Category: www.cisa.gov

CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation: CVE-2023-21608 Adobe Acrobat and Reader Use-After-Free Vulnerability CVE-2023-20109 Cisco IOS and IOS XE Group Encrypted Transport VPN Out-of-Bounds Write Vulnerability CVE-2023-41763 Microsoft Skype for Business Privilege…

Read more →

  High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info acronis — agent Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 29051.…

Read more →

Researchers and vendors have disclosed a denial-of-service (DoS) vulnerability in HTTP/2 protocol. The vulnerability (CVE-2023-44487), known as Rapid Reset, has been exploited in the wild in August 2023 through October 2023. CISA recommends organizations that provide HTTP/2 services apply patches…

Read more →

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from www.cisa.gov Read the original article: CISA, Government, and Industry Partners Publish Fact Sheet for Organizations Using Open…

Read more →

Today, CISA, the Federal Bureau of Investigation, the National Security Agency, and the U.S. Department of the Treasury released guidance on improving the security of open source software (OSS) in operational technology (OT) and industrial control systems (ICS). In alignment…

Read more →

CISA released one Industrial Control Systems (ICS) advisory on August 29, 2023. This advisory provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS.  ICSA-19-029-02 Mitsubishi Electric MELSEC-Q Series PLCs CISA (Update A) CISA encourages users and administrators…

Read more →