Tag archive for Cisa - page 3

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.  CVE-2024-50623 Cleo Multiple Products Unrestricted File Upload Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding…

Continue reading →

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-49138 Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant…

Continue reading →

CISA Releases Two Industrial Control Systems Advisories

CISA released two Industrial Control Systems (ICS) advisories on December 5, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-340-01 AutomationDirect C-More EA9 Programming Software ICSA-24-340-02 Planet Technology Planet WGS-804HPT CISA encourages users and administrators to review newly…

Continue reading →

Cisco Releases Security Updates for NX-OS Software

Cisco released security updates to address a vulnerability in Cisco NX-OS software. A cyber threat actor could exploit this vulnerability to take control of an affected system.  CISA encourages users and administrators to review the following advisory and apply the necessary updates: Cisco NX-OS Software…

Continue reading →

ASD’s ACSC, CISA, and US and International Partners Release Guidance on Choosing Secure and Verifiable Technologies

Today, CISA—in partnership with the Australian Signals Directorate Australian Cyber Security Centre (ASD ACSC), and other international partners—released updates to a Secure by Design Alert, Choosing Secure and Verifiable Technologies. Partners that provided recommendations in this alert include: The Canadian Centre for Cyber Security (CCCS)….

Continue reading →

CISA and Partners Release Joint Guidance on PRC-Affiliated Threat Actor Compromising Networks of Global Telecommunications Providers

Today, CISA—in partnership with the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and international partners—released joint guidance, Enhanced Visibility and Hardening Guidance for Communications Infrastructure. Partners of this guidance include:  Australian Signals Directorate’s (ASD’s) Australian Cyber Security Centre (ACSC)  Canadian Centre for…

Continue reading →

USDA Releases Success Story Detailing the Implementation of Phishing-Resistant Multi-Factor Authentication

Today, the Cybersecurity and Infrastructure Security Agency (CISA) and the U.S. Department of Agriculture (USDA) released Phishing-Resistant Multi-Factor Authentication (MFA) Success Story: USDA’s FIDO Implementation. This report details how USDA successfully implemented phishing-resistant authentication for its personnel in situations where USDA could not exclusively rely…

Continue reading →

CISA Releases Insights from Red Team Assessment of a U.S. Critical Infrastructure Sector Organization

Today, CISA released Enhancing Cyber Resilience: Insights from CISA Red Team Assessment of a U.S. Critical Infrastructure Sector Organization in coordination with the assessed organization. This cybersecurity advisory details lessons learned and key findings from an assessment, including the Red Team’s tactics, techniques, and procedures…

Continue reading →

Page 3 of 56 1 2 3 4 5 ... Last →