Guidance: Framing Software Component Transparency: Establishing a Common Software Bill of Materials (SBOM)

Today, CISA published the Framing Software Component Transparency, created by the Software Bill of Materials (SBOM) Tooling & Implementation Working Group, one of the five SBOM community-driven workstreams facilitated by CISA. CISA’s…

Comments Off on Guidance: Framing Software Component Transparency: Establishing a Common Software Bill of Materials (SBOM)

Vulnerability Summary for the Week of October 7, 2024

High Vulnerabilities PrimaryVendor -- Product Description Published CVSS Score Source Info Patch Info adobe -- animate  Animate versions 23.0.7, 24.0.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability…

Comments Off on Vulnerability Summary for the Week of October 7, 2024

Microsoft Releases October 2024 Security Updates

Microsoft released security updates to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users…

Comments Off on Microsoft Releases October 2024 Security Updates

Vulnerability Summary for the Week of September 30, 2024

High Vulnerabilities PrimaryVendor -- Product Description Published CVSS Score Source & Patch Info n/a--n/a  An issue was discovered in Atos Eviden iCare 2.7.1 through 2.7.11. The application exposes a web…

Comments Off on Vulnerability Summary for the Week of September 30, 2024

ASD’s ACSC, CISA, FBI, NSA, and International Partners Release Guidance on Principles of OT Cybersecurity for Critical Infrastructure Organizations

Today, the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC)—in partnership with CISA, U.S. government and international partners—released the guide Principles of Operational Technology Cybersecurity. This guidance provides critical…

Comments Off on ASD’s ACSC, CISA, FBI, NSA, and International Partners Release Guidance on Principles of OT Cybersecurity for Critical Infrastructure Organizations

CISA’s VDP Platform 2023 Annual Report Showcases Success

Today, the Cybersecurity and Infrastructure Security Agency (CISA) released its Vulnerability Disclosure Policy (VDP) Platform 2023 Annual Report, highlighting the service’s remarkable success in 2023, its second full year of operation.…

Comments Off on CISA’s VDP Platform 2023 Annual Report Showcases Success

Vulnerability Summary for the Week of September 23, 2024

High Vulnerabilities PrimaryVendor -- Product Description Published CVSS Score Source Info Patch Info Dover Fueling Solutions (DFS)--ProGauge MAGLINK LX CONSOLE  A specially crafted POST request to the ProGauge MAGLINK LX…

Comments Off on Vulnerability Summary for the Week of September 23, 2024

ASD’s ACSC, CISA, and US and International Partners Release Guidance on Detecting and Mitigating Active Directory Compromises

Today, the Australian Signals Directorate Australian Cyber Security Centre (ASD ACSC), the Cybersecurity and Infrastructure Security Agency (CISA), and other U.S. and international partners released the joint guide Detecting and…

Comments Off on ASD’s ACSC, CISA, and US and International Partners Release Guidance on Detecting and Mitigating Active Directory Compromises

CISA Warns of Hurricane-Related Scams

As Hurricane Helene approaches, CISA urges users to remain on alert for potential malicious cyber activity. Fraudulent emails and social media messages—often containing malicious links or attachments—are common after major…

Comments Off on CISA Warns of Hurricane-Related Scams

Vulnerability Summary for the Week of September 16, 2024

High Vulnerabilities PrimaryVendor -- Product Description Published CVSS Score Source & Patch Info CIRCUTOR--CIRCUTOR Q-SMT  CIRCUTOR Q-SMT in its firmware version 1.0.4, could be affected by a denial of service…

Comments Off on Vulnerability Summary for the Week of September 16, 2024