Today, CISA released a strategic plan to lay out how we will fulfill our cybersecurity mission over the next three years. The CISA Cybersecurity Strategic Plan aligns the following nine…
The Cybersecurity and Infrastructure Security Agency (CISA) and the Norwegian National Cyber Security Centre (NCSC-NO) have released a joint Cybersecurity Advisory (CSA), Threat Actors Exploiting Ivanti EPMM Vulnerabilities, in response…
Ivanti has identified and released patches for a directory traversal vulnerability (CVE-2023-35081, CWE-22) in Ivanti Endpoint Manager Mobile (EPMM). This vulnerability allows an attacker with EPMM administrator privileges to write…
CISA has published three malware analysis reports on malware variants associated with exploitation of CVE-2023-2868. CVE-2023-2868 is a remote command injection vulnerability affecting Barracuda Email Security Gateway (ESG) Appliance, versions…
CISA has released an analysis and infographic detailing the findings from the 121 Risk and Vulnerability Assessments (RVAs) conducted across multiple critical infrastructure sectors in fiscal year 2022 (FY22). The…
A vulnerability discovered in Ivanti Endpoint Manager Mobile (EPMM, previously branded MobileIron Core) allows unauthenticated access to specific API paths. An attacker with access to these API paths can access…
Atlassian has released its Security Bulletin for July 2023 to address vulnerabilities in Confluence Data Center & Server (CVE-2023-22505 and CVE-2023-22508) and Bamboo Data Center (CVE-2023-22506). An attacker can exploit these vulnerabilities…
Citrix has released security updates to address vulnerabilities (CVE-2023-3519, CVE-2023-3466, and CVE-2023-3467) affecting NetScaler ADC and NetScaler Gateway. An attacker can exploit one of these vulnerabilities to take control of…
Cisco has released a security update to address a critical vulnerability affecting SD-WAN vManage API. A remote attacker can exploit this vulnerability to take control of an affected system. CISA…
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-37450 Apple Multiple Products WebKit Code Execution Vulnerability CVE-2022-29303 SolarView Compact Command Injection Vulnerability…
