Menu
CIS Security Advisories
CIS Security News
CISA News
ISACA SmartBrief
Cyber Security Advisories – MS-ISAC
- Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution 2024-10-02Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; […]
- A Vulnerability in Zimbra Collaboration Could Allow for Remote Code Execution 2024-10-02A vulnerability has been discovered in Zimbra Collaboration which could allow for remote code execution. Zimbra is a collaborative software suite that includes an email server and a web client. Successful exploitation of this vulnerability could allow for remote code execution in the context of the Zimbra user. Depending on the privileges associated with the […]
- Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution 2024-10-01Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet. Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations.Mozilla Thunderbird is an email client. Successful exploitation of […]
- Multiple Vulnerabilities in PHP Could Allow for Remote Code Execution 2024-09-27Multiple vulnerabilities have been discovered in PHP, the most severe of which could allow for remote code execution. PHP is a programming language originally designed for use in web-based applications with HTML content. Successful exploitation could allow for remote code execution in the context of the affected service account. Depending on the privileges associated with […]
- Multiple Vulnerabilities in Foxit PDF Reader and Editor Could Allow for Arbitrary Code Execution 2024-09-27Multiple vulnerabilities have been discovered in Foxit PDF Reader and Editor, the most severe of which could result in arbitrary code execution. Foxit PDF Reader is a multilingual freemium PDF tool that can create, view, edit, digitally sign, and print PDF files. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary […]
- Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution 2024-09-26Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install […]
- Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution 2024-09-26Multiple vulnerabilities have been discovered in Apple products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install […]
- Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution 2024-09-26Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install […]
- Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution 2024-09-26Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution.Adobe is a software that is used for creating and publishing a wide variety of contents including graphics, photography, illustration, animation, multimedia, motion pictures and print. Successful exploitation of the most severe of these vulnerabilities could allow […]
- Multiple Vulnerabilities in Ivanti Products Could Allow for Remote Code Execution 2024-09-26Multiple vulnerabilities have been discovered in Ivanti products, the most severe of which could allow for remote code execution. Ivanti Endpoint Manager is a client-based unified endpoint management software.Ivanti Cloud Service Appliance (CSA) is an Internet appliance that provides secure communication and functionality over the Internet.Ivanti Workspace Control (IWC) is a Windows desktop configuration and […]
Blog Feed – Center for Internet Security
- CIS Benchmarks Community Volunteer Spotlight: Rick Handley 2024-09-25Learn about CIS Benchmarks Community Volunteer Rick Handley. Handley has been a Community Member for 10 years and has a background in Microsoft 365 security.
- CIS Controls Community Volunteer Spotlight: Shane Markley 2024-09-23Members of the CIS Controls Community volunteer their expertise and time for the greater good of cybersecurity. Shane Markley shares how he plays his part.
- CIS Hardened Images: Reconciling Cloud Security and Services 2024-09-16Don't want cloud security to limit performance or availability? Learn how we've been testing CIS Hardened Images with cloud services to support your needs!
- 8 Security Essentials for Managing Your Online Presence 2024-09-13
- How to Integrate CSPM into Your Clients’ IaaS Strategy 2024-09-12Want to protect your clients against breaches in the cloud? Learn how the CIS Hardened Images can help your clients take a comprehensive approach to CSPM.
- Building a Reasonable Cyber Defense Program 2024-09-11Looking to build a reasonable cyber defense program? Here are seven policy elements you can incorporate into your program with the help of CIS SecureSuite®.
- CIS Benchmarks September 2024 Update 2024-09-10Here is an overview of the CIS Benchmarks that the Center for Internet Security updated or released for September 2024.
- The Chinese Communist Party (CCP): A Quest for Data Control 2024-08-14We assess apps owned by the People’s Republic of China (PRC) and the potential threat posed to users. Does the PRC leverage these apps for data collection and influence operations?
- Top 10 Malware Q2 2024 2024-08-09Both ZPHP and DarkGate made their first appearance in the Top 10 Malware list for Q2 2024. Here's what else the CIS Cyber Threat Intelligence team observed.
- CIS Benchmarks August 2024 Update 2024-08-02Here is an overview of the CIS Benchmarks that the Center for Internet Security updated or released for August 2024.
