Our news

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Delta Electronics Equipment: DIAEnergie Vulnerabilities: SQL Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to retrieve records or cause a denial of service. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Delta Electronics DIAEnergie,…

READ MORE →

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-29824 Ivanti Endpoint Manager (EPM) SQL Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of…

READ MORE →

Today, the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC)—in partnership with CISA, U.S. government and international partners—released the guide Principles of Operational Technology Cybersecurity. This guidance provides critical information on how to create and maintain a safe, secure operational technology (OT) environment. The six principles outlined in this guide are intended to aid…

READ MORE →

Post Content

READ MORE →

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC iQ-F FX5-OPC Vulnerability: NULL Pointer Dereference 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to cause a Denial-of-Service (DoS) condition on the product by getting a legitimate user to import a specially…

READ MORE →

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Optigo Networks Equipment: ONS-S8 – Spectra Aggregation Switch Vulnerabilities: Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’), Weak Authentication 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to achieve remote code…

READ MORE →

CISA released two Industrial Control Systems (ICS) advisories on October 1, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-275-01 Optigo Networks ONS-S8 Spectra Aggregation Switch ICSA-24-275-02 Mitsubishi Electric MELSEC iQ-F FX5-OPC CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

READ MORE →

Today, the Cybersecurity and Infrastructure Security Agency (CISA) released its Vulnerability Disclosure Policy (VDP) Platform 2023 Annual Report, highlighting the service’s remarkable success in 2023, its second full year of operation. Throughout 2023, CISA focused on advocating for the increased agency adoption of the VDP Platform, supporting federal civilian executive branch (FCEB) agencies in identifying vulnerabilities…

READ MORE →

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-25280 D-Link DIR-820 Router OS Command Injection Vulnerability CVE-2020-15415 DrayTek Multiple Vigor Routers OS Command Injection Vulnerability CVE-2021-4043 Motion Spell GPAC Null Pointer Dereference Vulnerability CVE-2019-0344 SAP Commerce Cloud Deserialization of Untrusted Data Vulnerability These types of vulnerabilities are frequent attack vectors…

READ MORE →

Cisco released its September 2024 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication to address vulnerabilities in IOS and IOS XE. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.   CISA encourages users and administrators to review the following and apply the necessary updates: …

READ MORE →