Author Archives: Analyst

CISA Releases Five Industrial Control Systems Advisories

CISA Releases Five Industrial Control Systems Advisories 12/07/2023 07:00 AM EST CISA released five Industrial Control Systems (ICS) advisories on December 7, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-341-01 Mitsubishi Electric FA Engineering Software Products ICSA-23-341-02 Schweitzer Engineering Laboratories SEL-411L ICSA-23-341-03 Johnson Controls Metasys and Facility …

Continue reading “CISA Releases Five Industrial Control Systems Advisories”

CISA and International Partners Release Advisory on Russia-based Threat Actor Group, Star Blizzard

CISA and International Partners Release Advisory on Russia-based Threat Actor Group, Star Blizzard 12/07/2023 12:00 PM EST Today, the Cybersecurity and Infrastructure Security Agency (CISA)—in coordination with the United Kingdom’s National Cyber Security Centre (UK-NCSC), Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), Canadian Centre for Cyber Security (CCCS), New Zealand National Cyber Security …

Continue reading “CISA and International Partners Release Advisory on Russia-based Threat Actor Group, Star Blizzard”

CISA Releases Joint Guide for Software Manufacturers: The Case for Memory Safe Roadmaps

CISA Releases Joint Guide for Software Manufacturers: The Case for Memory Safe Roadmaps 12/06/2023 07:00 AM EST Today, as part of the Secure by Design campaign, CISA published The Case for Memory Safe Roadmaps: Why Both C-Suite Executives and Technical Experts Need to Take Memory Safe Coding Seriously in collaboration with the following partners: United …

Continue reading “CISA Releases Joint Guide for Software Manufacturers: The Case for Memory Safe Roadmaps”

CISA Releases Two Industrial Control Systems Advisories

CISA Releases Two Industrial Control Systems Advisories 12/05/2023 01:00 PM EST CISA released two Industrial Control Systems (ICS) advisories on December 5, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-339-01 Zebra ZTC Industrial ZT400 and Desktop GK420d ICSA-23-208-03 Mitsubishi Electric CNC Series (Update D) CISA encourages users …

Continue reading “CISA Releases Two Industrial Control Systems Advisories”

CISA Adds Four Known Exploited Vulnerabilities to Catalog

CISA Adds Four Known Exploited Vulnerabilities to Catalog 12/05/2023 01:00 PM EST CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-33106 Qualcomm Multiple Chipsets Use of Out-of-Range Pointer Offset Vulnerability CVE-2023-33063 Qualcomm Multiple Chipsets Use-After-Free Vulnerability CVE-2023-33107 Qualcomm Multiple Chipsets Integer Overflow Vulnerability CVE-2022-22071 Qualcomm Multiple Chipsets Use-After-Free Vulnerability These …

Continue reading “CISA Adds Four Known Exploited Vulnerabilities to Catalog”

CISA Adds Four Known Exploited Vulnerabilities to Catalog

CISA Adds Four Known Exploited Vulnerabilities to Catalog 12/05/2023 01:00 PM EST CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-33106 Qualcomm Multiple Chipsets Use of Out-of-Range Pointer Offset Vulnerability CVE-2023-33063 Qualcomm Multiple Chipsets Use-After-Free Vulnerability CVE-2023-33107 Qualcomm Multiple Chipsets Integer Overflow Vulnerability CVE-2022-22071 Qualcomm Multiple Chipsets Use-After-Free Vulnerability These …

Continue reading “CISA Adds Four Known Exploited Vulnerabilities to Catalog”

CISA Releases Advisory on Threat Actors Exploiting CVE-2023-26360 Vulnerability in Adobe ColdFusion

CISA Releases Advisory on Threat Actors Exploiting CVE-2023-26360 Vulnerability in Adobe ColdFusion 12/05/2023 10:00 AM EST Today, CISA released a Cybersecurity Advisory (CSA), Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers, to disseminate known indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs). The vulnerability in ColdFusion (CVE-2023-26360) presents as …

Continue reading “CISA Releases Advisory on Threat Actors Exploiting CVE-2023-26360 Vulnerability in Adobe ColdFusion”

Vulnerability Summary for the Week of November 27, 2023

Vulnerability Summary for the Week of November 27, 2023 12/04/2023 03:43 PM EST The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not …

Continue reading “Vulnerability Summary for the Week of November 27, 2023”

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA Adds Two Known Exploited Vulnerabilities to Catalog 12/04/2023 02:30 PM EST CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-42917 Apple Multiple Products WebKit Memory Corruption Vulnerability CVE-2023-42916 Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors …

Continue reading “CISA Adds Two Known Exploited Vulnerabilities to Catalog”

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA Adds Two Known Exploited Vulnerabilities to Catalog 12/04/2023 02:30 PM EST CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-42917 Apple Multiple Products WebKit Memory Corruption Vulnerability CVE-2023-42916 Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors …

Continue reading “CISA Adds Two Known Exploited Vulnerabilities to Catalog”