Security News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added six security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. This...

The Known Exploited Vulnerabilities catalog, or KEV for short, contains security issues that have been actively exploited in the wild. CISA has given federal agencies until January 29 to patch the six actively exploited flaws or stop using the vulnerable products.

The U.S. Cybersecurity and Infrastructure Security Agency has added two vulnerabilities to the Known Exploited Vulnerabilities catalog, a recently patched flaw in Google Chrome and a bug affecting an open-source Perl library for reading information in an Excel file called Spreadsheet::ParseExcel. Spreadsheet::ParseExcel RCE. The first issue that CISA added to its Known Exploited Vulnerabilities is CVE-2023-7101, a remote code execution vulnerability that affects versions 0.65 and older of the Spreadsheet::ParseExcel library.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is urging manufacturers to get rid of default passwords on internet-exposed systems altogether, citing severe risks that could be...

Today, the U.S. Cybersecurity and Infrastructure Security Agency urged technology manufacturers to stop providing software and devices with default passwords. "This SbD Alert urges technology manufacturers to proactively eliminate the risk of default password exploitation," CISA said, by taking "Ownership of customer security outcomes" and building "Organizational structure and leadership to achieve these goals."

CISA and partner cybersecurity agencies and intelligence services warned that the APT29 hacking group linked to Russia's Foreign Intelligence Service has been targeting unpatched TeamCity servers in widespread attacks since September 2023. Security researchers at nonprofit internet security outfit Shadowserver Foundation are tracking almost 800 unpatched TeamCity servers that are vulnerable to attacks.

A security vulnerability previously added to CISA's Known Exploited Vulnerability catalog, which was recognized by CVE Numbering Authorities, and included in reputable threat reports is now being formally rejected by infosec organizations. CISA removed CVE-2022-28958 from its KEV on December 1, two days after the National Vulnerability Database revoked its "Vulnerability" status following a months-long review.

Unknown attackers have leveraged a critical vulnerability in the Adobe ColdFusion application development platform to access government servers, the Cybersecurity and Infrastructure Security Agency has shared. Adobe disclosed and fixed the flaw in mid-March 2023, and said that it was "Aware that CVE-2023-26360 has been exploited in the wild in very limited attacks".

CISA has released details about a federal agency that recently had at least two public-facing servers compromised by attackers exploiting a critical Adobe ColdFusion vulnerability. In a Tuesday advisory, CISA revealed the federal civilian executive branch in question was successfully attacked in June and into July, meaning the vulnerability went unpatched for more than three months after CISA's deadline.

News that Iran-affiliated attackers have taken over a programmable logic controller at a water system facility in Pennsylvania has been followed by a public alert urging other water authorities to immediately secure their own PLCs. "The cyber threat actors likely accessed the affected device-a Unitronics Vision Series PLC with a Human Machine Interface-by exploiting cybersecurity weaknesses, including poor password security and exposure to the internet," the Cybersecurity and Infrastructure Security Agency noted. Finally, CISA says, organizations should back up the logic and configurations on any Unitronics PLCs, so that "In the event of being hit by ransomware", they can quickly reset the devices and restore the configurations.