September 2023 – Page 2

CISA Releases its Open Source Software Security Roadmap

Today, CISA released an Open Source Software Security Roadmap to lay out—in alignment with the National Cybersecurity Strategy and the CISA Cybersecurity Strategic Plan—how we will partner with federal agencies,…

Comments Off

September 13, 2023

Current Activity

NSA, FBI, and CISA Release Cybersecurity Information Sheet on Deepfake Threats

Today, the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and the Cybersecurity and Infrastructure Security Agency (CISA) released a Cybersecurity Information Sheet (CSI), Contextualizing Deepfake Threats to…

Comments Off

September 13, 2023

Bulletins

Vulnerability Summary for the Week of September 4, 2023

High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info canonical_ltd. -- snapd_for_linux Using the TIOCLINUX ioctl request, a malicious snap could inject contents into…

Comments Off

September 12, 2023

Analysis Reports

MAR-10454006.r5.v1 SUBMARINE, SKIPJACK, SEASPRAY, WHIRLPOOL, and SALTWATER Backdoors

Notification This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained…

Comments Off

September 8, 2023

Analysis Reports

MAR-10430311-1.v1 Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475

Notification This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained…

Comments Off

September 8, 2023

Alerts

Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475

SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and Cyber National Mission Force (CNMF) identified the presence of indicators of compromise (IOCs) at an Aeronautical…

Comments Off

September 8, 2023

Current Activity

CISA Releases Update to Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells

The Cybersecurity and Infrastructure Security Agency (CISA) has released an update to a previously published Cybersecurity Advisory (CSA), Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells. The CSA—originally released to…

Comments Off

September 7, 2023

Current Activity

CISA Releases Capacity Enhancement Guide to Strengthen Agency Resilience to DDoS Attack

CISA has released actionable guidance for Federal Civilian Executive Branch (FCEB) agencies to help them evaluate and mitigate the risk of volumetric distributed denial-of-service (DDoS) attacks against their websites and…

Comments Off

September 7, 2023

Bulletins

Vulnerability Summary for the Week of August 28, 2023

High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info earcms -- ear_app An issue found in Earcms Ear App v.20181124 allows a remote cyber threat…

Comments Off

September 7, 2023

Current Activity

VMware Releases Security Update for Tools

VMware has released a security update to address a vulnerability in VMware Tools. A cyber threat actor can exploit this vulnerability to obtain sensitive information. CISA encourages users and administrators…

Comments Off

September 2, 2023