There are 849 posts tagged cybersecurity (this is page 55 of 85).
VMware released a security advisory to address multiple vulnerabilities in ESXi, Workstation, Fusion, and Cloud Foundation. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review the following VMware security advisory and apply the necessary updates:
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code.
The following Delta Electronics products are affected:
Delta Electronics CNCSoft-B versions 1.0.0.4 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code.
CVE-2024-1941 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).
Natnael Samson (@NattiSamson) working with Trend Micro Zero Day Initiative reported this vulnerability to CISA.
Delta recommends users update to CNCSoft-B V 1.0.0.4 with Issue Date 2024-01-23 or later.
CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely.
Today, CISA and the following partners released joint Cybersecurity Advisory Threat Actors Exploit Multiple Vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways:
The advisory describes cyber threat actor exploitation of multiple previously identified Connect Secure and Policy Secure vulnerabilities—namely CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893—which threat actors can exploit in a chain to bypass authentication, craft malicious requests, and execute arbitrary commands with elevated privileges. Additionally, the advisory describes two key CISA findings:
The advisory provides cyber defenders with detection methods and indicators of compromise (IOCs) as well as mitigation guidance to defend against this activity. Note: As exploitation is ongoing as of publication of this advisory, CISA will provide updates to the Additional Resources list below as they are made available.
CISA and its partners urge cyber defenders to review this advisory and consider the significant risk of cyber threat actor access to, and persistence on Connect Secure and Policy Secure gateways when determining whether to continue operating these devices in an enterprise environment.
Additional Resources
Cisco released security advisories to address vulnerabilities affecting Cisco NX-OS Software. A cyber threat actor could exploit one of these vulnerabilities to cause a denial-of-service condition.
CISA encourages users and administrators to review the following advisories and apply the necessary updates:
Cisco NX-OS Software MPLS Encapsulated IPv6 Denial of Service Vulnerability
Cisco NX-OS Software External Border Gateway Protocol Denial of Service Vulnerability
Today, CISA, the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint Cybersecurity Advisory (CSA), #StopRansomware: Phobos Ransomware, to disseminate known tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs), which are from incident response investigations tied to Phobos ransomware activity from as recently as February, 2024.
Structured as a ransomware as a service (RaaS) model, Phobos ransomware actors have targeted entities including municipal and county governments, emergency services, education, public healthcare, and critical infrastructure to successfully ransom several million in U.S. dollars.
CISA, the FBI, and MS-ISAC encourage critical infrastructure organizations to review and implement the mitigations provided in the joint CSA to reduce the likelihood and impact of Phobos ransomware and other ransomware incidents. For more information, see CISA’s #StopRansomware webpage and the updated #StopRansomware Guide.
Today, CISA released a Resource Guide for Cybersecurity Clinics to outline ways CISA can partner with and support cybersecurity clinics and their clients.
University cybersecurity clinics train students from diverse backgrounds and academic expertise to strengthen the digital defenses of non-profits, hospitals, municipalities, small businesses, and other under-resourced organizations. They can help address the national cyber workforce gap by developing a talent pipeline for cyber civil defense and helping students see themselves in a cybersecurity career.
CISA encourages clinics to engage with CISA and leverage the CISA resources outlined in the guide. CISA also encourages more universities to consider starting their own cybersecurity clinics as they play an important role in strengthening the cybersecurity posture of small organizations at the local level.
