Category: Good news

Today, CISA publicly issued Emergency Directive (ED) 24-02 to address the recent campaign by Russian state-sponsored cyber actor Midnight Blizzard to exfiltrate email correspondence of Federal Civilian Executive Branch (FCEB) agencies through a successful compromise of Microsoft corporate email accounts. This Directive rhttps://www.cisa.gov/news-events/directives/ed-24-02-mitigating-significant-risk-nation-state-compromise-microsoft-corporate-email-systemequires agencies to analyze the content of exfiltrated emails, reset compromised credentials, and…

CISA is collaborating with private industry partners to respond to a recent compromise discovered by independent security researchers impacting Sisense, a company that provides data analytics services. CISA urges Sisense customers to: Reset credentials and secrets potentially exposed to, or used to access, Sisense services.  Investigate—and report to CISA—any suspicious activity involving credentials potentially exposed…

Apply the stable channel update provided by Adobe to vulnerable systems immediately after appropriate testing. (M1051: Update Software)o Safeguard 7.1 : Establish and Maintain a Vulnerability Management Process: Establish and maintain a documented vulnerability management process for enterprise assets. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard.o…

Microsoft released security updates to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.   Users and administrators are encouraged to review the following and apply the necessary updates:   Source link lol

Adobe has released security updates to address multiple vulnerabilities in Adobe software. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. Users and administrators are encouraged to review the following Adobe Security Bulletins and apply the necessary updates:   Source link lol

Fortinet released security updates to address vulnerabilities in multiple products, including OS and FortiProxy. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.  CISA encourages users and administrators to review the following advisories and apply necessary updates:  FR-IR-23-345 FortiClientMac – Lack of configuration file validation FG-IR-23-493 FortiOS…

Fortinet released security updates to address vulnerabilities in multiple products, including OS and FortiProxy. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.  CISA encourages users and administrators to review the following advisories and apply necessary updates:    FR-IR-23-345 FortiClientMac – Lack of configuration file validation FG-IR-23-493…

CISA released one Industrial Control Systems (ICS) advisory on April 9, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations. Source link lol

alsendo_sp._z_o._o. — apaczka  Improper access control vulnerability in Apaczka plugin for PrestaShop allows information gathering from saved templates without authentication.This issue affects Apaczka plugin for PrestaShop from v1 through v4. 2024-04-04 not yet calculated CVE-2024-2759cvd@cert.plcvd@cert.pl amphp — amphp/http-client  amphp/http will collect CONTINUATION frames in an unbounded buffer and will not check a limit until it…

MS-ISAC ADVISORY NUMBER: 2024-034 DATE(S) ISSUED: 04/05/2024 OVERVIEW: A vulnerability has been discovered in Broadcom Brocade Fabric OS that could allow for arbitrary code execution. Broadcom Brocade Fabric OS is the storage area networking firmware for Brocade Communications Systems’ Fibre Channel switch and Fibre Channel directors. Successful exploitation of this vulnerability could allow for arbitrary…