Dynamic Threat Feeds - Cyber GRC Hive

CISA Adds One Known Exploited Vulnerability to Catalog

February 21, 2025 Anowar Hossain Rana

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-24989 Microsoft Power Pages Improper Access Control Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber

ISC Stormcast For Friday, February 21st, 2025 https://isc.sans.edu/podcastdetail/9334, (Fri, Feb 21st)

February 21, 2025 Anowar Hossain Rana

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Tool update: sigs.py – added check mode, (Fri, Feb 21st)

February 21, 2025 Anowar Hossain Rana

Over the years, I've written a number of scripts to make my life easier. One of those tools was sigs.py (which was a rewrite of an old perl script sigs.pl) to hash files. I wanted something

CISA Adds Two Known Exploited Vulnerabilities to Catalog

February 20, 2025 Anowar Hossain Rana

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-23209 Craft CMS Code Injection Vulnerability CVE-2025-0111 Palo Alto Networks PAN-OS File Read Vulnerability These types of vulnerabilities are frequent attack

CISA Releases Eight Industrial Control Systems Advisories

February 20, 2025 Anowar Hossain Rana

CISA released eight Industrial Control Systems (ICS) advisories on February 20, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-051-01 ABB ASPECT-Enterprise, NEXUS, and MATRIX Series ICSA-25-051-02 ABB FLXEON

Rapid Response Monitoring My Security Account App

February 20, 2025 Anowar Hossain Rana

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rapid Response Monitoring Equipment: My Security Account App Vulnerability: Authorization Bypass Through User-Controlled Key 2. RISK EVALUATION Successful exploitation of this vulnerability

Siemens SiPass Integrated

February 20, 2025 Anowar Hossain Rana

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories

Carrier Block Load

February 20, 2025 Anowar Hossain Rana

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Carrier Equipment: Block Load Vulnerability: Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a malicious actor

Elseta Vinci Protocol Analyzer

February 20, 2025 Anowar Hossain Rana

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Elseta Equipment: Vinci Protocol Analyzer Vulnerability: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') 2. RISK EVALUATION

Medixant RadiAnt DICOM Viewer

February 20, 2025 Anowar Hossain Rana

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.7 ATTENTION: Low attack complexity Vendor: Medixant Equipment: RadiAnt DICOM Viewer Vulnerability: Improper Certificate Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform

Category: Dynamic Threat Feeds

CISA Adds One Known Exploited Vulnerability to Catalog

ISC Stormcast For Friday, February 21st, 2025 https://isc.sans.edu/podcastdetail/9334, (Fri, Feb 21st)

Tool update: sigs.py – added check mode, (Fri, Feb 21st)

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA Releases Eight Industrial Control Systems Advisories

Rapid Response Monitoring My Security Account App

Siemens SiPass Integrated

Carrier Block Load

Elseta Vinci Protocol Analyzer

Medixant RadiAnt DICOM Viewer

Need Cybersecurity & GRC Services?

Company

Contact Us

Need Cybersecurity & GRC Services?

Company

Contact Us

Get A Quote