Category: Uncategorized
CISA Announces Secure by Design Commitments from Leading Technology Providers
Post Content Read more
CISA Unveils New Public Service Announcement – We Can Secure Our World
Post Content Read more
CISA Releases Two Industrial Control Systems Advisories
CISA released two Industrial Control Systems (ICS) advisories on May 07, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-128-01 PTC Codebeamer ICSA-24-128-02 SUBNET Substation Server CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations. Read more
PTC Codebeamer
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: PTC Equipment: Codebeamer Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to inject malicious code in the application. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of PTC Codebeamer, an application lifecycle management… Read more
SUBNET Substation Server
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Low attack complexity Vendor: Subnet Solutions Inc. Equipment: Substation Server Vulnerabilities: Reliance on Insufficiently Trustworthy Component 2. RISK EVALUATION Successful exploitation of the vulnerabilities in components used by Substation Server could allow privilege escalation, denial-of-service, or arbitrary code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS SUBNET… Read more
Identity Threat and Incident Response Solutions: Why now, and how
Market Drivers Cloud Adoption In 2023, 98% of organizations surveyed by the Identity Defined Security Alliance responded that they had witnessed an increase in number of identities they needed to manage, and 78% of executives responded their organizations had adopted cloud in most, if not all parts of their business. Both markers can be indicative… Read more
DHS, CISA Announce Membership Changes to the Cyber Safety Review Board
Post Content Read more
CISA and FBI Release Secure by Design Alert to Urge Manufacturers to Eliminate Directory Traversal Vulnerabilities
Today, CISA and the Federal Bureau of Investigation (FBI) released a joint Secure by Design Alert, Eliminating Directory Traversal Vulnerabilities in Software. This Alert was crafted in response to recent well-publicized threat actor campaigns that exploited directory traversal vulnerabilities in software (e.g., CVE-2024-1708, CVE-2024-20345) to compromise users of the software—impacting critical infrastructure sectors, including the Healthcare… Read more
Delta Electronics DIAEnergie
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Delta Electronics Equipment: DIAEnergie Vulnerabilities: SQL Injection, Path Traversal 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an authenticated attacker with limited privileges to escalate privileges, retrieve confidential information, upload arbitrary files, backdoor the application, and compromise the system… Read more
CISA Releases Three Industrial Control Systems Advisories
CISA released three Industrial Control Systems (ICS) advisories on May 02, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-123-01 CyberPower PowerPanel ICSA-24-123-02 Delta Electronics DIAEnergie ICSA-24-067-01 Chirp Systems Chirp Access (Update C) CISA encourages users and administrators to review the newly released ICS advisories for technical details… Read more