CISA released four Industrial Control Systems (ICS) advisories on July 23, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-205-01 National Instruments IO Trace ICSA-24-205-02 Hitachi Energy AFS/AFR Series
Continue ReadingMonth: July 2024
National Instruments IO Trace
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: National Instruments Equipment: IO Trace Vulnerability: Stack-Based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local attacker to
Continue ReadingNational Instruments LabVIEW
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: National Instruments Equipment: LabVIEW Vulnerabilities: Out-of-Bounds Read, Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation
Continue ReadingCISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2012-4792 Microsoft Internet Explorer Use-After-Free Vulnerability CVE-2024-39891 Twilio Authy Information Disclosure Vulnerability These types of vulnerabilities are frequent attack
Continue ReadingHitachi Energy AFS/AFR Series Products
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: AFS650, AFS660, AFS665, AFS670, AFS675, AFS677, AFR677 Vulnerabilities: Type Confusion, Use After Free, Double Free, Observable Discrepancy 2. RISK
Continue ReadingISC Stormcast For Tuesday, July 23rd, 2024 https://isc.sans.edu/podcastdetail/9064, (Tue, Jul 23rd)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue ReadingCrowdStrike: The Monday After, (Mon, Jul 22nd)
Last Friday, after Crowdstrike released a bad sensor configuration update that caused widespread crashes of Windows systems. The most visible effects of these crashes appear to have been mitigated. I am sure many IT workers had
Continue ReadingISC Stormcast For Monday, July 22nd, 2024 https://isc.sans.edu/podcastdetail/9062, (Mon, Jul 22nd)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue ReadingWidespread IT Outage Due to CrowdStrike Update
Note: CISA will update this Alert with more information as it becomes available. As of 1130am EDT July 19, 2024: CISA is aware of the widespread outage affecting Microsoft Windows hosts due to an issue with
Continue ReadingWidespread Windows Crashes Due to Crowdstrike Updates, (Fri, Jul 19th)
Last night, endpoint security company Crowdstrike released an update that is causing widespread "blue screens of death" (BSOD) on Windows systems. Crowdstrike released an advisory, which is only available after logging into the Crowdstrike support platform.
Continue Reading