Our news
-
CISA Releases the JCDC AI Cybersecurity Collaboration Playbook and Fact Sheet
Today, CISA released the JCDC AI Cybersecurity Collaboration Playbook and Fact Sheet to foster operational collaboration among government, industry, and international partners and strengthen artificial intelligence (AI) cybersecurity. The playbook provides voluntary information-sharing processes that, if adopted, can help protect organizations from emerging AI threats. Specifically, the playbook: Facilitates collaboration between federal agencies, private industry, international
-
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-12686 BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) OS Command Injection Vulnerability CVE-2024-48365 Qlik Sense HTTP Tunneling Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
-
CISA and US and International Partners Publish Guidance on Priority Considerations in Product Selection for OT Owners and Operators
Today, CISA—along with U.S. and international partners—released joint guidance Secure by Demand: Priority Considerations for Operational Technology Owners and Operators when Selecting Digital Products. As part of CISA’s Secure by Demand series, this guidance focuses on helping customers identify manufacturers dedicated to continuous improvement and achieving a better cost balance, as well as how Operational Technology
-
CISA Releases Four Industrial Control Systems Advisories
CISA released four Industrial Control Systems (ICS) advisories on January 10, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-010-01 Schneider Electric PowerChute Serial Shutdown ICSA-25-010-02 Schneider Electric Harmony HMI and Pro-face HMI Products ICSA-25-010-03 Delta Electronics DRASimuCAD ICSA-24-345-06 Rockwell Automation Arena (Update A) CISA encourages users and
-
Schneider Electric Harmony HMI and Pro-face HMI Products
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Harmony HMI and Pro-face HMI Products Vulnerability: Use of Unmaintained Third-Party Components 2. RISK EVALUATION Successful exploitation of this vulnerability could cause complete control of the device when an authenticated user installs malicious code into HMI product 3.
-
Delta Electronics DRASimuCAD
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: DRASimuCAD Vulnerabilities: Out-of-bounds Write, Type Confusion 2. RISK EVALUATION Successful exploitation of these vulnerabilities could crash the device or potentially allow remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of DRASimuCAD, a robotic simulation platform,
-
CISA Releases the Cybersecurity Performance Goals Adoption Report
Today, CISA released the Cybersecurity Performance Goals Adoption Report to highlight how adoption of Cybersecurity Performance Goals (CPGs) benefits our nation’s critical infrastructure sectors. Originally released in October 2022, CISA’s CPGs are voluntary practices that critical infrastructure owners can take to protect themselves against cyber threats. This report is based on analysis of 7,791 critical
-
Schneider Electric PowerChute Serial Shutdown
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: PowerChute Serial Shutdown Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a denial of access to the web interface when someone on the local network repeatedly requests the /accessdenied URL. 3. TECHNICAL DETAILS