Our news
Fortinet Updates Guidance and Indicators of Compromise following FortiManager Vulnerability Exploitation
Fortinet has updated their security advisory addressing a critical FortiManager vulnerability (CVE-2024-47575) to include additional workarounds and indicators of compromise (IOCs). A remote, unauthenticated cyber threat actor could exploit this vulnerability to gain access to sensitive files or take control of an affected system. At this time, all patches have been released. CISA previously added this…
JCDC’s Industry-Government Collaboration Speeds Mitigation of CrowdStrike IT Outage
CISA, through the Joint Cyber Defense Collaborative (JCDC), enabled swift, coordinated response and information sharing in the wake of a significant IT outage caused by a CrowdStrike software update. This outage, which impacted government, critical infrastructure, and industry across the globe, led to disruptions in essential services, including air travel, healthcare, and financial operations. Leveraging…
Apple Releases Security Updates for Multiple Products
Apple released security updates to address vulnerabilities in multiple Apple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories and apply necessary updates: iOS 18.1 and iPadOS 18.1 iOS 17.7.1 and iPadOS 17.7.1 macOS Sequoia 15.1…
CISA Releases Three Industrial Control Systems Advisories
CISA released three Industrial Control Systems (ICS) advisories on October 29, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-303-01 Siemens InterMesh Subscriber Devices ICSA-24-303-02 Solar-Log Base 15 ICSA-24-303-03 Delta Electronics InfraSuite Device Master CISA encourages users and administrators to review newly released ICS advisories for technical details…
Siemens InterMesh Subscriber Devices
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION: Exploitable remotely/low attack…
Delta Electronics InfraSuite Device Master
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Delta Electronics Equipment: InfraSuite Device Master Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to remotely execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of InfraSuite Device…
Solar-Log Base 15
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.1 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Solar-Log Equipment: Base 15 Vulnerability: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) 2. RISK EVALUATION Successful exploitation of this vulnerability could result in an attacker obtaining unauthorized access. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The…
Joint ODNI, FBI, and CISA Statement
Post Content