Guidance

Read more about the article CISA, U.S. and International Partners Announce Updated Secure by Design Principles Joint Guide

CISA, U.S. and International Partners Announce Updated Secure by Design Principles Joint Guide

  • Post author:
  • Post category:

October 16, 2023,WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA), along with 17 U.S. and international partners, published an update to “Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Secure by Design Software” that includes further detail on key principles, guidance, and is co-sealed by eight additional international cybersecurity agencies. CISA Director

Continue ReadingCISA, U.S. and International Partners Announce Updated Secure by Design Principles Joint Guide
Read more about the article CISA Adds One Known Exploited Vulnerability to Catalog

CISA Adds One Known Exploited Vulnerability to Catalog

  • Post author:
  • Post category:

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-20198 Cisco IOS XE Web UI Privilege Escalation Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view other newly added vulnerabilities in the catalog, click on

Continue ReadingCISA Adds One Known Exploited Vulnerability to Catalog
Read more about the article Cisco Releases Security Advisory for IOS XE Software Web UI

Cisco Releases Security Advisory for IOS XE Software Web UI

  • Post author:
  • Post category:

Cisco released a security advisory to address a vulnerability (CVE-2023-20198) affecting IOS XE Software Web UI. A cyber threat actor can exploit this vulnerability to take control of an affected device. CISA encourages users and administrators to review the Cisco security advisory, apply the necessary recommendations, hunt for any malicious activity and report any positive

Continue ReadingCisco Releases Security Advisory for IOS XE Software Web UI
Read more about the article CISA, FBI, and MS-ISAC Release Joint Advisory on Atlassian Confluence Vulnerability CVE-2023-22515

CISA, FBI, and MS-ISAC Release Joint Advisory on Atlassian Confluence Vulnerability CVE-2023-22515

  • Post author:
  • Post category:

Today, CISA, the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint Cybersecurity Advisory (CSA) in response to the active exploitation of CVE-2023-22515. This critical vulnerability affects certain versions of Atlassian Confluence Data Center and Server, enabling malicious threat actors to obtain initial access to Confluence instances

Continue ReadingCISA, FBI, and MS-ISAC Release Joint Advisory on Atlassian Confluence Vulnerability CVE-2023-22515
Read more about the article Threat Actors Exploit Atlassian Confluence CVE-2023-22515 for Initial Access to Networks

Threat Actors Exploit Atlassian Confluence CVE-2023-22515 for Initial Access to Networks

  • Post author:
  • Post category:

SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing this joint Cybersecurity Advisory (CSA) in response to the active exploitation of CVE-2023-22515. This recently disclosed vulnerability affects certain versions of Atlassian Confluence Data Center and Server, enabling malicious cyber threat actors

Continue ReadingThreat Actors Exploit Atlassian Confluence CVE-2023-22515 for Initial Access to Networks