CISA Adds One Known Exploited Vulnerability to Catalog

  • Post author:
  • Post category:

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2018-15133 Laravel Deserialization of Untrusted Data Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.  Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited

Continue ReadingCISA Adds One Known Exploited Vulnerability to Catalog

CISA Releases Two Industrial Control Systems Advisories

  • Post author:
  • Post category:

CISA released two Industrial Control Systems (ICS) advisories on January 16, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-016-01 SEW-EURODRIVE MOVITOOLS MotionStudio  ICSA-24-016-02 Integration Objects OPC UA Server Toolkit CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations.

Continue ReadingCISA Releases Two Industrial Control Systems Advisories

ICS Advisory: Integration Objects OPC UA Server Toolkit

  • Post author:
  • Post category:

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Integration Objects Equipment: OPC UA Server Toolkit Vulnerability: Improper Output Neutralization for Logs 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to add content to the log file. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following

Continue ReadingICS Advisory: Integration Objects OPC UA Server Toolkit

ICS Advisory: SEW-EURODRIVE MOVITOOLS MotionStudio

  • Post author:
  • Post category:

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Low attack complexity Vendor: SEW-EURODRIVE Equipment: MOVITOOLS MotionStudio Vulnerability: Improper Restriction of XML EXTERNAL Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability could result in open access to file information. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of MOVITOOLS MotionStudio are affected:

Continue ReadingICS Advisory: SEW-EURODRIVE MOVITOOLS MotionStudio

CISA and FBI Release Known IOCs Associated with Androxgh0st Malware

  • Post author:
  • Post category:

Today, CISA and the Federal Bureau of Investigation (FBI) released a joint Cybersecurity Advisory (CSA), Known Indicators of Compromise Associated with Androxgh0st Malware, to disseminate known indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) associated with threat actors deploying Androxgh0st malware. Androxgh0st malware establishes a botnet for victim identification and exploitation in vulnerable

Continue ReadingCISA and FBI Release Known IOCs Associated with Androxgh0st Malware