CIS Security Advisories
CIS Security News
CISA News
ISACA SmartBrief
Cyber Security Advisories – MS-ISAC
- Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution 2025-02-12Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; […]
- Multiple Vulnerabilities in Fortinet Products Could Allow for Remote Code Execution 2025-02-12Multiple vulnerabilities have been discovered Fortinet Products, the most severe of which could allow for remote code execution. FortiManager is a network and security management tool that provides centralized management of Fortinet devices from a single console. FortiOS is the Fortinet’s proprietary Operation System which is utilized across multiple product lines. FortiProxy is a secure […]
- Critical Patches Issued for Microsoft Products, February 11, 2025 2025-02-11Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users […]
- Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution 2025-02-11Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install […]
- A Vulnerability in Trimble Cityworks Could Allow for Remote Code Execution 2025-02-06A vulnerability has been discovered in Trimble Cityworks that could allow for remote code execution. Trimble Cityworks is a system that helps manage the lifecycle of assets for public infrastructure. It uses GIS (geographic information systems) to help with tasks such as permitting, licensing, construction, maintenance, and replacement. Successful exploitation of the of this vulnerability […]
- Multiple Vulnerabilities in Google Android OS Could Allow for Privilege Escalation 2025-02-04Multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for privilege escalation. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. Successful exploitation of the most severe of these vulnerabilities could allow for privilege escalation in the […]
- Multiple Vulnerabilities in SimpleHelp RMM Could Allow for Arbitrary Code Execution 2025-01-30Multiple vulnerabilities have been discovered in SimpleHelp RMM that could allow for arbitrary code execution. SimpleHelp is a popular remote access software. Successful exploitation of the most severe of these vulnerabilities when chained together could allow for remote code execution in the context of the system. Depending on the privileges associated with the system, an […]
- Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution 2025-01-28Multiple vulnerabilities have been discovered in Apple products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install […]
- Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution 2025-01-27Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the internet. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on […]
- A Vulnerability in SonicWall Secure Mobile Access (SMA) 1000 Series Appliances Could Allow for Remote Code Execution 2025-01-27A vulnerability has been discovered in SonicWall Secure Mobile Access (SMA) 1000 Series Appliances which could allow for remote code execution. SonicWall Secure Mobile Access (SMA) is a unified secure access gateway used by organizations to provide employees access to applications from anywhere. Successful exploitation of this vulnerability could allow for remote code execution. Depending […]
Blog Feed – Center for Internet Security
- CIS Benchmarks January 2025 Update 2025-01-14Here is an overview of the CIS Benchmarks that the Center for Internet Security updated or released for January 2025.
- Top 5 Weakest Security Configurations and How to Fix Them 2025-01-02In H2 2024, the CIS CTI team found weak security configurations through passive scans of customers' external networks. Here's how to stay secure.
- CIS Benchmarks December 2024 Update 2024-12-10Here is an overview of the CIS Benchmarks that the Center for Internet Security updated or released for December 2024.
- Lynx Ransomware Pouncing on Utilities 2024-12-10The Lynx ransomware group targeted multiple U.S. facilities in 2024. Here's how your facility can strengthen your defenses against threats like Lynx.
- 2024 General Election Incident Reporting Wrap-up 2024-12-10The CIS CTI team responded to member incident reports and monitored reporting trends around the 2024 General Election. Here's what the team observed.
- 12 CIS Experts' Cybersecurity Predictions for 2025 2024-12-05We spoke to a dozen experts at the Center for Internet Security® (CIS®) about their cybersecurity predictions for 2025. Here's what they had to say.
- The Ongoing Evolution of the CIS Critical Security Controls 2024-11-26For decades, enterprises around the world have used the CIS Critical Security Controls to grow their cyber defenses. Learn how they continue to evolve.
- CIS Benchmarks November 2024 Update 2024-11-07Here is an overview of the CIS Benchmarks that the Center for Internet Security updated or released for November 2024.
- Top 10 Malware Q3 2024 2024-10-25In Q3 2024, the Top 10 Malware observed via the monitoring services of the MS-ISAC® changed moderately from the previous quarter. See what's new.
- CIS Benchmarks October 2024 Update 2024-10-07Here is an overview of the CIS Benchmarks that the Center for Internet Security updated or released for October 2024.
ICS Advisories
- Siemens SIMATIC IPC DiagBase and SIMATIC IPC DiagMonitor 2025-02-13As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.3 ATTENTION: Exploitable locally Vendor: […]CISA
- Siemens APOGEE PXC and TALON TC Series 2025-02-13As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack […]CISA
- mySCADA myPRO Manager 2025-02-13View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: mySCADA Equipment: myPRO Manager Vulnerabilities: OS Command Injection, Missing Authentication for Critical Function, Cleartext Storage of Sensitive Information, Cross-Site Request Forgery (CSRF) 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary OS commands, upload files, […]CISA
- Siemens SIPROTEC 5 2025-02-13As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION: Low attack complexity […]CISA
- Siemens SIMATIC 2025-02-13As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack […]CISA
- Outback Power Mojave Inverter 2025-02-13View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Outback Power Equipment: Mojave Inverter Vulnerabilities: Use of GET Request Method With Sensitive Query Strings, Exposure of Sensitive Information to an Unauthorized Actor, Command Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to access sensitive data […]CISA
- ORing IAP-420 2025-02-13View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: ORing Equipment: IAP-20 Vulnerabilities: Cross-site Scripting, Command Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to invoke commands to compromise the device via the management interface. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The […]CISA
- Siemens OpenV2G 2025-02-13As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.2 ATTENTION: Low attack complexity […]CISA
- Siemens SIMATIC S7-1200 CPU Family 2025-02-13As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack […]CISA
- Siemens Teamcenter 2025-02-13As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION: Exploitable remotely/low attack […]CISA
ISACA SmartBrief on Cybersecurity
- SmartBrief closed Feb. 17 2025-02-14In observance of Presidents Day, SmartBrief will be closed on Monday, Feb. 17.
- Who Said It? Never give up, for that is just the place and time that the tide will turn. 2025-02-14Harriet Beecher Stowe or Mae Jemison Check your answer here.
- IoT data breach exposes 2.7B records tied to Mars Hydro 2025-02-14A data breach has exposed 2.7 billion records, including sensitive information such as Wi-Fi passwords and IP addresses. -More-
- AI adoption reshapes business liability landscape 2025-02-14The integration of AI in business operations introduces unique liability risks, such as algorithm errors and data privacy con -More-
- How CISOs, boards differ on cybersecurity priorities 2025-02-14A Splunk report delves into the differing views between chief information security officers and boards on cybersecurity prior -More-
- Agencies warn against buffer overflow vulnerabilities 2025-02-14The Cybersecurity and Infrastructure Security Agency and FBI have issued a joint advisory warning software developers against -More-
- Microsoft: Sandworm subgroup targets US, UK, Australia 2025-02-14A subgroup of Russia's Sandworm, tracked as Seashell Blizzard, has targeted organizations in the US, UK, Canada and Australia -More-
- Report: Ransomware gangs adapt with evasion tactics 2025-02-14Ransomware gangs are using more sophisticated tactics to counter stronger enterprise defenses and increased law enforcement, -More-
- AI in cybersecurity requires careful consideration 2025-02-14AI is transforming health care by enhancing security measures and improving operational efficiency. -More-




