CISA and International Partners Release Malware Analysis Report on Infamous Chisel Mobile Malware 08/31/2023 08:00 AM EDT Today, the United Kingdom’s National Cyber Security Centre (NCSC-UK), the United States’ Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI), New Zealand’s National Cyber Security Centre (NCSC-NZ), Canadian Centre for… Continue reading CISA and International Partners Release Malware Analysis Report on Infamous Chisel Mobile Malware
Month: August 2023
CISA and FBI Publish Joint Advisory on QakBot Infrastructure
CISA and FBI Publish Joint Advisory on QakBot Infrastructure 08/30/2023 03:00 PM EDT Today, the Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) released a joint Cybersecurity Advisory (CSA), Identification and Disruption of QakBot Infrastructure, to help organizations detect and protect against newly identified QakBot-related activity and malware. QakBot—also known as… Continue reading CISA and FBI Publish Joint Advisory on QakBot Infrastructure
VMware Releases Security Updates for Aria Operations for Networks
VMware Releases Security Updates for Aria Operations for Networks 08/30/2023 02:11 PM EDT VMware has released security updates to address multiple vulnerabilities in Aria Operations for Networks. A cyber threat actor can exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory VMSA-2023-0018… Continue reading VMware Releases Security Updates for Aria Operations for Networks
CISA Releases IOCs Associated with Malicious Barracuda Activity
CISA Releases IOCs Associated with Malicious Barracuda Activity 08/29/2023 08:00 AM EDT CISA has released additional indicators of compromise (IOCs) associated with exploitation of CVE-2023-2868. CVE-2023-2868 is a remote command injection vulnerability affecting Barracuda Email Security Gateway (ESG) Appliance, versions 5.1.3.001-9.2.0.006. Malicious threat actors exploited this vulnerability as a zero day as early as October… Continue reading CISA Releases IOCs Associated with Malicious Barracuda Activity
Juniper Networks Releases Security Advisory for Junos OS and Junos OS Evolved
Juniper Networks Releases Security Advisory for Junos OS and Junos OS Evolved 08/30/2023 12:04 PM EDT Juniper Networks has released a security advisory to address a vulnerability for Junos OS and Junos OS Evolved. A cyber threat actor could exploit this vulnerability to cause a denial-of-service condition. CISA encourages users and administrators to review Juniper’s… Continue reading Juniper Networks Releases Security Advisory for Junos OS and Junos OS Evolved
Mozilla Releases Security Updates for Firefox and Firefox ESR
Mozilla Releases Security Updates for Firefox and Firefox ESR 08/30/2023 11:08 AM EDT Mozilla has released security updates to address vulnerabilities for Firefox 117, Firefox ESR 115.2, and Firefox ESR 102.5. A cyber threat actor can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review… Continue reading Mozilla Releases Security Updates for Firefox and Firefox ESR
Vulnerability Summary for the Week of August 21, 2023
Vulnerability Summary for the Week of August 21, 2023 08/28/2023 04:30 PM EDT The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not… Continue reading Vulnerability Summary for the Week of August 21, 2023
CISA’s VDP Platform 2022 Annual Report Showcases Success
CISA’s VDP Platform 2022 Annual Report Showcases Success 08/25/2023 10:05 AM EDT Today, the Cybersecurity and Infrastructure Security Agency (CISA) released its inaugural Vulnerability Disclosure Policy (VDP) Platform 2022 Annual Report, highlighting the service’s progress supporting vulnerability awareness and remediation across the Federal Civilian Executive Branch (FCEB). This report showcases how agencies have used the VDP Platform—launched in… Continue reading CISA’s VDP Platform 2022 Annual Report Showcases Success
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA Adds Two Known Exploited Vulnerabilities to Catalog 08/22/2023 08:00 AM EDT CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-38035 Ivanti Sentry Authentication Bypass Vulnerability CVE-2023-27532 Veeam Backup & Replication Cloud Connect Missing Authentication for Critical Function Vulnerability These types of vulnerabilities are frequent attack vectors… Continue reading CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA Adds Two Known Exploited Vulnerabilities to Catalog 08/22/2023 08:00 AM EDT CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-38035 Ivanti Sentry Authentication Bypass Vulnerability CVE-2023-27532 Veeam Backup & Replication Cloud Connect Missing Authentication for Critical Function Vulnerability These types of vulnerabilities are frequent attack vectors… Continue reading CISA Adds Two Known Exploited Vulnerabilities to Catalog