CISA
-
Blog
CISA proposes new security requirements to protect govt, personal data
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is proposing security requirements to prevent adversary states from accessing American’s personal data as well as government-related information. The requirements are aimed at entities that engage in restricted transactions that involve bulk U.S. sensitive personal data or U.S. government-related data, especially if the info is exposed to “countries of concern” or “covered persons.”…
Read More » -
Blog
CISA says critical Fortinet RCE flaw now exploited in attacks
Today, CISA revealed that attackers actively exploit a critical FortiOS remote code execution (RCE) vulnerability in the wild. The flaw (CVE-2024-23113) is caused by the fgfmd daemon accepting an externally controlled format string as an argument, which can let unauthenticated threat actors execute commands or arbitrary code on unpatched devices in low-complexity attacks that don’t require user interaction. As Fortinet…
Read More » -
Blog
CISA issues alert over two high-severity DrayTek vulnerabilities – here’s what you need to know
CISA has added three security flaws to its known exploited vulnerabilities (KEV) catalog, including two affecting DrayTek’s network equipment management software, VigorConnect. The third vulnerability added to the catalog affects Kingsoft’s popular WPS Office productivity suite. All three vulnerabilities were described as path traversal flaws, that allow attackers to read sensitive files they should not be able to access. The…
Read More » -
Blog
CISA warns critical SolarWinds RCE bug is exploited in attacks
Image: MidjourneyCISA warned on Thursday that attackers are exploiting a recently patched critical vulnerability in SolarWinds’ Web Help Desk solution for customer support. Web Help Desk (WHD) is IT help desk software widely used by large corporations, government agencies, and healthcare and education organizations worldwide to centralize, automate, and streamline help desk management tasks. Tracked as CVE-2024-28986, this Java deserialization…
Read More »