Microsoft has released Guidance for investigating attacks using CVE-2022-21894: The BlackLotus Campaign. According to Microsoft, “[t]his guide provides steps that organizations can take to assess whether users have been targeted…
Fortinet has released its April 2023 Vulnerability Advisories to address vulnerabilities affecting multiple products. An attacker could exploit one of these vulnerabilities to take control of an affected system. CISA encourages…
This bulletin provides a summary of new or updated vulnerabilities, exploits, trends, viruses, and trojans. Updates to items appearing in previous bulletins are listed in bold text. The text in…
High Vulnerabilities PrimaryVendor -- Product Description Published CVSS Score Source & Patch Info bartels-schoene -- conpresso SQL injection vulnerability in firma.php in Bartels Schone ConPresso 4.0.7 allows remote attackers to…
Information in the US-CERT Cyber Security Bulletin is a compilation and includes information published by outside sources, so the information should not be considered the result of US-CERT analysis. Software…
Mozilla has released a security update to address vulnerabilities in Thunderbird 102.9.1. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users…
CISA has added ten new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2013-3163 Microsoft Internet Explorer Memory Corruption Vulnerability CVE-2014-1776 Microsoft Internet Explorer Memory Corruption Vulnerability CVE-2017-7494 Samba…
The Samba Team has released security updates addressing vulnerabilities in multiple versions of Samba. An attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users…
In today’s blog post, Associate Director of the Joint Cyber Defense Collaborative (JCDC) Clayton Romans highlighted recent successes of pre-ransomware notification and its impact in reducing harm from ransomware intrusions. With…
Today, CISA released the Untitled Goose Tool to help network defenders detect potentially malicious activity in Microsoft Azure, Azure Active Directory (AAD), and Microsoft 365 (M365) environments. The Untitled Goose…
