Read more about the article CISA, Government, and Industry Partners Publish Fact Sheet for Organizations Using Open Source Software

CISA, Government, and Industry Partners Publish Fact Sheet for Organizations Using Open Source Software

  • Post author:
  • Post category:

October 10, 2023,Fact sheet provides software security challenges and recommendations to improve security and risk management of OSS use at operational technology vendors and critical infrastructure facilities WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), National Security Agency (NSA), and U.S. Department of the Treasury published new guidance today on

Continue ReadingCISA, Government, and Industry Partners Publish Fact Sheet for Organizations Using Open Source Software
Read more about the article Microsoft Releases October 2023 Security Updates

Microsoft Releases October 2023 Security Updates

  • Post author:
  • Post category:

An official website of the United States government Official websites use .gov A .gov website belongs to an official government organization in the United States. Secure .gov websites use HTTPS A lock (LockA locked padlock) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites. America's Cyber

Continue ReadingMicrosoft Releases October 2023 Security Updates
Read more about the article Citrix Releases Security Updates for Multiple Products

Citrix Releases Security Updates for Multiple Products

  • Post author:
  • Post category:

An official website of the United States government Official websites use .gov A .gov website belongs to an official government organization in the United States. Secure .gov websites use HTTPS A lock (LockA locked padlock) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites. Cybersecurity &

Continue ReadingCitrix Releases Security Updates for Multiple Products
Read more about the article HTTP/2 Rapid Reset Vulnerability, CVE-2023-44487

HTTP/2 Rapid Reset Vulnerability, CVE-2023-44487

  • Post author:
  • Post category:

Researchers and vendors have disclosed a denial-of-service (DoS) vulnerability in HTTP/2 protocol. The vulnerability (CVE-2023-44487), known as Rapid Reset, has been exploited in the wild in August 2023 through October 2023. CISA recommends organizations that provide HTTP/2 services apply patches when available and consider configuration changes and other mitigations discussed in the references below. For

Continue ReadingHTTP/2 Rapid Reset Vulnerability, CVE-2023-44487
Read more about the article CISA Adds Five Known Vulnerabilities to Catalog

CISA Adds Five Known Vulnerabilities to Catalog

  • Post author:
  • Post category:

CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation: CVE-2023-21608 Adobe Acrobat and Reader Use-After-Free Vulnerability CVE-2023-20109 Cisco IOS and IOS XE Group Encrypted Transport VPN Out-of-Bounds Write Vulnerability CVE-2023-41763 Microsoft Skype for Business Privilege Escalation Vulnerability CVE-2023-36563 Microsoft WordPad Information Disclosure Vulnerability CVE-2023-44487 HTTP/2 Rapid Reset Attack Vulnerability These types of

Continue ReadingCISA Adds Five Known Vulnerabilities to Catalog