Author: Nabil Anine

MS-ISAC NOTICE NUMBER: 2024-120 ISSUE DATE(S): 10/23/2024 PREVIEW: A vulnerability has been discovered in Fortinet FortiManager that could allow remote code execution. FortiManager is a network management and security tool that enables centralized management of Fortinet devices from a single console. Successful exploitation of the most severe of these vulnerabilities could allow remote code execution…

Continue Reading

CISA released seven advisories on industrial control systems (ICS) on October 17, 2024. These advisories provide timely information on current security issues, vulnerabilities, and exploits regarding ICS. CISA encourages users and administrators to review recently published ICS advisories for technical details and mitigation measures.

Continue Reading

MS-ISAC NOTICE NUMBER: 2024-115 ISSUE DATE(S): 10/10/2024 PREVIEW: A vulnerability has been discovered in Mozilla Firefox that could allow arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet. Successful exploitation could allow execution of arbitrary code. Depending on the privileges associated with the user, an attacker could then install programs;…

Continue Reading

CISA has added three new vulnerabilities to its catalog of known exploited vulnerabilities, based on evidence of active exploitation. CVE-2024-23113 Format string vulnerability of several Fortinet products CVE-2024-9379 Ivanti Cloud Services Appliance (CSA) SQL Injection Vulnerability CVE-2024-9380 Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability These types of vulnerabilities are frequent attack vectors for…

Continue Reading

MS-ISAC NOTICE NUMBER: 2024-109 ISSUE DATE(S): 02/10/2024 PREVIEW: Several vulnerabilities have been discovered in Google Chrome, the most serious of which could allow the execution of arbitrary code. Successful exploitation of the most severe of these vulnerabilities could allow execution of arbitrary code in the context of the logged in user. Depending on the privileges…

Continue Reading

Summary The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), the Communications Security Establishment Canada (CSE), the Australian Federal Police (AFP), and Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) are releasing this joint Cybersecurity Advisory to warn network defenders of Iranian cyber actors use…

Continue Reading

CISA has added four new vulnerabilities to its catalog of known exploited vulnerabilities, based on evidence of active exploitation. CVE-2023-25280 D-Link DIR-820 Router OS Command Injection Vulnerability CVE-2020-15415 Vigor DrayTek Multiple Router OS Command Injection Vulnerability CVE-2021-4043 GPAC Motion Spell Null Pointer Dereference Vulnerability CVE-2019-0344 SAP Commerce Cloud Deserialization of Untrusted Data Vulnerability These types…

Continue Reading

MS-ISAC NOTICE NUMBER: 2024-106 ISSUE DATE(S): 09/27/2024 PREVIEW: Several vulnerabilities have been discovered in PHP, the most serious of which could allow remote code execution. PHP is a programming language originally designed for use in web applications with HTML content. Successful exploitation could enable remote code execution in the context of the affected service account.…

Continue Reading

CISA has added a new vulnerability to its catalog of known exploited vulnerabilities, based on evidence of active exploitation. CVE-2024-8963 Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerability These types of vulnerabilities are common attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reduce Significant…

Continue Reading