Category: Good news

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-43047 Qualcomm Multiple Chipsets Use-After-Free Vulnerability CVE-2024-43572 Microsoft Windows Management Console Remote Code Execution Vulnerability CVE-2024-43573 Microsoft Windows MSHTML Platform Spoofing Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks…

Read More

Adobe released security updates to address multiple vulnerabilities in Adobe software. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.     CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates:   Security update available for Adobe Substance 3D Printer| APSB24-52 Security…

Read More

Today, CISA and the Federal Bureau of Investigation (FBI) released joint fact sheet, How to Protect Against Iranian Targeting of Accounts Associated with National Political Organizations. This fact sheet provides information about threat actors affiliated with the Iranian Government’s Islamic Revolutionary Guard Corps (IRGC) targeting and compromising accounts of Americans to stoke discord and undermine…

Read More

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-45519 Synacor Zimbra Collaboration Command Execution Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known…

Read More

As hurricanes and other natural disasters occur, CISA urges individuals to remain on alert for potential malicious cyber activity. Fraudulent emails and social media messages—often containing malicious links or attachments—are common after major natural disasters. Exercise caution in handling emails with hurricane-related subject lines, attachments, or hyperlinks. In addition, be wary of social media pleas,…

Read More

MS-ISAC ADVISORY NUMBER: 2024-110 DATE(S) ISSUED: 10/07/2024 OVERVIEW: Multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for remote code execution. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. Successful exploitation of the most severe of…

Read More

GitLab–GitLab  An issue has been discovered in GitLab EE/CE affecting all versions starting from 8.0 before 16.4. The product did not sufficiently warn about security implications of granting merge rights to protected branches. 2024-10-01 6.6 CVE-2023-3441cve@gitlab.comcve@gitlab.comcve@gitlab.comcve@gitlab.com  Kiteworks–OwnCloud  Cross site request forgery in Kiteworks OwnCloud allows an unauthenticated attacker to forge requests. If a request has…

Read More

We recommend the following actions be taken: * Apply appropriate updates provided by Zimbra to vulnerable systems immediately after appropriate testing. (**[M1051](https://attack.mitre.org/mitigations/M1051/): Update Software**)    * **Safeguard 7.1: Establish and Maintain a Vulnerability Management Process:** Establish and maintain a documented vulnerability management process for enterprise assets. Review and update documentation annually, or when significant enterprise changes…

Read More

CISA released three Industrial Control Systems (ICS) advisories on October 3, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations. Source link lol

Read More

Today, the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC)—in partnership with CISA, U.S. government and international partners—released the guide Principles of Operational Technology Cybersecurity. This guidance provides critical information on how to create and maintain a safe, secure operational technology (OT) environment. The six principles outlined in this guide are intended to aid…

Read More