CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-38226 Microsoft Publisher Security Feature Bypass Vulnerability CVE-2024-43491 Microsoft Windows Update Remote Code Execution Vulnerability CVE-2024-38014 Microsoft Windows Installer Privilege
Continue ReadingCategory: Dynamic Threat Feeds
Insights on Cyber Threats Targeting Users and Enterprises in Mexico
Written by: Aurora Blum, Kelli Vanderlee Like many countries across the globe, Mexico faces a cyber threat landscape made up of a complex interplay of global and local threats, with threat actors carrying out attempted intrusions
Continue ReadingMicrosoft September 2024 Patch Tuesday, (Tue, Sep 10th)
Today, Microsoft released its scheduled September set of patches. This update addresses 79 different vulnerabilities. Seven of these vulnerabilities are rated critical. Four vulnerabilities are already being exploited and have been made public. Noteworthy Vulnerabilities: CVE-2024-43491:
Continue ReadingIvanti Releases Security Updates for Endpoint Manager, Cloud Service Application, and Workspace Control
Ivanti released security updates to address multiple vulnerabilities in Ivanti Endpoint Manager, Cloud Service Application 4.6, and Workspace Control. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA
Continue ReadinginiNet Solutions SpiderControl SCADA Web Server
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: iniNet Solutions GmbH Equipment: SpiderControl SCADA Web Server Vulnerabilities: Unrestricted Upload of File with Dangerous Type 2. RISK EVALUATION Successful exploitation of
Continue ReadingCISA Releases Four Industrial Control Systems Advisories
CISA released four Industrial Control Systems (ICS) advisory on September 10, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-254-01 Viessmann Climate Solutions SE Vitogate 300 ICSA-24-254-02 iniNet Solutions
Continue ReadingViessmann Climate Solutions SE Vitogate 300
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Viessmann Climate Solutions SE Equipment: Vitogate 300 Vulnerabilities: Use of Hard-coded Credentials, Forced Browsing, Command Injection 2. RISK EVALUATION
Continue ReadingBPL Medical Technologies PWS-01-BT and BPL Be Well Android Application
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.1 ATTENTION: Low attack complexity/public exploits are available Vendor: BPL Medical Technologies Equipment: PWS-01-BT, Be Well Android App Vulnerability: Cleartext Transmission of Sensitive Information 2. RISK EVALUATION Successful exploitation
Continue ReadingRockwell Automation SequenceManager
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: SequenceManager Vulnerabilities: Unquoted Search Path or Element 2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause a denial-of-service
Continue ReadingCitrix Releases Security Updates for Citrix Workspace App for Windows
Citrix released security updates to address multiple vulnerabilities in the Citrix Workspace App for Windows. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and
Continue Reading