Today, CISA, in response to active, targeted exploitation, released guidance for addressing Citrix NetScaler ADC and Gateway vulnerability CVE-2023-4966. The vulnerability, also known as Citrix Bleed, could allow a cyber actor to take control of an affected system. CISA recommends organizations patch unmitigated appliances, hunt for any malicious activity, and report any positive findings to

Today, the Federal Emergency Management Agency (FEMA) and the Cybersecurity and Infrastructure Security Agency (CISA) released the joint guide Planning Considerations for Cyber Incidents: Guidance for Emergency Managers to provide state, local, tribal, and territorial (SLTT) emergency managers with foundational knowledge of cyber incidents to increase cyber preparedness efforts in their jurisdictions. Emergency managers should

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-22518 Atlassian Confluence Data Center and Server Improper Authorization Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view other newly added vulnerabilities in the catalog, click

CISA released one Industrial Control Systems (ICS) advisory on November 7, 2023. This advisory provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS.  ICSA-23-311-01 GE MiCOM S1 Agile CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations.

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Low attack complexity Vendor: General Electric Equipment: MiCOM S1 Agile Vulnerability: Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to upload malicious files and achieve code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of General