Tag: federal agencies
-
The Register: Thousands of Fortinet instances vulnerable to actively exploited flaw
Source URL: https://www.theregister.com/2024/10/14/fortinet_vulnerability/ Source: The Register Title: Thousands of Fortinet instances vulnerable to actively exploited flaw Feedly Summary: No excuses for not patching this nine-month-old issue More than 86,000 Fortinet instances remain vulnerable to the critical flaw that attackers started exploiting last week, according to Shadowserver’s data.… AI Summary and Description: Yes Summary: The text…
-
The Register: GSA plows ahead with face matching tech despite its own reliability concerns
Source URL: https://www.theregister.com/2024/10/10/gsa_plows_ahead_with_face/ Source: The Register Title: GSA plows ahead with face matching tech despite its own reliability concerns Feedly Summary: A week after saying remote ID verification tech is unreliable, the GSA is expanding access to other agencies The US government’s General Services Administration’s (GSA) facial matching login service is now generally available to…
-
The Register: CISA adds fresh Ivanti vuln, critical Fortinet bug to hall of shame
Source URL: https://www.theregister.com/2024/10/10/cisa_ivanti_fortinet_vulns/ Source: The Register Title: CISA adds fresh Ivanti vuln, critical Fortinet bug to hall of shame Feedly Summary: Usual three-week window to address significant risks to federal agencies applies The US Cybersecurity and Infrastructure Security Agency (CISA) says vulnerabilities in Fortinet and Ivanti products are now being exploited, earning them places in…
-
Alerts: CISA Adds Three Known Exploited Vulnerabilities to Catalog
Source URL: https://www.cisa.gov/news-events/alerts/2024/10/09/cisa-adds-three-known-exploited-vulnerabilities-catalog Source: Alerts Title: CISA Adds Three Known Exploited Vulnerabilities to Catalog Feedly Summary: CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-23113 Fortinet Multiple Products Format String Vulnerability CVE-2024-9379 Ivanti Cloud Services Appliance (CSA) SQL Injection Vulnerability CVE-2024-9380 Ivanti Cloud Services Appliance (CSA) OS Command Injection…
-
Alerts: CISA Adds One Known Exploited Vulnerability to Catalog
Source URL: https://www.cisa.gov/news-events/alerts/2024/10/03/cisa-adds-one-known-exploited-vulnerability-catalog Source: Alerts Title: CISA Adds One Known Exploited Vulnerability to Catalog Feedly Summary: CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-45519 Synacor Zimbra Collaboration Command Execution Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant…
-
Alerts: CISA’s VDP Platform 2023 Annual Report Showcases Success
Source URL: https://www.cisa.gov/news-events/alerts/2024/09/30/cisas-vdp-platform-2023-annual-report-showcases-success Source: Alerts Title: CISA’s VDP Platform 2023 Annual Report Showcases Success Feedly Summary: Today, the Cybersecurity and Infrastructure Security Agency (CISA) released its Vulnerability Disclosure Policy (VDP) Platform 2023 Annual Report, highlighting the service’s remarkable success in 2023, its second full year of operation. Throughout 2023, CISA focused on advocating for the increased…
-
Alerts: CISA Adds Four Known Exploited Vulnerabilities to Catalog
Source URL: https://www.cisa.gov/news-events/alerts/2024/09/30/cisa-adds-four-known-exploited-vulnerabilities-catalog Source: Alerts Title: CISA Adds Four Known Exploited Vulnerabilities to Catalog Feedly Summary: CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-25280 D-Link DIR-820 Router OS Command Injection Vulnerability CVE-2020-15415 DrayTek Multiple Vigor Routers OS Command Injection Vulnerability CVE-2021-4043 Motion Spell GPAC Null Pointer Dereference Vulnerability…