December 2023 – Page 2

CISA and Partners Release Advisory on Russian SVR-affiliated Cyber Actors Exploiting CVE-2023-42793

Today, CISA—along with the U.S. Federal Bureau of Investigation (FBI), National Security Agency (NSA), Polish Military Counterintelligence Service (SKW), CERT Polska (CERT.PL), and the UK’s National Cyber Security Centre (NCSC)—released…

Comments Off

December 14, 2023

Alerts

Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally

SUMMARY The U.S. Federal Bureau of Investigation (FBI), U.S. Cybersecurity & Infrastructure Security Agency (CISA), U.S. National Security Agency (NSA), Polish Military Counterintelligence Service (SKW), CERT Polska (CERT.PL), and the…

Comments Off

December 14, 2023

Bulletins

Vulnerability Summary for the Week of December 4, 2023

High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info arm -- bifrost_gpu_kernel_driver Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd…

Comments Off

December 11, 2023

Current Activity

Atlassian Releases Security Advisories for Multiple Products

Atlassian has released security updates to address vulnerabilities affecting multiple Atlassian products. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. CISA…

Comments Off

December 9, 2023

Alerts

Russian FSB Cyber Actor Star Blizzard Continues Worldwide Spear-phishing Campaigns

The Russia-based actor is targeting organizations and individuals in the UK and other geographical areas of interest. OVERVIEW The Russia-based actor Star Blizzard (formerly known as SEABORGIUM, also known as…

Comments Off

December 8, 2023

Current Activity

CISA Releases Joint Guide for Software Manufacturers: The Case for Memory Safe Roadmaps

Today, as part of the Secure by Design campaign, CISA published The Case for Memory Safe Roadmaps: Why Both C-Suite Executives and Technical Experts Need to Take Memory Safe Coding…

Comments Off

December 7, 2023

Alerts

Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers

SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA) is releasing a Cybersecurity Advisory (CSA) in response to confirmed exploitation of CVE-2023-26360 by unidentified threat actors at a Federal Civilian Executive…

Comments Off

December 6, 2023

Bulletins

Vulnerability Summary for the Week of November 27, 2023

High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info apache -- dolphinscheduler Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler. The…

Comments Off

December 4, 2023

Current Activity

CISA and Partners Release Joint Advisory on IRGC-Affiliated Cyber Actors Exploiting PLCs

Today, CISA, the Federal Bureau of Investigation (FBI), National Security Agency (NSA), Environmental Protection Agency (EPA), and the Israel National Cyber Directorate (INCD) released a joint Cybersecurity Advisory (CSA) IRGC-Affiliated Cyber…

Comments Off

December 2, 2023

Alerts

IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities

SUMMARY The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Environmental Protection Agency (EPA), and the Israel National Cyber Directorate (INCD)—hereafter referred to…

Comments Off

December 2, 2023