ICS Advisories
- Subnet Solutions Inc. PowerSYSTEM Center 2024-10-03View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Subnet Solutions Inc. Equipment: PowerSYSTEM Center Vulnerabilities: Server-Side Request Forgery (SSRF), Inefficient Regular Expression Complexity, Cross-Site Request Forgery (CSRF) 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in an attacker bypassing a proxy, creating a denial-of-service condition, or viewing […]CISA
- TEM Opera Plus FM Family Transmitter 2024-10-03View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: TEM Equipment: Opera Plus FM Family Transmitter Vulnerabilities: Missing Authentication for Critical Function, Cross-Site Request Forgery (CSRF) 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to perform remote code execution. 3. TECHNICAL DETAILS 3.1 […]CISA
- Delta Electronics DIAEnergie 2024-10-03View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Delta Electronics Equipment: DIAEnergie Vulnerabilities: SQL Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to retrieve records or cause a denial of service. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Delta Electronics DIAEnergie, […]CISA
- Optigo Networks ONS-S8 Spectra Aggregation Switch 2024-10-01View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Optigo Networks Equipment: ONS-S8 - Spectra Aggregation Switch Vulnerabilities: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion'), Weak Authentication 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to achieve remote code […]CISA
- Mitsubishi Electric MELSEC iQ-F FX5-OPC 2024-10-01View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC iQ-F FX5-OPC Vulnerability: NULL Pointer Dereference 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to cause a Denial-of-Service (DoS) condition on the product by getting a legitimate user to import a specially […]CISA
- Atelmo Atemio AM 520 HD Full HD Satellite Receiver 2024-09-26View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Atelmo Equipment: Atemio AM 520 HD Full HD Satellite Receiver Vulnerability: OS Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthorized attacker to execute system commands with elevated privileges. 3. TECHNICAL DETAILS 3.1 […]CISA
- goTenna Pro ATAK Plugin 2024-09-26View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: Low attack complexity Vendor: goTenna Equipment: Pro ATAK Plugin Vulnerabilities: Weak Password Requirements, Insecure Storage of Sensitive Information, Missing Support for Integrity Check, Cleartext Transmission of Sensitive Information, Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG), Weak Authentication, Insertion of Sensitive Information Into Sent Data, Observable […]CISA
- Advantech ADAM-5630 2024-09-26View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Advantech Equipment: ADAM-5630 Vulnerabilities: Use of Persistent Cookies Containing Sensitive Information 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to hijack a legitimate user's session, perform cross-site request forgery, or cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 […]CISA
- goTenna Pro X and Pro X2 2024-09-26View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Low attack complexity Vendor: goTenna Equipment: Pro series Vulnerabilities: Weak Password Requirements, Insecure Storage of Sensitive Information, Missing Support for Integrity Check, Cleartext Transmission of Sensitive Information, Improper Restriction of Communication Channel to Intended Endpoints, Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG), Weak Authentication, Insertion […]CISA
- Advantech ADAM-5550 2024-09-26View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Low attack complexity Vendor: Advantech Equipment: ADAM-5550 Vulnerabilities: Weak Encoding for Password, Cross-site Scripting 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a remote attacker to intercept the easily decodable credentials of a legitimate user to gain full access to the device and could […]CISA
ISACA SmartBrief on Cybersecurity
- Every director has at least 10 bad films in them. 2024-10-03Robert Rodriguez, filmmaker Hispanic Heritage Month is Sept. 15 to Oct. 15
- Poll result: The current state of cybersecurity 2024-10-03Sixty-six percent of respondents in ISACA's State of Cybersecurity report indicate their security roles being more stressful -More-
- The current state of cybersecurity 2024-10-03See how your answers compare to the responses of more than 1,800 cybersecurity professionals in ISACA’s new State of Cy
- Hackers expose TIAA client data 2024-10-03TIAA has reported a data breach that occurred last year, exposing data on approximately 9,000 customers. -More-
- Rural hospital CIO details AI, EHR standardization 2024-10-03Artesia General Hospital, a rural hospital with 16 affiliated clinics in New Mexico, completed an on-site data center at the -More-
- Survey reveals AI skills gap blamed on inadequate training 2024-10-03With AI expected to transform 92% of IT roles, a Skillsoft survey finds that 74% of employees hold employers accountable for -More-
- Experts: Complex recovery adding to cyberincident costs 2024-10-03The average insurance claim cost related to a cyberincident increased to $636,000 in 2022 from $211,000 in 2019, says Alyssa -More-
- Port strikes lead CIOs to value analytics, preparation 2024-10-03Chief information officers have a unique perspective on how to manage supply chain disruptions brought on by the strike-relat -More-
- Election system has robust security, top official says 2024-10-03Jen Easterly, head of the US Cybersecurity and Infrastructure Security Agency, says that state-sponsored hackers will not be -More-
- Continuous learning, culture among keys to success 2024-10-03A recent webinar with ISACA member Alex Holden offers tips for selecting a path in the cybersecurity industry. -More-