Category: Good news

Oracle released its quarterly Critical Patch Update Advisory for October 2024 to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.  CISA encourages users and administrators to review the following Oracle Critical Patch Update Advisory and apply the necessary updates:  Source link…

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog…

A WP Life–Contact Form Widget  Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Contact Form Widget allows Cross Site Request Forgery.This issue affects Contact Form Widget: from n/a through 1.4.2. 2024-10-17 5.4 CVE-2024-48037 audit@patchstack.com  acronis — cyber_files  Sensitive information disclosure due to spell-jacking. The following products are affected: Acronis Cyber Files (Windows) before build…

MS-ISAC ADVISORY NUMBER: 2024-117 DATE(S) ISSUED: 10/15/2024 OVERVIEW: Multiple vulnerabilities have been discovered in Oracle products, the most severe of which could allow for remote code execution. SYSTEMS AFFECTED: Autonomous Health Framework, versions prior to 24.9 GoldenGate Stream Analytics, versions 19.1.0.0.0-19.1.0.0.9 Management Cloud Engine, version 24.1.0.0.0 MySQL Client, versions 8.0.39 and prior, 8.4.2 and prior,…

MS-ISAC ADVISORY NUMBER: 2024-119 DATE(S) ISSUED: 10/18/2024 OVERVIEW: Multiple vulnerabilities have been discovered in Microsoft Edge (Chromium-based), the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges…

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-40711 Veeam Backup and Replication Deserialization Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known…

CISA released seven Industrial Control Systems (ICS) advisories on October 17, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations. Source link lol

Today, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) released joint guidance on Product Security Bad Practices, a part of CISA’s Secure by Design initiative. This joint guidance supplies an overview of exceptionally risky product security bad practices for software manufacturers who produce software in support of critical infrastructure…

Today, CISA published the Framing Software Component Transparency, created by the Software Bill of Materials (SBOM) Tooling & Implementation Working Group, one of the five SBOM community-driven workstreams facilitated by CISA. CISA’s community-driven working groups publish documents and reports to advance and refine SBOM and ultimately promote adoption. This resource serves as the detailed foundation of SBOM,…

Today, CISA—with the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and international partners—released joint Cybersecurity Advisory Iranian Cyber Actors Brute Force and Credential Access Activity Compromises Critical Infrastructure. This advisory provides known indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) used by Iranian actors to impact organizations across multiple critical…