Tag: cisa
-
CISA’s vulnerability management program spotted 250 critical CVEs in 2023
The 51 federal civilian agencies involved in the program remediated 872 vulnerabilities last year, up 78% increase from 2022, according to CISA. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cisa-vulnerability-disclosure-platform/728956/
-
Exploits beobachtet: CISA warnt Nutzer von Ivanti- und Zimbra-Software
Ein Monate alter Ivanti-Fehler wird nun aktiv von Angreifern ausgenutzt, die Zimbra-Lücke hingegen ist erst wenige Tage alt. Patches sind dringend angeraten. First seen on heise.de Jump to article: www.heise.de/news/US-Behoerde-CISA-warnt-Kritische-Luecken-bei-Ivanti-und-Zimbra-werden-ausgenutzt-9962629.html
-
CISA Warns of Critical Vulnerabilities in Switches Used in Manufacturing
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding two critical vulnerabilities identified in Optigo Networks ONS-S8 Aggregation Switch products. These devices are commonly used in critical infrastructure and manufacturing systems worldwide, and the vulnerabilities could allow attackers to bypass authentication and execute remote code, posing significant risks to affected…
-
CISA Preparing to Assess Federal Zero Trust Progress
US Cyber Defense Agency Plans to Review Updated Implementation Plans in November. A top official from the U.S. Cybersecurity and Infrastructure Security Agency said Thursday the agency is planning to review updated federal implementation plans and ensure agencies are aligning with zero trust security objectives and addressing any funding gaps or technical challenges. First seen…
-
CISA Adds High-Severity Ivanti Vulnerability to KEV Catalog
Ivanti reports that the bug is being actively exploited in the wild for select customers. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/cisa-high-severity-ivanti-vulnerability-kev-catalog
-
CISA is warning us (again) about the threat to critical infrastructure networks
Despite what lessons we thought we learned from Colonial Pipeline, none of those lessons have been able to be put into practice. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/threat-source-newsletter-oct-3-2024/
-
CISA issues warning about another Ivanti flaw under active attack
The U.S. IT software giant confirmed this week that the vulnerability, fixed in May, is now being used to target a “limited number” of Ivanti customers. First seen on techcrunch.com Jump to article: techcrunch.com/2024/10/03/cisa-issues-warning-about-another-ivanti-flaw-under-active-attack/
-
CISA Launches 21st Cybersecurity Awareness Month: Secure Our World
The Cybersecurity and Infrastructure Security Agency (CISA) marked the beginning of the 21st Cybersecurity Awareness Month. The motive of the initiative is to enhance cybersecurity awareness and educate the public about modern information security architectures. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/cisa-cybersecurity-awareness-month/
-
CISA Director Assures: Foreign Interference Cannot Alter US Election Results
Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency (CISA), assured that the United States’ election systems were more secure than ever, making it nearly impossible for foreign adversaries to alter the election results. The statement comes amid rising concerns regarding US election security, particularly from Russia and Iran. First seen on thecyberexpress.com Jump…
-
Ivanti Endpoint Manager Flaw Actively Targeted, CISA Warns Agencies to Patch
Tags: cisa, cve, cvss, cybersecurity, endpoint, exploit, flaw, infrastructure, ivanti, kev, update, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a security flaw impacting Endpoint Manager (EPM) that the company patched in May to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.The vulnerability, tracked as CVE-2024-29824, carries a CVSS score of 9.6 out of a maximum of 10.0, indicating critical…
-
CISA Touts the VDA Program’s Achievements
Tags: cisaFirst seen on scworld.com Jump to article: www.scworld.com/brief/cisa-touts-the-vda-programs-achievements
-
CISA touts achievements of VDP program
Tags: cisaFirst seen on scworld.com Jump to article: www.scworld.com/brief/cisa-touts-achievements-of-vdp-program
-
Federal threat sharing system revival promised by CISA
First seen on scworld.com Jump to article: www.scworld.com/brief/federal-threat-sharing-system-revival-promised-by-cisa
-
U.S. CISA adds Ivanti Endpoint Manager (EPM) flaw to its Known Exploited Vulnerabilities catalog
Tags: authentication, cisa, cve, cybersecurity, endpoint, exploit, infrastructure, ivanti, kev, vulnerabilityU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti Endpoint Manager (EPM) vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the Ivanti Virtual Traffic Manager authentication bypass vulnerability CVE-2024-29824 (CVSS score of 9.6) to its Known Exploited Vulnerabilities (KEV) catalog. In May, Ivanti rolled out security patches to…
