Read more about the article IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities

IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities

  • Post author:
  • Post category:

SUMMARY The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Environmental Protection Agency (EPA), and the Israel National Cyber Directorate (INCD)—hereafter referred to as "the authoring agencies"—are disseminating this joint Cybersecurity Advisory (CSA) to highlight continued malicious cyber activity against operational technology devices by Iranian Government Islamic Revolutionary

Continue ReadingIRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities
Read more about the article Apple Releases Security Updates for Multiple Products

Apple Releases Security Updates for Multiple Products

  • Post author:
  • Post category:

Apple has released security updates to address vulnerabilities within Safari, macOS Sonoma, iOS, and iPadOS. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system.  CISA encourages users and administrators to review the following advisories and apply necessary updates: Safari 17.1.2 macOS Sonoma 14.1.2 iOS 17.1.2 and iPad

Continue ReadingApple Releases Security Updates for Multiple Products
Read more about the article CISA Removes One Known Exploited Vulnerability From Catalog

CISA Removes One Known Exploited Vulnerability From Catalog

  • Post author:
  • Post category:

CISA is continually collaborating with partners across government and the private sector. As a result of this collaboration, CISA has concluded that there is insufficient evidence to keep the following CVE in the catalog and has removed it: CVE-2022-28958 DIR-816L Remote Code Execution Vulnerability Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited

Continue ReadingCISA Removes One Known Exploited Vulnerability From Catalog
Read more about the article Multiple Vulnerabilities Affecting Web-Based Court Case and Document Management Systems

Multiple Vulnerabilities Affecting Web-Based Court Case and Document Management Systems

  • Post author:
  • Post category:

CISA has assisted a researcher with coordinating the disclosure of multiple researcher-discovered vulnerabilities affecting web-based case and document management systems used by multiple state, county, and municipal courts. Affected systems include products from Tyler Technologies and Catalis and custom software used by specific counties in Florida. In summary, the vulnerabilities allow an unauthenticated, remote attacker

Continue ReadingMultiple Vulnerabilities Affecting Web-Based Court Case and Document Management Systems
Read more about the article CISA Releases Four Industrial Control Systems Advisories

CISA Releases Four Industrial Control Systems Advisories

  • Post author:
  • Post category:

CISA released four Industrial Control Systems (ICS) advisories on November 30, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-334-01 Delta Electronics DOPSoft ICSA-23-334-02 Yokogawa STARDOM ICSA-23-334-03 PTC KEPServerEx ICSA-23-334-04 Mitsubishi Electric FA Engineering Software Products CISA encourages users and administrators to review the newly released ICS advisories

Continue ReadingCISA Releases Four Industrial Control Systems Advisories