CISA Adds Two Known Exploited Vulnerabilities to Catalog, Removes Five KEVs

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation: CVE-2023-42793 JetBrains TeamCity Authentication Bypass Vulnerability CVE-2023-28229 Microsoft Windows CNG Key Isolation Service Privilege…

Comments Off on CISA Adds Two Known Exploited Vulnerabilities to Catalog, Removes Five KEVs

Vulnerability Summary for the Week of September 25, 2023

High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info accusoft -- imagegear An out-of-bounds write vulnerability exists in the tiff_planar_adobe functionality of Accusoft ImageGear 20.1.…

Comments Off on Vulnerability Summary for the Week of September 25, 2023

Vulnerability Summary for the Week of September 18, 2023

  High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info acronis -- cyber_protect_home_office Sensitive information disclosure due to insecure folder permissions. The following products are…

Comments Off on Vulnerability Summary for the Week of September 18, 2023

People’s Republic of China-Linked Cyber Actors Hide in Router Firmware

Executive Summary The United States National Security Agency (NSA), the U.S. Federal Bureau of Investigation (FBI), the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Japan National Police Agency (NPA),…

Comments Off on People’s Republic of China-Linked Cyber Actors Hide in Router Firmware

FBI and CISA Release Advisory on Snatch Ransomware

Today, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released joint Cybersecurity Advisory (CSA) #StopRansomware: Snatch Ransomware, which provides indicators of compromise (IOCs) and tactics,…

Comments Off on FBI and CISA Release Advisory on Snatch Ransomware

#StopRansomware: Snatch Ransomware

SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These…

Comments Off on #StopRansomware: Snatch Ransomware

Vulnerability Summary for the Week of September 11, 2023

  High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info wibu -- codemeter_runtime   A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service…

Comments Off on Vulnerability Summary for the Week of September 11, 2023