CISA has released a draft Secure Cloud Business Applications (SCuBA) Hybrid Identity Solutions Architecture guidance document for public comment. The request for comment period is open until April 17, 2023.…
The Water Information Sharing and Analysis Center (WaterISAC) has released an advisory, Potential for Mandatory Microsoft DCOM Patch to Disrupt SCADA. ICS/OT/SCADA engineers and operators should assess the use of…
In light of recent bank failures, CISA warns consumers to beware of potential scams requesting your money or sensitive personal information. Exercise caution in handling emails with bank-related subject lines,…
SUMMARY From November 2022 through early January 2023, the Cybersecurity and Infrastructure Security Agency (CISA) and authoring organizations identified the presence of indicators of compromise (IOCs) at a federal civilian…
Today, CISA is announcing the creation of the Ransomware Vulnerability Warning Pilot (RVWP). Through the RVWP, CISA: Proactively identifies information systems—belonging to critical infrastructure entities—that contain vulnerabilities commonly…
Fortinet has released its March 2023 Vulnerability Advisories to address vulnerabilities affecting multiple products. An attacker could exploit one of these vulnerabilities to take control of an affected system. CISA encourages…
High Vulnerabilities PrimaryVendor -- Product Description Published CVSS Score Source & Patch Info dotnetnuke -- dotnetnuke The installation wizard in DotNetNuke (DNN) before 7.4.1 allows remote attackers to reinstall the…
High Vulnerabilities PrimaryVendor -- Product Description Published CVSS Score Source & Patch Info advantech -- webaccess A SQL Injection issue was discovered in WebAccess versions prior to 8.3. WebAccess…
High Vulnerabilities PrimaryVendor -- Product Description Published CVSS Score Source & Patch Info apache2triad -- apache2triad Session fixation vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack web sessions…
The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the…
