Security News

CISA warned today that a patched kernel security flaw affecting Apple iPhones, Macs, TVs, and watches is now being actively exploited in attacks. Tracked as CVE-2022-48618 and discovered by Apple's security researchers, the bug was only disclosed on January 9th in an update to a security advisory published in December 2022.

CISA has urged manufacturers of small office/home office routers to ensure their devices' security against ongoing attacks attempting to hijack them, especially those coordinated by Chinese state-backed hacking group Volt Typhoon. Threat actors are compromising many such devices, taking advantage of the sheer numbers of SOHO routers used by Americans and using them as launchpads in attacks targeting U.S. critical infrastructure organizations.

CISA Director Jen Easterly has confirmed she was the subject of a swatting attempt on December 30 after a bogus report of a shooting at her home. One of the most troubling trends we have seen in recent years has been the harassment of public officials across the political spectrum, including extreme incidents involving swatting and direct personal threats.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday issued an emergency directive urging Federal Civilian Executive Branch (FCEB) agencies to implement mitigations against...

CISA issued this year's first emergency directive ordering Federal Civilian Executive Branch agencies to immediately mitigate two Ivanti Connect Secure and Ivanti Policy Secure zero-day flaws in response to widespread and active exploitation by multiple threat actors.As instructed by emergency directive ED 24-01, federal agencies now must promptly implement Ivanti's publicly disclosed mitigation measures to block attack attempts.

A previously patched critical vulnerability affecting Ivanti Endpoint Manager Mobile and MobileIron Core is being actively exploited, the Cybersecurity and Infrastructure Security Agency has confirmed by adding the vulnerability to its Known Exploited Vulnerabilities Catalog. It is not known whether the vulnerability is being exploited by ransomware groups, and CISA does not publish specific information about attacks in which the vulnerabilities in the KEV catalog are exploited.

CISA warns that a critical authentication bypass vulnerability in Ivanti's Endpoint Manager Mobile and MobileIron Core device management software is now under active exploitation. While it has yet to provide further details on CVE-2023-35082 active exploitation, CISA added the vulnerability to its Known Exploited Vulnerabilities Catalog based on evidence of active exploitation and says there's no evidence of abuse in ransomware attacks.

Today, CISA ordered U.S. federal agencies to secure their systems against three recently patched Citrix NetScaler and Google Chrome zero-days actively exploited in attacks, pushing for a Citrix RCE bug to be patched within a week. Citrix urged customers on Tuesday to immediately patch Internet-exposed Netscaler ADC and Gateway appliances against the CVE-2023-6548 code injection vulnerability and the CVE-2023-6549 buffer overflow impacting the Netscaler management interface that could be exploited for remote code execution and denial-of-service attacks, respectively.

CISA warns that attackers are now exploiting a critical Microsoft SharePoint privilege escalation vulnerability that can be chained with another critical bug for remote code execution. This Microsoft SharePoint Server exploit chain was successfully demoed by STAR Labs researcher Jang during last year's March 2023 Pwn2Own contest in Vancouver, earning a $100,000 reward.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security vulnerability impacting Microsoft SharePoint Server to its Known Exploited Vulnerabilities (KEV)...