CISA Archives - Page 14 of 26

Pierluigi Paganini October 14, 2023

CISA warns of vulnerabilities and misconfigurations exploited in ransomware attacks

CISA warns organizations of vulnerabilities and misconfigurations that are known to be exploited in ransomware operations. The US cybersecurity agency CISA is sharing knowledge about vulnerabilities and misconfigurations exploited in ransomware attacks. The initiative is part of its Ransomware Vulnerability Warning Pilot (RVWP) program which launched this year. The US Agency is sharing this information […]

Pierluigi Paganini October 05, 2023

CISA adds JetBrains TeamCity and Windows flaws to its Known Exploited Vulnerabilities catalog

The U.S. CISA added JetBrains TeamCity and Windows vulnerabilities to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the JetBrains TeamCity flaw CVE-2023-42793 (CVSS score: 9.8) and Windows bug CVE-2023-28229 (CVSS score: 7.0) to its Known Exploited Vulnerabilities Catalog. Below are the descriptions of the two vulnerabilities: According to Binding Operational Directive […]

Pierluigi Paganini September 29, 2023

CISA adds JBoss RichFaces Framework flaw to its Known Exploited Vulnerabilities catalog

US CISA added the flaw CVE-2018-14667 in Red Hat JBoss RichFaces Framework to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added the critical flaw CVE-2018-14667 (CVSS score 9.8) affecting Red Hat JBoss RichFaces Framework to its Known Exploited Vulnerabilities Catalog. The issue is an Expression Language (EL) injection via the UserResource resource, […]

Pierluigi Paganini September 22, 2023

CISA adds Trend Micro Apex One and Worry-Free Business Security flaw to its Known Exploited Vulnerabilities catalog

US CISA added the flaw CVE-2023-41179 in Trend Micro Apex and other security products to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added the high-severity flaw CVE-2023-41179 (CVSS score 7.2) affecting Trend Micro Apex One and Worry-Free Business Security to its Known Exploited Vulnerabilities Catalog. Trend Micro this week has released security updates to patch […]

Pierluigi Paganini September 06, 2023

MITRE and CISA release Caldera for OT attack emulation

MITRE and CISA released a Caldera extension for OT that allows the emulation of attacks on operational technology systems. MITRE Caldera is an open-source adversary emulation platform that helps cybersecurity practitioners to automate security assessments. The tool is built on the MITRE ATT&CK framework, which is a widely-recognized framework for understanding and responding to cyber […]

Pierluigi Paganini August 31, 2023

Russia-linked hackers target Ukrainian military with Infamous Chisel Android malware

Russia-linked threat actors have been targeting Android devices of the Ukrainian military with a new malware dubbed Infamous Chisel. GCHQ’s National Cyber Security Centre and international partners reported that Russia-linked threat actors are using a new malware to target the Ukrainian military Government experts attribute the attack to the Russian military intelligence service the GRU. […]

Pierluigi Paganini August 16, 2023

CISA adds flaw in Citrix ShareFile to its Known Exploited Vulnerabilities catalog

US CISA added critical vulnerability CVE-2023-24489 in Citrix ShareFile to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added critical flaw CVE-2023-24489 (CVSS score 9.8) affecting Citrix ShareFile to its Known Exploited Vulnerabilities Catalog. Citrix ShareFile is a secure file sharing and storage platform designed for businesses and professionals to collaborate on documents, exchange […]

Pierluigi Paganini August 10, 2023

CISA discovered a new backdoor, named Whirlpool, used in Barracuda ESG attacks

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) observed a new backdoor, named Whirlpool, in attacks on Barracuda ESG appliances. The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has discovered a new backdoor, named Whirlpool, that was employed in attacks targeting Barracuda ESG devices. At the end of May, the network security solutions provider Barracuda warned […]

Pierluigi Paganini August 10, 2023

CISA adds actively exploited flaw in .NET, Visual Studio to its Known Exploited Vulnerabilities catalog

US CISA added zero-day vulnerability CVE-2023-38180 affecting .NET and Visual Studio to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added an actively exploited zero-day vulnerability CVE-2023-38180 (CVSS score 7.5) affecting .NET and Visual Studio to its Known Exploited Vulnerabilities Catalog. The vulnerability can be exploited to trigger a denial-of-service (DoS) condition, […]

Pierluigi Paganini August 04, 2023

CISA, FBI, and NSA published the list of 12 most exploited vulnerabilities of 2022

CISA, the FBI, and NSA, along with Five Eyes cybersecurity agencies published a list of the 12 most exploited vulnerabilities of 2022. CISA, the NSA, and the FBI, in collaboration with cybersecurity authorities from Australia, Canada, New Zealand, and the United Kingdom, have published a list of the 12 most exploited vulnerabilities of 2022. The […]

CISA

CISA warns of vulnerabilities and misconfigurations exploited in ransomware attacks

CISA adds JetBrains TeamCity and Windows flaws to its Known Exploited Vulnerabilities catalog

CISA adds JBoss RichFaces Framework flaw to its Known Exploited Vulnerabilities catalog

CISA adds Trend Micro Apex One and Worry-Free Business Security flaw to its Known Exploited Vulnerabilities catalog

MITRE and CISA release Caldera for OT attack emulation

Russia-linked hackers target Ukrainian military with Infamous Chisel Android malware

CISA adds flaw in Citrix ShareFile to its Known Exploited Vulnerabilities catalog

CISA discovered a new backdoor, named Whirlpool, used in Barracuda ESG attacks

CISA adds actively exploited flaw in .NET, Visual Studio to its Known Exploited Vulnerabilities catalog

CISA, FBI, and NSA published the list of 12 most exploited vulnerabilities of 2022

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

McLaren Health Care data breach impacted over 743,000 people

American steel giant Nucor confirms data breach in May attack

The financial impact of Marks & Spencer and Co-op cyberattacks could reach £440M

Iran-Linked Threat Actors Cyber Fattah Leak Visitors and Athletes' Data from Saudi Games

Qilin ransomware gang now offers a "Call Lawyer" feature to pressure victims

QUICK LINKS

CISA

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Subscribe to my email list and stay
up-to-date!