Our news

  • CISA and FBI Release Fact Sheet on Protecting Against Iranian Targeting of Accounts Associated with National Political Organizations

    Today, CISA and the Federal Bureau of Investigation (FBI) released joint fact sheet, How to Protect Against Iranian Targeting of Accounts Associated with National Political Organizations. This fact sheet provides information about threat actors affiliated with the Iranian Government’s Islamic Revolutionary Guard Corps (IRGC) targeting and compromising accounts of Americans to stoke discord and undermine…

    READ MORE

  • Avoid Scams After Disaster Strikes

    As hurricanes and other natural disasters occur, CISA urges individuals to remain on alert for potential malicious cyber activity. Fraudulent emails and social media messages—often containing malicious links or attachments—are common after major natural disasters. Exercise caution in handling emails with hurricane-related subject lines, attachments, or hyperlinks. In addition, be wary of social media pleas,…

    READ MORE

  • CISA Adds One Known Exploited Vulnerability to Catalog

    CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-45519 Synacor Zimbra Collaboration Command Execution Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known…

    READ MORE

  • TEM Opera Plus FM Family Transmitter

    View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: TEM Equipment: Opera Plus FM Family Transmitter Vulnerabilities: Missing Authentication for Critical Function, Cross-Site Request Forgery (CSRF) 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to perform remote code execution. 3. TECHNICAL DETAILS 3.1…

    READ MORE

  • Subnet Solutions Inc. PowerSYSTEM Center

    View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Subnet Solutions Inc. Equipment: PowerSYSTEM Center Vulnerabilities: Server-Side Request Forgery (SSRF), Inefficient Regular Expression Complexity, Cross-Site Request Forgery (CSRF) 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in an attacker bypassing a proxy, creating a denial-of-service condition, or viewing…

    READ MORE

  • CISA Releases Three Industrial Control Systems Advisories

    CISA released three Industrial Control Systems (ICS) advisories on October 3, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-277-01 TEM Opera Plus FM Family Transmitter ICSA-24-277-02 Subnet Solutions Inc. PowerSYSTEM Center ICSA-24-277-03 Delta Electronics DIAEnergie CISA encourages users and administrators to review newly released ICS advisories for…

    READ MORE

  • Delta Electronics DIAEnergie

    View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Delta Electronics Equipment: DIAEnergie Vulnerabilities: SQL Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to retrieve records or cause a denial of service. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Delta Electronics DIAEnergie,…

    READ MORE

  • CISA Adds One Known Exploited Vulnerability to Catalog

    CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-29824 Ivanti Endpoint Manager (EPM) SQL Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of…

    READ MORE

  • ASD’s ACSC, CISA, FBI, NSA, and International Partners Release Guidance on Principles of OT Cybersecurity for Critical Infrastructure Organizations

    Today, the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC)—in partnership with CISA, U.S. government and international partners—released the guide Principles of Operational Technology Cybersecurity. This guidance provides critical information on how to create and maintain a safe, secure operational technology (OT) environment. The six principles outlined in this guide are intended to aid…

    READ MORE