October 2023 – Page 2

CISA, FBI, and MS-ISAC Release Joint Advisory on Atlassian Confluence Vulnerability CVE-2023-22515

Today, CISA, the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint Cybersecurity Advisory (CSA) in response to the active exploitation of…

Comments Off

October 17, 2023

Alerts

Threat Actors Exploit Atlassian Confluence CVE-2023-22515 for Initial Access to Networks

SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing this joint Cybersecurity Advisory (CSA) in response…

Comments Off

October 17, 2023

Bulletins

Vulnerability Summary for the Week of October 9, 2023

High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info 3ds -- teamwork_cloud_no_magic_release A Cross-Site Request Forgery (CSRF) vulnerability affecting Teamwork Cloud from No Magic Release…

Comments Off

October 17, 2023

Current Activity

CISA Releases New Resources Identifying Known Exploited Vulnerabilities and Misconfigurations Linked to Ransomware

Today, as part of the Ransomware Vulnerability Warning Pilot (RVWP), CISA launched two new resources for combating ransomware campaigns: A “Known to be Used in Ransomware Campaigns” column in the…

Comments Off

October 13, 2023

Current Activity

CISA Releases Nineteen Industrial Control Systems Advisories

CISA released nineteen Industrial Control Systems (ICS) advisories on October 12, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-285-01 Siemens SIMATIC CP…

Comments Off

October 13, 2023

Alerts

#StopRansomware: AvosLocker Ransomware (Update)

SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These…

Comments Off

October 12, 2023

Current Activity

CISA Adds Five Known Vulnerabilities to Catalog

CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation: CVE-2023-21608 Adobe Acrobat and Reader Use-After-Free Vulnerability CVE-2023-20109 Cisco IOS and IOS XE Group Encrypted…

Comments Off

October 11, 2023

Current Activity

Citrix Releases Security Updates for Multiple Products

Citrix has released security updates to address vulnerabilities affecting multiple products. A malicious cyber actor can exploit one of these vulnerabilities take control of an affected system. CISA encourages users and…

Comments Off

October 11, 2023

Bulletins

Vulnerability Summary for the Week of October 2, 2023

High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info acronis -- agent Local privilege escalation due to improper soft link handling. The following products…

Comments Off

October 11, 2023

Current Activity

Apple Releases Security Updates for iOS and iPadOS

Apple has released security updates to address vulnerabilities in iOS and iPadOS. A cyber threat actor could exploit these vulnerabilities to take control of an affected system. CISA encourages users…

Comments Off

October 7, 2023