Automation DIALink. Note Updates to the affected ETIC and DIALink products have been published. Implement mitigations from Nokia until a fix is …

Read More about CISA: Three ICS Vulnerability Warnings

Updated on 2022-10-26 The CISA has reportedly sought out public comments on security configuration baselines for eight Microsoft products, as part of its Securing Cloud Business Applications (SCUBA) project. Read more: CISA Seeks Feedback on Baseline Measures to Secure Cloud Configuration Overview The US Cybersecurity and Infrastructure Security Agency (CISA) has released security configuration baseline …

Read More about CISA Releases Microsoft 365 Security Configurations Baseline Recommendations
Ads Blocker Image Powered by Code Help Pro

Your Support Matters...

We run an independent site that is committed to delivering valuable content, but it comes with its challenges. Many of our readers use ad blockers, causing our advertising revenue to decline. Unlike some websites, we have not implemented paywalls to restrict access. Your support can make a significant difference. If you find this website useful and choose to support us, it would greatly secure our future. We appreciate your help. If you are currently using an ad blocker, please consider disabling it for our site. Thank you for your understanding and support.