Category: Good news
We recommend the following actions be taken: * Apply appropriate updates provided by Zimbra to vulnerable systems immediately after appropriate testing. (**[M1051](https://attack.mitre.org/mitigations/M1051/): Update Software**) * **Safeguard 7.1: Establish and Maintain a Vulnerability Management Process:** Establish and maintain a documented vulnerability management process for enterprise assets. Review and update documentation annually, or when significant enterprise changes…
Read MoreCISA released three Industrial Control Systems (ICS) advisories on October 3, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations. Source link lol
Read MoreASD’s ACSC, CISA, FBI, NSA, and International Partners Release Guidance on Principles of OT Cybersecurity for Critical Infrastructure Organizations | CISA
- by nlqip
Today, the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC)—in partnership with CISA, U.S. government and international partners—released the guide Principles of Operational Technology Cybersecurity. This guidance provides critical information on how to create and maintain a safe, secure operational technology (OT) environment. The six principles outlined in this guide are intended to aid…
Read MoreCISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-29824 Ivanti Endpoint Manager (EPM) SQL Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of…
Read MoreToday, the Cybersecurity and Infrastructure Security Agency (CISA) released its Vulnerability Disclosure Policy (VDP) Platform 2023 Annual Report, highlighting the service’s remarkable success in 2023, its second full year of operation. Throughout 2023, CISA focused on advocating for the increased agency adoption of the VDP Platform, supporting federal civilian executive branch (FCEB) agencies in identifying vulnerabilities…
Read MoreCISA released two Industrial Control Systems (ICS) advisories on October 1, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations. Source link lol
Read MoreCISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-25280 D-Link DIR-820 Router OS Command Injection Vulnerability CVE-2020-15415 DrayTek Multiple Vigor Routers OS Command Injection Vulnerability CVE-2021-4043 Motion Spell GPAC Null Pointer Dereference Vulnerability CVE-2019-0344 SAP Commerce Cloud Deserialization of Untrusted Data Vulnerability These types of vulnerabilities are frequent attack vectors…
Read MoreSynology–Synology Drive Client Insertion of sensitive information into log file vulnerability in proxy settings component in Synology Drive Client before 3.3.0-15082 allows remote authenticated users to obtain sensitive information via unspecified vectors. 2024-09-26 6.5 CVE-2022-49037 security@synology.com Synology–Synology Drive Client Out-of-bounds write vulnerability in backup task management functionality in Synology Drive Client before 3.4.0-15721 allows local…
Read MoreMultiple Vulnerabilities in Foxit PDF Reader and Editor Could Allow for Arbitrary Code Execution
- by nlqip
MS-ISAC ADVISORY NUMBER: 2024-105 DATE(S) ISSUED: 09/27/2024 OVERVIEW: Multiple vulnerabilities have been discovered in Foxit PDF Reader and Editor, the most severe of which could result in arbitrary code execution. Foxit PDF Reader is a multilingual freemium PDF tool that can create, view, edit, digitally sign, and print PDF files. Successful exploitation of the most…
Read MoreCisco released its September 2024 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication to address vulnerabilities in IOS and IOS XE. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following and apply the necessary updates: …
Read MoreRecent Posts
- The complexities of cyberattack attribution – Week in security with Tony Anscombe
- Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability
- HACKING 101 Humble Bundle — Between The Hacks
- The U.S. IoT Cybersecurity Improvement Act Becomes Law — Between The Hacks
- BTH News 13December2020 — Between The Hacks