People’s Republic of China-Linked Cyber Actors Hide in Router Firmware

Executive Summary The United States National Security Agency (NSA), the U.S. Federal Bureau of Investigation (FBI), the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Japan National Police Agency (NPA),…

Comments Off on People’s Republic of China-Linked Cyber Actors Hide in Router Firmware

FBI and CISA Release Advisory on Snatch Ransomware

Today, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released joint Cybersecurity Advisory (CSA) #StopRansomware: Snatch Ransomware, which provides indicators of compromise (IOCs) and tactics,…

Comments Off on FBI and CISA Release Advisory on Snatch Ransomware

#StopRansomware: Snatch Ransomware

SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These…

Comments Off on #StopRansomware: Snatch Ransomware

Vulnerability Summary for the Week of September 11, 2023

  High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info wibu -- codemeter_runtime   A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service…

Comments Off on Vulnerability Summary for the Week of September 11, 2023

Fortinet Releases Security Updates for Multiple Products

Fortinet has released security updates to address vulnerabilities (CVE-2023-29183 and CVE-2023-34984) affecting FortiOS, FortiProxy, and FortiWeb. A cyber threat actor can exploit one of these vulnerabilities to take control of…

Comments Off on Fortinet Releases Security Updates for Multiple Products

CISA Releases Continuous Diagnostics and Mitigation Program: Identity, Credential, and Access Management (ICAM) Reference Architecture

Today, CISA released the Continuous Diagnostics and Mitigation Program: Identity, Credential, and Access Management (ICAM) Reference Architecture to help federal civilian departments and agencies integrate their identity and access management (IDAM)…

Comments Off on CISA Releases Continuous Diagnostics and Mitigation Program: Identity, Credential, and Access Management (ICAM) Reference Architecture

CISA Adds Three Known Vulnerabilities to Catalog

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-35674 Android Framework Privilege Escalation Vulnerability CVE-2023-20269 Cisco Adaptive Security Appliance and Firepower Threat Defense…

Comments Off on CISA Adds Three Known Vulnerabilities to Catalog

CISA Releases its Open Source Software Security Roadmap

Today, CISA released an Open Source Software Security Roadmap to lay out—in alignment with the National Cybersecurity Strategy and the CISA Cybersecurity Strategic Plan—how we will partner with federal agencies,…

Comments Off on CISA Releases its Open Source Software Security Roadmap

Vulnerability Summary for the Week of September 4, 2023

  High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info canonical_ltd. -- snapd_for_linux Using the TIOCLINUX ioctl request, a malicious snap could inject contents into…

Comments Off on Vulnerability Summary for the Week of September 4, 2023