-
VMware Releases Advisory for VMware Tools Vulnerabilities
VMware released a security advisory addressing multiple vulnerabilities (CVE-2023-34057, CVE-2023-34058) in VMware Tools. A cyber actor could exploit one of these vulnerabilities to take control of an affected system. CISA…
-
VMSA-2023-0023
Critical Advisory ID: VMSA-2023-0023 CVSSv3 Range: 4.3-9.8 Issue Date: 2023-10-25 Updated On: 2023-10-25 (Initial Advisory) CVE(s): CVE-2023-34048, CVE-2023-34056 Synopsis: VMware vCenter Server updates address out-of-bounds write and information disclosure vulnerabilities…
-
NVD – CVE-2023-41715
CVE-2023-41715 Detail Description SonicOS post-authentication Improper Privilege Management vulnerability in the SonicOS SSL VPN Tunnel allows users to elevate their privileges inside the tunnel. Severity…
-
Threat Actors Exploit Atlassian Confluence CVE-2023-22515 for Initial Access to Networks
SUMMARY The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing this joint Cybersecurity Advisory (CSA) in response…
-
CISA Releases New Resources Identifying Known Exploited Vulnerabilities and Misconfigurations Linked to Ransomware
Today, as part of the Ransomware Vulnerability Warning Pilot (RVWP), CISA launched two new resources for combating ransomware campaigns: A Known to be Used in Ransomware Campaigns column in the…
-
#StopRansomware: AvosLocker Ransomware (Update) | CISA
SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These…
-
A Vulnerability in Apple Products Could Allow for Privilege Escalation
Apply the stable channel update provided by Apple to vulnerable systems immediately after appropriate testing. (M1051: Update Software)o Safeguard 7.1 : Establish and Maintain a Vulnerability Management Process: Establish and…
-
Enhanced Monitoring to Detect APT Activity Targeting Outlook Online
SUMMARY In June 2023, a Federal Civilian Executive Branch (FCEB) agency identified suspicious activity in their Microsoft 365 (M365) cloud environment. The agency reported the activity to Microsoft and the…
-
NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations
A plea for network defenders and software manufacturers to fix common problems. EXECUTIVE SUMMARY The National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint…
