Today, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint Cybersecurity Advisory (CSA), #StopRansomware: Rhysida Ransomware, to disseminate known Rhysida ransomware indicators of compromise (IOCs), detection methods, and tactics,…
Rilevate nuove vulnerabilità in alcuni prodotti Fortinet, di cui 2 con gravità “critica”. Source link Author: csirt@pec.acn.gov.it Article used for cyber security disclosure.
CISA has added six new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-47246 SysAid Server Path Traversal Vulnerability CVE-2023-36844 Juniper Junos OS EX Series PHP External Variable Modification Vulnerability CVE-2023-36845 Juniper Junos OS EX Series and SRX Series PHP External Variable Modification Vulnerability…
Juniper Networks rilascia aggiornamenti di sicurezza per sanare vulnerabilità multiple nella componente J-Web di Junos OS. Lo sfruttamento combinato di tali vulnearbilità potrebbe permettere l’esecuzione di codice arbitrario sui dispositivi interessati. Source link Author: csirt@pec.acn.gov.it Article used for cyber security disclosure.
Today, CISA, the National Security Agency (NSA), and partners released Securing the Software Supply Chain: Recommended Practices for Software Bill of Materials Consumption. Developed through the Enduring Security Framework (ESF), this guidance provides software developers and suppliers with industry best practices and principles, including managing…
PostgreSQL Global Development Group ha rilasciato aggiornamenti di sicurezza per risolvere 3 vulnerabilità, di cui una con gravità “alta”, in PostgreSQL, noto DBMS open source. Source link Author: csirt@pec.acn.gov.it Article used for cyber security disclosure.
CISA released four Industrial Control Systems (ICS) advisories on November 9, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-313-01 Johnson Controls Quantum HD Unity ICSA-23-313-02 Hitachi Energy eSOMS ICSA-21-334-02 Mitsubishi Electric MELSEC and MELIPC Series (Update G)…
In riferimento al AL02/231023/CSIRT-ITA, al fine di contrastare gli attacchi volti allo sfruttamento della vulnerabilità CVE-2023-4966 (nota anche col nome di Citrix Bleed), lo CSIRT raccomanda a tutti i soggetti nazionali di procedere ad opportune verifiche e all’implementazione delle procedure di mitigazione. Source link Author:…
