Tag: CISA
-
The Cloudflare Blog: Advancing cybersecurity: Cloudflare implements a new bug bounty VIP program as part of CISA Pledge commitment
Source URL: https://blog.cloudflare.com/cisa-pledge-commitment-bug-bounty-vip Source: The Cloudflare Blog Title: Advancing cybersecurity: Cloudflare implements a new bug bounty VIP program as part of CISA Pledge commitment Feedly Summary: Cloudflare strengthens its commitment to cybersecurity by joining CISA’s “Secure by Design" pledge. In line with this commitment, we’re enhancing our vulnerability disclosure policy by launching a VIP bug…
-
Hacker News: Attackers are increasingly targeting industrial systems with brute force
Source URL: https://www.techradar.com/pro/security/hackers-are-increasingly-targeting-industrial-systems-with-brute-force-cisa-warns Source: Hacker News Title: Attackers are increasingly targeting industrial systems with brute force Feedly Summary: Comments AI Summary and Description: Yes Summary: The text highlights a significant increase in cyberattacks on operational technology (OT) and industrial control systems (ICS), specifically targeting endpoints in critical sectors like water and wastewater. The U.S. Cybersecurity…
-
Alerts: Cisco Releases Security Updates for IOS and IOS XE Software
Source URL: https://www.cisa.gov/news-events/alerts/2024/09/26/cisco-releases-security-updates-ios-and-ios-xe-software Source: Alerts Title: Cisco Releases Security Updates for IOS and IOS XE Software Feedly Summary: Cisco released its September 2024 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication to address vulnerabilities in IOS and IOS XE. A cyber threat actor could exploit some of these vulnerabilities to take control…
-
Alerts: Ivanti Releases Admin Bypass Security Update for Cloud Services Appliance
Source URL: https://www.cisa.gov/news-events/alerts/2024/09/19/ivanti-releases-admin-bypass-security-update-cloud-services-appliance Source: Alerts Title: Ivanti Releases Admin Bypass Security Update for Cloud Services Appliance Feedly Summary: Ivanti has released a security update to address an admin bypass vulnerability (CVE-2024-8963) affecting Ivanti Cloud Services Appliance (CSA) version 4.6. A cyber threat actor could exploit this vulnerability in conjunction with CVE-2024-8190–detailed in a Sept. 13…
-
Alerts: CISA Adds Five Known Exploited Vulnerabilities to Catalog
Source URL: https://www.cisa.gov/news-events/alerts/2024/09/18/cisa-adds-five-known-exploited-vulnerabilities-catalog Source: Alerts Title: CISA Adds Five Known Exploited Vulnerabilities to Catalog Feedly Summary: CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-27348 Apache HugeGraph-Server Improper Access Control Vulnerability CVE-2020-0618 Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability CVE-2019-1069 Microsoft Windows Task Scheduler…
-
Alerts: CISA Adds Four Known Exploited Vulnerabilities to Catalog
Source URL: https://www.cisa.gov/news-events/alerts/2024/09/17/cisa-adds-four-known-exploited-vulnerabilities-catalog Source: Alerts Title: CISA Adds Four Known Exploited Vulnerabilities to Catalog Feedly Summary: CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2014-0497 Adobe Flash Player Integer Underflow Vulnerability CVE-2013-0643 Adobe Flash Player Incorrect Default Permissions Vulnerability CVE-2013-0648 Adobe Flash Player Code Execution Vulnerability CVE-2014-0502 Adobe Flash…
-
Alerts: CISA and FBI Release Secure by Design Alert on Eliminating Cross-Site Scripting Vulnerabilities
Source URL: https://www.cisa.gov/news-events/alerts/2024/09/17/cisa-and-fbi-release-secure-design-alert-eliminating-cross-site-scripting-vulnerabilities Source: Alerts Title: CISA and FBI Release Secure by Design Alert on Eliminating Cross-Site Scripting Vulnerabilities Feedly Summary: Today, CISA and FBI released a Secure by Design Alert, Eliminating Cross-Site Scripting Vulnerabilities, as a part of our ongoing effort to reduce the prevalence of vulnerability classes at scale. Vulnerabilities like cross-site scripting…
-
Alerts: New CISA Plan Aligns Federal Agencies in Cyber Defense
Source URL: https://www.cisa.gov/news-events/alerts/2024/09/16/new-cisa-plan-aligns-federal-agencies-cyber-defense Source: Alerts Title: New CISA Plan Aligns Federal Agencies in Cyber Defense Feedly Summary: Today, the Cybersecurity and Infrastructure Security Agency (CISA) released the Federal Civilian Executive Branch (FCEB) Operational Cybersecurity Alignment (FOCAL) Plan. Developed in collaboration with FCEB agencies, this plan provides standard, essential components of enterprise operational cybersecurity and aligns…
-
Alerts: Cisco Releases Security Updates for IOS XR Software
Source URL: https://www.cisa.gov/news-events/alerts/2024/09/12/cisco-releases-security-updates-ios-xr-software Source: Alerts Title: Cisco Releases Security Updates for IOS XR Software Feedly Summary: Cisco released security updates to address vulnerabilities in Cisco ISO XR software. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories…
-
Alerts: CISA Adds Four Known Exploited Vulnerabilities to Catalog
Source URL: https://www.cisa.gov/news-events/alerts/2024/09/10/cisa-adds-four-known-exploited-vulnerabilities-catalog Source: Alerts Title: CISA Adds Four Known Exploited Vulnerabilities to Catalog Feedly Summary: CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-38226 Microsoft Publisher Security Feature Bypass Vulnerability CVE-2024-43491 Microsoft Windows Update Remote Code Execution Vulnerability CVE-2024-38014 Microsoft Windows Installer Privilege Escalation Vulnerability CVE-2024-38217…