Category: Good news

CISA released two Industrial Control Systems (ICS) advisories on July 25, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations. Source link lol

Read More

The Internet Systems Consortium (ISC) released security advisories to address vulnerabilities affecting multiple versions of ISC’s Berkeley Internet Name Domain (BIND) 9. A cyber threat actor could exploit one of these vulnerabilities to cause a denial-of-service condition.  CISA encourages users and administrators to review the following advisories and apply the necessary updates:  CVE-2024-4076: Assertion failure…

Read More

MS-ISAC ADVISORY NUMBER: 2024-084 DATE(S) ISSUED: 07/23/2024 OVERVIEW: Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated…

Read More

CISA released four Industrial Control Systems (ICS) advisories on July 23, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations. Source link lol

Read More

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2012-4792 Microsoft Internet Explorer Use-After-Free Vulnerability CVE-2024-39891 Twilio Authy Information Disclosure Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing…

Read More

MS-ISAC ADVISORY NUMBER: 2024-083 DATE(S) ISSUED: 07/22/2024 OVERVIEW: A vulnerability has been discovered in Cisco Secure Email Gateway that could allow for remote code execution. Cisco Secure Email Gateway is an email security product that uses signature analysis and machine learning to identify and block malicious emails before they reach recipients inboxes. Successful exploitation could…

Read More

AcademySoftwareFoundation–OpenImageIO  OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation via a format-agnostic API with a feature set, scalability, and robustness needed for feature film production. In affected versions there is a bug in the heif input functionality of OpenImageIO. Specifically, in `HeifInput::seek_subimage()`.…

Read More

Note: CISA will update this Alert with more information as it becomes available. As of 1130am EDT July 19, 2024:  CISA is aware of the widespread outage affecting Microsoft Windows hosts due to an issue with a recent CrowdStrike update and is working closely with Crowdstrike and federal, state, local, tribal and territorial (SLTT) partners,…

Read More

MS-ISAC ADVISORY NUMBER: 2024-082 DATE(S) ISSUED: 07/18/2024 OVERVIEW: Multiple vulnerabilities have been discovered in Oracle products, the most severe of which could allow for remote code execution. SYSTEMS AFFECTED: JD Edwards EnterpriseOne Orchestrator, versions prior to 9.2.8.3 JD Edwards EnterpriseOne Tools, versions prior to 9.2.8.2 JD Edwards World Security, version A9.4 Management Pack for Oracle…

Read More

Ivanti released security updates to address vulnerabilities in Ivanti Endpoint Manager (EPM) and Ivanti Endpoint Manager for Mobile (EPMM). A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.  CISA encourages users and administrators to review the following Ivanti advisories and apply the necessary updates: Source link lol

Read More