CISA’s VDP Platform 2022 Annual Report Showcases Success

Today, the Cybersecurity and Infrastructure Security Agency (CISA) released its inaugural Vulnerability Disclosure Policy (VDP) Platform 2022 Annual Report, highlighting the service’s progress supporting vulnerability awareness and remediation across the Federal…

Comments Off on CISA’s VDP Platform 2022 Annual Report Showcases Success

CISA Releases Twelve Industrial Control Systems Advisories

CISA released twelve Industrial Control Systems (ICS) advisories on August 10, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.  ICSA-23-222-01 Siemens Solid Edge,…

Comments Off on CISA Releases Twelve Industrial Control Systems Advisories

CISA Releases its Cybersecurity Strategic Plan

Today, CISA released a strategic plan to lay out how we will fulfill our cybersecurity mission over the next three years. The CISA Cybersecurity Strategic Plan aligns the following nine…

Comments Off on CISA Releases its Cybersecurity Strategic Plan

CISA and International Partner NCSC-NO Release Joint Cybersecurity Advisory on Threat Actors Exploiting Ivanti EPMM Vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) and the Norwegian National Cyber Security Centre (NCSC-NO) have released a joint Cybersecurity Advisory (CSA), Threat Actors Exploiting Ivanti EPMM Vulnerabilities, in response…

Comments Off on CISA and International Partner NCSC-NO Release Joint Cybersecurity Advisory on Threat Actors Exploiting Ivanti EPMM Vulnerabilities

Ivanti Releases Security Updates for EPMM to address CVE-2023-35081

Ivanti has identified and released patches for a directory traversal vulnerability (CVE-2023-35081, CWE-22) in Ivanti Endpoint Manager Mobile (EPMM). This vulnerability allows an attacker with EPMM administrator privileges to write…

Comments Off on Ivanti Releases Security Updates for EPMM to address CVE-2023-35081

CISA Releases Malware Analysis Reports on Barracuda Backdoors

CISA has published three malware analysis reports on malware variants associated with exploitation of CVE-2023-2868. CVE-2023-2868 is a remote command injection vulnerability affecting Barracuda Email Security Gateway (ESG) Appliance, versions…

Comments Off on CISA Releases Malware Analysis Reports on Barracuda Backdoors