Current Activity

Oracle Releases Quarterly Critical Patch Update Advisory for October 2024

Oracle released its quarterly Critical Patch Update Advisory for October 2024 to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control…

Comments Off

October 18, 2024

Current Activity

CISA and FBI Release Joint Guidance on Product Security Bad Practices for Public Comment

Today, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) released joint guidance on Product Security Bad Practices, a part of CISA’s Secure by Design…

Comments Off

October 17, 2024

Current Activity

CISA, FBI, NSA, and International Partners Release Advisory on Iranian Cyber Actors Targeting Critical Infrastructure Organizations Using Brute Force

Today, CISA—with the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and international partners—released joint Cybersecurity Advisory Iranian Cyber Actors Brute Force and Credential Access Activity Compromises Critical…

Comments Off

October 17, 2024

Current Activity

Guidance: Framing Software Component Transparency: Establishing a Common Software Bill of Materials (SBOM)

Today, CISA published the Framing Software Component Transparency, created by the Software Bill of Materials (SBOM) Tooling & Implementation Working Group, one of the five SBOM community-driven workstreams facilitated by CISA. CISA’s…

Comments Off

October 16, 2024

Current Activity

ASD’s ACSC, CISA, FBI, NSA, and International Partners Release Guidance on Principles of OT Cybersecurity for Critical Infrastructure Organizations

Today, the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC)—in partnership with CISA, U.S. government and international partners—released the guide Principles of Operational Technology Cybersecurity. This guidance provides critical…

Comments Off

October 2, 2024

Current Activity

CISA’s VDP Platform 2023 Annual Report Showcases Success

Today, the Cybersecurity and Infrastructure Security Agency (CISA) released its Vulnerability Disclosure Policy (VDP) Platform 2023 Annual Report, highlighting the service’s remarkable success in 2023, its second full year of operation.…

Comments Off

October 1, 2024

Current Activity

ASD’s ACSC, CISA, and US and International Partners Release Guidance on Detecting and Mitigating Active Directory Compromises

Today, the Australian Signals Directorate Australian Cyber Security Centre (ASD ACSC), the Cybersecurity and Infrastructure Security Agency (CISA), and other U.S. and international partners released the joint guide Detecting and…

Comments Off

September 27, 2024

Current Activity

CISA Warns of Hurricane-Related Scams

As Hurricane Helene approaches, CISA urges users to remain on alert for potential malicious cyber activity. Fraudulent emails and social media messages—often containing malicious links or attachments—are common after major…

Comments Off

September 26, 2024

Current Activity

Versa Networks Releases Advisory for a Vulnerability in Versa Director, CVE-2024-45229

Versa Networks has released an advisory for a vulnerability (CVE-2024-45229) affecting Versa Director. A cyber threat actor could exploit this vulnerability to exercise unauthorized REST APIs. CISA urges organizations to…

Comments Off

September 21, 2024

Current Activity

VMware Releases Security Advisory for VMware Cloud Foundation and vCenter Server

VMware released a security advisory addressing vulnerabilities in the VMware Cloud Foundation and the vCenter Server. A cyber threat actor could exploit one of these vulnerabilities to take control of…

Comments Off

September 20, 2024