Read more about the article CISA Adds Five Known Exploited Vulnerabilities to Catalog

CISA Adds Five Known Exploited Vulnerabilities to Catalog

  • Post author:
  • Post category:

CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-27348 Apache HugeGraph-Server Improper Access Control Vulnerability CVE-2020-0618 Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability CVE-2019-1069 Microsoft Windows Task Scheduler Privilege Escalation Vulnerability CVE-2022-21445 Oracle JDeveloper Remote Code Execution Vulnerability CVE-2020-14644 Oracle WebLogic Server Remote Code Execution

Continue ReadingCISA Adds Five Known Exploited Vulnerabilities to Catalog
Read more about the article Apple Releases Security Updates for Multiple Products

Apple Releases Security Updates for Multiple Products

  • Post author:
  • Post category:

An official website of the United States government Official websites use .gov A .gov website belongs to an official government organization in the United States. Secure .gov websites use HTTPS A lock ( Lock A locked padlock ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure

Continue ReadingApple Releases Security Updates for Multiple Products
Read more about the article CISA Adds Four Known Exploited Vulnerabilities to Catalog

CISA Adds Four Known Exploited Vulnerabilities to Catalog

  • Post author:
  • Post category:

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2014-0497 Adobe Flash Player Integer Underflow Vulnerability CVE-2013-0643 Adobe Flash Player Incorrect Default Permissions Vulnerability CVE-2013-0648 Adobe Flash Player Code Execution Vulnerability CVE-2014-0502 Adobe Flash Player Double Free Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors

Continue ReadingCISA Adds Four Known Exploited Vulnerabilities to Catalog
Read more about the article CISA and FBI Release Secure by Design Alert on Eliminating Cross-Site Scripting Vulnerabilities

CISA and FBI Release Secure by Design Alert on Eliminating Cross-Site Scripting Vulnerabilities

Today, CISA and FBI released a Secure by Design Alert, Eliminating Cross-Site Scripting Vulnerabilities, as a part of our ongoing effort to reduce the prevalence of vulnerability classes at scale. Vulnerabilities like cross-site scripting (XSS) continue to appear in software, enabling threat actors to exploit them. However, cross-site scripting vulnerabilities are preventable and should not

Continue ReadingCISA and FBI Release Secure by Design Alert on Eliminating Cross-Site Scripting Vulnerabilities
Read more about the article CISA Releases Three Industrial Control Systems Advisories

CISA Releases Three Industrial Control Systems Advisories

CISA released three Industrial Control Systems (ICS) advisories on September 17, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-261-01 Siemens SIMATIC S7-200 SMART Devices ICSA-24-261-02 Millbeck Communications Proroute H685t-w ICSA-24-261-03 Yokogawa Dual-redundant Platform for Computer (PC2CKM) CISA encourages users and administrators to review newly released ICS advisories

Continue ReadingCISA Releases Three Industrial Control Systems Advisories