Latest Alerts – Page 7

CISA Red Team’s Operations Against a Federal Civilian Executive Branch Organization Highlights the Necessity of Defense-in-Depth

EXECUTIVE SUMMARY In early 2023, the Cybersecurity and Infrastructure Security Agency (CISA) conducted a SILENTSHIELD red team assessment against a Federal Civilian Executive Branch (FCEB) organization. During SILENTSHIELD assessments, the…

Comments Off

July 12, 2024

Current Activity

CISA and FBI Release Secure by Design Alert on Eliminating OS Command Injection Vulnerabilities

Today, CISA and FBI are releasing their newest Secure by Design Alert in the series, Eliminating OS Command Injection Vulnerabilities, in response to recent well-publicized threat actor campaigns that exploited OS…

Comments Off

July 11, 2024

Current Activity

CISA and Partners join ASD’S ACSC to Release Advisory on PRC State-Sponsored Group, APT 40

CISA has collaborated with the Australian Signals Directorate’s Australian Cyber Security Centre (ASD's ACSC) to release an advisory, People’s Republic of China (PRC) Ministry of State Security APT40 Tradecraft in…

Comments Off

July 9, 2024

Alerts

People’s Republic of China (PRC) Ministry of State Security APT40 Tradecraft in Action

Overview Background This advisory, authored by the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), the United States Cybersecurity and Infrastructure Security Agency (CISA), the United States National Security…

Comments Off

July 9, 2024

Bulletins

Vulnerability Summary for the Week of July 1, 2024

High Vulnerabilities PrimaryVendor -- Product Description Published CVSS Score Source & Patch Info 2code -- wpqa_builder The WPQA Builder WordPress plugin before 6.1.1 does not have CSRF checks in some…

Comments Off

July 8, 2024

Bulletins

Vulnerability Summary for the Week of June 24, 2024

High Vulnerabilities PrimaryVendor -- Product Description Published CVSS Score Source & Patch Info access_management_specialist_project -- access_management_specialist An issue in Shenzhen Weitillage Industrial Co., Ltd the access management specialist V6.62.51215 allows…

Comments Off

July 1, 2024

Current Activity

Progress Software Releases Security Bulletin for MOVEit Transfer

Progress Software released a security bulletin to address a vulnerability in MOVEit Transfer. A cyber threat actor could exploit this vulnerability to take control of an affected system. Users and…

Comments Off

June 29, 2024

Bulletins

Vulnerability Summary for the Week of June 17, 2024

High Vulnerabilities PrimaryVendor -- Product Description Published CVSS Score Source & Patch Info 3uu--Shariff Wrapper The Shariff Wrapper plugin for WordPress is vulnerable to Local File Inclusion in versions up…

Comments Off

June 24, 2024

Current Activity

CISA Releases Guidance on Single Sign-On (SSO) Adoption for Small and Medium-Sized Businesses: (SMBs)

Today, CISA released Barriers to Single Sign-On (SSO) Adoption for Small and Medium-Sized Businesses: Identifying Challenges and Opportunities, a detailed report exploring challenges to SSO adoption by small and medium-sized…

Comments Off

June 21, 2024

Bulletins

Vulnerability Summary for the Week of June 10, 2024

High Vulnerabilities PrimaryVendor -- Product Description Published CVSS Score Source & Patch Info actpro -- extra_product_options_for_woocommerce Missing Authorization vulnerability in actpro Extra Product Options for WooCommerce.This issue affects Extra Product…

Comments Off

June 18, 2024