October 2024 – CYNET-CSIRT

Fortinet Updates Guidance and Indicators of Compromise following FortiManager Vulnerability Exploitation

Fortinet has updated their security advisory addressing a critical FortiManager vulnerability (CVE-2024-47575) to include additional workarounds and indicators of compromise (IOCs). A remote, unauthenticated cyber threat actor could exploit this…

Comments Off

October 31, 2024

Current Activity

JCDC’s Industry-Government Collaboration Speeds Mitigation of CrowdStrike IT Outage

CISA, through the Joint Cyber Defense Collaborative (JCDC), enabled swift, coordinated response and information sharing in the wake of a significant IT outage caused by a CrowdStrike software update. This…

Comments Off

October 30, 2024

Bulletins

Vulnerability Summary for the Week of October 21, 2024

High Vulnerabilities PrimaryVendor -- Product Description Published CVSS Score Source Info Patch Info Admin--Verbalize WP Unrestricted Upload of File with Dangerous Type vulnerability in Admin Verbalize WP Upload a Web…

Comments Off

October 28, 2024

Current Activity

Cisco Releases Security Bundle for Cisco ASA, FMC, and FTD Software

Cisco released its October 2024 Semiannual Cisco ASA, FMC, and FTD Software Security Advisory Bundled Publication to address vulnerabilities in Cisco ASA, FMC, and FTD. A cyber threat actor could…

Comments Off

October 25, 2024

Bulletins

Vulnerability Summary for the Week of October 14, 2024

High Vulnerabilities PrimaryVendor -- Product Description Published CVSS Score Source Info Patch Info Acespritech Solutions Pvt. Ltd.--Social Link Groups Improper Neutralization of Special Elements used in an SQL Command ('SQL…

Comments Off

October 21, 2024

Current Activity

Oracle Releases Quarterly Critical Patch Update Advisory for October 2024

Oracle released its quarterly Critical Patch Update Advisory for October 2024 to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control…

Comments Off

October 18, 2024

Current Activity

CISA and FBI Release Joint Guidance on Product Security Bad Practices for Public Comment

Today, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) released joint guidance on Product Security Bad Practices, a part of CISA’s Secure by Design…

Comments Off

October 17, 2024

Current Activity

CISA, FBI, NSA, and International Partners Release Advisory on Iranian Cyber Actors Targeting Critical Infrastructure Organizations Using Brute Force

Today, CISA—with the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and international partners—released joint Cybersecurity Advisory Iranian Cyber Actors Brute Force and Credential Access Activity Compromises Critical…

Comments Off

October 17, 2024

Alerts

Iranian Cyber Actors’ Brute Force and Credential Access Activity Compromises Critical Infrastructure Organizations

Summary The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), the Communications Security Establishment Canada (CSE), the Australian Federal Police (AFP),…

Comments Off

October 17, 2024

Current Activity

Guidance: Framing Software Component Transparency: Establishing a Common Software Bill of Materials (SBOM)

Today, CISA published the Framing Software Component Transparency, created by the Software Bill of Materials (SBOM) Tooling & Implementation Working Group, one of the five SBOM community-driven workstreams facilitated by CISA. CISA’s…

Comments Off

October 16, 2024