Menu
CIS Security Advisories
CIS Security News
CISA News
ISACA SmartBrief
Cyber Security Advisories – MS-ISAC
- Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution 2024-10-02Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; […]
- A Vulnerability in Zimbra Collaboration Could Allow for Remote Code Execution 2024-10-02A vulnerability has been discovered in Zimbra Collaboration which could allow for remote code execution. Zimbra is a collaborative software suite that includes an email server and a web client. Successful exploitation of this vulnerability could allow for remote code execution in the context of the Zimbra user. Depending on the privileges associated with the […]
- Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution 2024-10-01Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet. Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations.Mozilla Thunderbird is an email client. Successful exploitation of […]
- Multiple Vulnerabilities in PHP Could Allow for Remote Code Execution 2024-09-27Multiple vulnerabilities have been discovered in PHP, the most severe of which could allow for remote code execution. PHP is a programming language originally designed for use in web-based applications with HTML content. Successful exploitation could allow for remote code execution in the context of the affected service account. Depending on the privileges associated with […]
- Multiple Vulnerabilities in Foxit PDF Reader and Editor Could Allow for Arbitrary Code Execution 2024-09-27Multiple vulnerabilities have been discovered in Foxit PDF Reader and Editor, the most severe of which could result in arbitrary code execution. Foxit PDF Reader is a multilingual freemium PDF tool that can create, view, edit, digitally sign, and print PDF files. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary […]
- Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution 2024-09-26Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install […]
- Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution 2024-09-26Multiple vulnerabilities have been discovered in Apple products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install […]
- Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution 2024-09-26Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install […]
- Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution 2024-09-26Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution.Adobe is a software that is used for creating and publishing a wide variety of contents including graphics, photography, illustration, animation, multimedia, motion pictures and print. Successful exploitation of the most severe of these vulnerabilities could allow […]
- Multiple Vulnerabilities in Ivanti Products Could Allow for Remote Code Execution 2024-09-26Multiple vulnerabilities have been discovered in Ivanti products, the most severe of which could allow for remote code execution. Ivanti Endpoint Manager is a client-based unified endpoint management software.Ivanti Cloud Service Appliance (CSA) is an Internet appliance that provides secure communication and functionality over the Internet.Ivanti Workspace Control (IWC) is a Windows desktop configuration and […]
Blog Feed – Center for Internet Security
- CIS Benchmarks Community Volunteer Spotlight: Rick Handley 2024-09-25Learn about CIS Benchmarks Community Volunteer Rick Handley. Handley has been a Community Member for 10 years and has a background in Microsoft 365 security.
- CIS Controls Community Volunteer Spotlight: Shane Markley 2024-09-23Members of the CIS Controls Community volunteer their expertise and time for the greater good of cybersecurity. Shane Markley shares how he plays his part.
- CIS Hardened Images: Reconciling Cloud Security and Services 2024-09-16Don't want cloud security to limit performance or availability? Learn how we've been testing CIS Hardened Images with cloud services to support your needs!
- 8 Security Essentials for Managing Your Online Presence 2024-09-13
- How to Integrate CSPM into Your Clients’ IaaS Strategy 2024-09-12Want to protect your clients against breaches in the cloud? Learn how the CIS Hardened Images can help your clients take a comprehensive approach to CSPM.
- Building a Reasonable Cyber Defense Program 2024-09-11Looking to build a reasonable cyber defense program? Here are seven policy elements you can incorporate into your program with the help of CIS SecureSuite®.
- CIS Benchmarks September 2024 Update 2024-09-10Here is an overview of the CIS Benchmarks that the Center for Internet Security updated or released for September 2024.
- The Chinese Communist Party (CCP): A Quest for Data Control 2024-08-14We assess apps owned by the People’s Republic of China (PRC) and the potential threat posed to users. Does the PRC leverage these apps for data collection and influence operations?
- Top 10 Malware Q2 2024 2024-08-09Both ZPHP and DarkGate made their first appearance in the Top 10 Malware list for Q2 2024. Here's what else the CIS Cyber Threat Intelligence team observed.
- CIS Benchmarks August 2024 Update 2024-08-02Here is an overview of the CIS Benchmarks that the Center for Internet Security updated or released for August 2024.
