Current Activity

CISA Releases New Resources Identifying Known Exploited Vulnerabilities and Misconfigurations Linked to Ransomware

Today, as part of the Ransomware Vulnerability Warning Pilot (RVWP), CISA launched two new resources for combating ransomware campaigns: A “Known to be Used in Ransomware Campaigns” column in the…

Comments Off

October 13, 2023

Current Activity

CISA Releases Nineteen Industrial Control Systems Advisories

CISA released nineteen Industrial Control Systems (ICS) advisories on October 12, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-285-01 Siemens SIMATIC CP…

Comments Off

October 13, 2023

Current Activity

CISA Adds Five Known Vulnerabilities to Catalog

CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation: CVE-2023-21608 Adobe Acrobat and Reader Use-After-Free Vulnerability CVE-2023-20109 Cisco IOS and IOS XE Group Encrypted…

Comments Off

October 11, 2023

Current Activity

Citrix Releases Security Updates for Multiple Products

Citrix has released security updates to address vulnerabilities affecting multiple products. A malicious cyber actor can exploit one of these vulnerabilities take control of an affected system. CISA encourages users and…

Comments Off

October 11, 2023

Current Activity

Apple Releases Security Updates for iOS and iPadOS

Apple has released security updates to address vulnerabilities in iOS and iPadOS. A cyber threat actor could exploit these vulnerabilities to take control of an affected system. CISA encourages users…

Comments Off

October 7, 2023

Current Activity

CISA and NSA Release New Guidance on Identity and Access Management

Today, CISA and the National Security Agency (NSA) published Identity and Access Management: Developer and Vendor Challenges, authored by the Enduring Security Framework (ESF), a CISA- and NSA-led working panel…

Comments Off

October 5, 2023

Current Activity

CISA Adds Two Known Exploited Vulnerabilities to Catalog, Removes Five KEVs

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation: CVE-2023-42793 JetBrains TeamCity Authentication Bypass Vulnerability CVE-2023-28229 Microsoft Windows CNG Key Isolation Service Privilege…

Comments Off

October 5, 2023

Current Activity

NSA, FBI, CISA, and Japanese Partners Release Advisory on PRC-Linked Cyber Actors

Today, the U.S. National Security Agency (NSA), Federal Bureau of Investigation (FBI), and Cybersecurity and Infrastructure Security Agency (CISA), along with the Japan National Police Agency (NPA) and the Japan…

Comments Off

September 28, 2023

Current Activity

Mozilla Releases Security Advisories for Thunderbird and Firefox

Mozilla has released security updates to address vulnerabilities for Thunderbird 115.3, Firefox ESR 115.3, and Firefox 118. A cyber threat actor could exploit these vulnerabilities to take control of an…

Comments Off

September 28, 2023

Current Activity

FBI and CISA Release Advisory on Snatch Ransomware

Today, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released joint Cybersecurity Advisory (CSA) #StopRansomware: Snatch Ransomware, which provides indicators of compromise (IOCs) and tactics,…

Comments Off

September 21, 2023