-
Critical Ivanti RCE flaw with public exploit now used in attacks
Tags: attack, cisa, endpoint, exploit, flaw, ivanti, rce, remote-code-execution, threat, vulnerabilityCISA warned today that a critical Ivanti vulnerability that can let threat actors gain remote code execution on vulnerable Endpoint Manager (EPM) appliances is now actively exploited in attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critical-ivanti-rce-flaw-with-public-exploit-now-used-in-attacks/
-
ACSC and CISA Launch Critical OT Cybersecurity Guidelines
The ACSC, in collaboration with CISA and international partners, has released a guide for securing operational technology in critical sectors First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/acsc-cisa-launch-ot-guidelines/
-
Network switch RCE flaw impacts critical infrastructure
U.S. cybersecurity agency CISA is warning about two critical vulnerabilities that allow authentication bypass and remote code execution in Optigo Networks ONS-S8 Aggregation Switch products used in critical infrastructure. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-network-switch-rce-flaw-impacts-critical-infrastructure/
-
80% of Manufacturing Firms Have Critical Vulnerabilities
A Black Kite report found that 67% of manufacturing firms have at least one vulnerability from CISA’s Known Exploited Vulnerabilities (KEV) catalog First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/manufacturing-critical/
-
CISA warnt vor Angriffen – Schwachstellen in Microsoft MSHTML und WhatsUp Gold
First seen on security-insider.de Jump to article: www.security-insider.de/cisa-warnt-vor-cyberangriffen-durch-schwachstellen-mshtml-whatsup-gold-a-38083baf63b09fd4ec9e6ba3277f2970/
-
Thousands of bugs remediated in second year of vulnerability disclosure program
First seen on therecord.media Jump to article: therecord.media/cisa-thousands-of-bugs-remediated-vulnerability-disclosure-program
-
Experts Warn CISA’s Threat Sharing is in a ‘Death Spiral’
US Cyber Defense Agency’s Flagship Threat Sharing Initiative Facing Major Hurdles. Experts told Information Security Media Group the Cybersecurity and Infrastructure Security Agency’s flagship threat sharing initiative faces major logistical hurdles and may need to be replaced with a more mature approach to automated threat analysis following a damning Inspector General report. First seen on…
-
U.S. CISA adds D-Link DIR-820 Router, DrayTek Multiple Vigor Router, Motion Spell GPAC, SAP Commerce Cloud bugs to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds D-Link DIR-820 Router, DrayTek Multiple Vigor Router, Motion Spell GPAC, SAP Commerce Cloud bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SonicWall SonicOS, ImageMagick and Linux Kernel vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these…
-
Organizations Warned of Exploited SAP, Gpac and D-Link Vulnerabilities
CISA warns that years-old vulnerabilities in SAP Commerce, Gpac framework, and D-Link DIR-820 routers are exploited in the wild. The post Organizations Warned of Exploited SAP, Gpac and D-Link Vulnerabilities appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/organizations-warned-of-exploited-sap-gpac-and-d-link-vulnerabilities/
-
CISA and FBI Issue Alert on XSS Vulnerabilities
Cross-site scripting (XSS) vulnerabilities continue to be a major concern in today’s software landscape, despite being preventable. CISA and FBI have issued a Secure by Design alert to reduce the prevalence of these vulnerabilities. While XSS attacks have been around for years, they remain a persistent threat due to improper handling of user inputs in……
-
CISA Warns of Four Vulnerabilities that Exploited Actively in the Wild
Tags: cisa, cve, cyber, cybersecurity, exploit, infrastructure, injection, risk, router, sap, software, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has warned about four critical vulnerabilities currently being exploited in the wild. These vulnerabilities affect various products, from routers to software platforms, posing significant risks to users worldwide. The vulnerabilities have been identified in D-Link, DrayTek, Motion Spell, and SAP products. CVE-2023-25280: D-Link DIR-820 Router OS Command Injection…
-
CISA pledges to resolve issues with threat sharing system after watchdog report
First seen on therecord.media Jump to article: therecord.media/cisa-pledges-to-resolve-threat-sharing-program-issues-oig-report
-
CISA launches portal to simplify cyber incident reporting
Information sharing just got more efficient. In August, the Cybersecurity and Infrastructure Security Agency (CISA) launched the CISA Services Portal. “The new CISA Services Portal improves the reporting process and offers more features for our voluntary reporters. We ask organizations… First seen on securityintelligence.com Jump to article: securityintelligence.com/news/cisa-launches-portal-simplify-cyber-incident-reporting/