ICS Advisories
- Subnet Solutions Inc. PowerSYSTEM Center 2024-10-03View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Subnet Solutions Inc. Equipment: PowerSYSTEM Center Vulnerabilities: Server-Side Request Forgery (SSRF), Inefficient Regular Expression Complexity, Cross-Site Request Forgery (CSRF) 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in an attacker bypassing a proxy, creating a denial-of-service condition, or viewing […]CISA
- TEM Opera Plus FM Family Transmitter 2024-10-03View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: TEM Equipment: Opera Plus FM Family Transmitter Vulnerabilities: Missing Authentication for Critical Function, Cross-Site Request Forgery (CSRF) 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to perform remote code execution. 3. TECHNICAL DETAILS 3.1 […]CISA
- Delta Electronics DIAEnergie 2024-10-03View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Delta Electronics Equipment: DIAEnergie Vulnerabilities: SQL Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to retrieve records or cause a denial of service. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Delta Electronics DIAEnergie, […]CISA
- Optigo Networks ONS-S8 Spectra Aggregation Switch 2024-10-01View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Optigo Networks Equipment: ONS-S8 - Spectra Aggregation Switch Vulnerabilities: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion'), Weak Authentication 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to achieve remote code […]CISA
- Mitsubishi Electric MELSEC iQ-F FX5-OPC 2024-10-01View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC iQ-F FX5-OPC Vulnerability: NULL Pointer Dereference 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to cause a Denial-of-Service (DoS) condition on the product by getting a legitimate user to import a specially […]CISA
- Atelmo Atemio AM 520 HD Full HD Satellite Receiver 2024-09-26View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Atelmo Equipment: Atemio AM 520 HD Full HD Satellite Receiver Vulnerability: OS Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthorized attacker to execute system commands with elevated privileges. 3. TECHNICAL DETAILS 3.1 […]CISA
- goTenna Pro ATAK Plugin 2024-09-26View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: Low attack complexity Vendor: goTenna Equipment: Pro ATAK Plugin Vulnerabilities: Weak Password Requirements, Insecure Storage of Sensitive Information, Missing Support for Integrity Check, Cleartext Transmission of Sensitive Information, Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG), Weak Authentication, Insertion of Sensitive Information Into Sent Data, Observable […]CISA
- Advantech ADAM-5630 2024-09-26View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Advantech Equipment: ADAM-5630 Vulnerabilities: Use of Persistent Cookies Containing Sensitive Information 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to hijack a legitimate user's session, perform cross-site request forgery, or cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 […]CISA
- goTenna Pro X and Pro X2 2024-09-26View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Low attack complexity Vendor: goTenna Equipment: Pro series Vulnerabilities: Weak Password Requirements, Insecure Storage of Sensitive Information, Missing Support for Integrity Check, Cleartext Transmission of Sensitive Information, Improper Restriction of Communication Channel to Intended Endpoints, Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG), Weak Authentication, Insertion […]CISA
- Advantech ADAM-5550 2024-09-26View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Low attack complexity Vendor: Advantech Equipment: ADAM-5550 Vulnerabilities: Weak Encoding for Password, Cross-site Scripting 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a remote attacker to intercept the easily decodable credentials of a legitimate user to gain full access to the device and could […]CISA
ISACA SmartBrief on Cybersecurity
- AI data bottlenecks no match for synthetic data 2024-10-04Synthetic data is emerging as a powerful solution to several critical bottlenecks in AI development and deployment, writes Al -More-
- Who Said It? Show up, show up, show up, and after a while the muse shows up, too. If she doesn't show up invited, eventually she just shows up. 2024-10-04Isabel Allende or Maggie Smith Check your answer here.
- UK companies seek talent with basic computer skills 2024-10-04UK prioritizes basic technical skills over AI expertise, with research by Indeed showing that only a small percentage of job -More-
- The hot data center market isn't without challenges 2024-10-04The data center market is experiencing rapid growth, with projections indicating its value will surpass $340 billion in 2024 -More-
- Data-minimization requirements in Md. are catching on 2024-10-04Coraleine Kitt of the Flaster Greenberg law firm updates state data privacy laws, which now number 19. -More-
- How the HHS cybersecurity office can help after an attack 2024-10-04The HHS Administration for Strategic Preparedness and Response can help hospitals and health systems in the aftermath of a cy -More-
- CISO role still popular despite pressure, responsibility 2024-10-04Derek Vadala, the chief risk officer at Bitsight, discusses the 2019 SolarWinds case and its repercussions for CISOs, noting -More-
- Hackers target security vulnerabilities in the C-suite 2024-10-04New research highlights that C-suite executives are increasingly targeted by cyberattacks, with most US-based senior executiv -More-
- Justice Dept. boosts effort to fight cybercrime 2024-10-04The Justice Department's Computer Crime and Intellectual Property Section has introduced its new "Strategic Approach to Count -More-