IS Security CERT Global
- CISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-8190 Ivanti Cloud Services Appliance OS Command Injection Vulnerability These types of vulnerabilities ... read more
- Ivanti Releases Security Update for Cloud Services ApplianceIvanti has released a security update addressing an OS command injection vulnerability (CVE-2024-8190) affecting Ivanti Cloud Services Appliance (CSA) 4.6 (all versions before patch 519). A cyber threat actor could ... read more
- CISA Releases Analysis of FY23 Risk and Vulnerability AssessmentsCISA has released an analysis and infographic detailing the findings from the 143 Risk and Vulnerability Assessments (RVAs) conducted across multiple critical infrastructure sectors in fiscal year 2023 (FY23). The ... read more
- Multiples vulnérabilités dans le noyau Linux d'Ubuntu (13 septembre 2024)De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à ... read more
- Multiples vulnérabilités dans Microsoft Edge (13 septembre 2024)De multiples vulnérabilités ont été découvertes dans Microsoft Edge. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur. ... read more
- Multiples vulnérabilités dans les produits IBM (13 septembre 2024)De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges ... read more
- Vulnérabilité dans Spring Framework (13 septembre 2024)Une vulnérabilité a été découverte dans Spring Framework. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données. ... read more
- Patch Tuesday: Retter 79 sårbarhederDet har været Patch Tuesday igen og det har affødt rettelse af 79 sårbarheder på tværs af Microsofts produkter: Kontor og kontorkomponenter; Azure; Dynamics Business Central; SQL Server; Windows Hyper-V; ... read more
- Multiples vulnérabilités dans le noyau Linux de SUSE (13 septembre 2024)De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité ... read more
- Multiples vulnérabilités dans le noyau Linux de Red Hat (13 septembre 2024)De multiples vulnérabilités ont été découvertes dans le noyau Linux de Red Hat. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la ... read more
- CISA Releases Four Industrial Control Systems AdvisoriesCISA released four Industrial Control Systems (ICS) advisory on September 10, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-254-01 Viessmann Climate Solutions ... read more
- Organismes de recherche et think tanks – État de la menace informatique (02 septembre 2024)Le secteur de la recherche et des *think tanks* couvre un périmètre large et hétéroclite. Celui-ci comprend des entités publiques et privées de toute nature, dont certaines peuvent être des ... read more
- DDoS-angreb rammer FrankrigBedst som man troede, at faren for cyberaktivistiske angreb mod Frankrig i forbindelse med De olympiske og paraolympiske lege var overstået, melder nye sig for de franske myndigheder. Årsagen finder ... read more
- Army Cyber Command welcomes new command sergeant majorFORT EISENHOWER, Ga. - Army Cyber Command (ARCYBER) conducted a change of responsibility ceremony as outgoing Command Sgt. Maj. (CSM) Jack Nichols passe ... read more
- Regional Cyber Center – CONUS designated elite and Army’s 2024 RCC of the YearFORT HUACHUCA, AZ – As one of the last acts of exceptionalism before becoming The Global Cyber Center, the Regional Cyber Center – CONUS (RCC-C) was hon ... read more
- Best Practices and Lessons Learned in Standing Up an AISIRTIn the wake of widespread adoption of artificial intelligence (AI) in critical infrastructure, education, government, and national security entities, adversaries are working to disrupt these systems and attack AI-enabled assets. ... read more
- Generative AI and Software Engineering EducationEducators have had to adapt to rapid developments in generative AI to provide a realistic perspective to their students. In this post, experts discuss generative AI and software engineering education. ... read more
- CISA Adds Three Known Exploited Vulnerabilities to CatalogCISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2016-3714 ImageMagick Improper Input Validation Vulnerability CVE-2017-1000253 Linux Kernel PIE Stack Buffer Corruption ... read more
- Kritisk sårbarhet i SonicWallSonicWall har åtgärdat en sårbarhet i SonicOS. Säkerhetsbristen kan påverka både brandväggsfunktion och SSLVPN. Ett framgångsrikt utnyttjande av sårbarheten kan leda till otillbörlig åtkomst samt till att enheter otillgängliggörs.[1] ... read more
- Multiples vulnérabilités dans les produits Qnap (09 septembre 2024)De multiples vulnérabilités ont été découvertes dans les produits Qnap. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la ... read more
- Multiples vulnérabilités dans les produits Mozilla (09 septembre 2024)De multiples vulnérabilités ont été découvertes dans les produits Mozilla. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service ... read more
- Bulletin d'actualité CERTFR-2024-ACT-040 (09 septembre 2024)Ce bulletin d’actualité du CERT-FR revient sur les vulnérabilités significatives de la semaine passée pour souligner leurs criticités. Il ne remplace pas l’analyse de l’ensemble des avis et alertes publiés ... read more
- JVN: Panasonic製Control FPWIN Pro7におけるスタックベースのバッファオーバーフローの脆弱性Panasonicが提供するControl FPWIN Pro7には、スタックベースのバッファオーバーフローの脆弱性が存在します。続きを読む ... read more
- JVN: IDEC製PLCにおける複数の脆弱性IDEC株式会社が提供するPLC(Programmable Logic Controller)には、複数の脆弱性が存在します。続きを読む ... read more
- JVN: IPCOMにおける処理時間の相違に起因する情報漏えいの脆弱性エフサステクノロジーズ株式会社が提供するIPCOMのSSLアクセラレータ機能およびSSL-VPN機能には、処理時間の相違に起因する情報漏えいの脆弱性が存在します。続きを読む ... read more
- JVN: WordPress用プラグインCarousel Sliderにおける複数の脆弱性Sayful Islamが提供するWordPress用プラグインCarousel Sliderには、複数の脆弱性が存在します。続きを読む ... read more
- JVN: Rockwell Automation製ThinManager ThinServerにおける複数の脆弱性Rockwell Automationが提供するThinManager ThinServerには、複数の脆弱性が存在します。続きを読む ... read more
- JVN: Delta Electronics製DTN Softにおける信頼できないデータのデシリアライゼーションの脆弱性Delta Electronicsが提供するDTN Softには、信頼できないデータのデシリアライゼーションの脆弱性が存在します。続きを読む ... read more
- IPCOM vulnerable to information disclosureSSL Accelerator/SSL-VPN Function of IPCOM provided by Fsas Technologies Inc. contains an information disclosure vulnerability. ... read more
- Multiple vulnerabilities in IDEC PLCsIDEC PLCs (Programmable Logic Controllers) contain multiple vulnerabilities. ... read more
- Panasonic Control FPWIN Pro7 vulnerable to stack-based buffer overflowControl FPWIN Pro7 provided by Panasonic contains a stack-based buffer overflow vulnerability. ... read more
- TZCERT-SU-24-0954 (Tenable Security Update)Tenable has released security updates to address vulnerabilities in Fortra FileCatalyst and Flowise. Exploitation of these vulnerabilities may allow an attacker to bypass security controls. Users and administrators are encouraged ... read more
- TZCERT-SU-24-0962 (Cisco Security Update)Cisco has released security updates to address vulnerabilities in cURL and libcurl. Exploitation of these vulnerabilities may allow an attacker to bypass security controls. Users and administrators are encouraged to ... read more
- TZCERT-SU-24-0963 (Ubuntu Security Update)Ubuntu has released security updates to address vulnerabilities in Drupal and Linux kernel. Exploitation of these vulnerabilities may allow an attacker to take control of affected system. Users and administrators ... read more
- TZCERT-SU-24-0961 (Oracle Linux Security Update)Oracle has released security update to address vulnerabilities in nodejs. Exploitation of these vulnerabilities may allow an attacker to take control of affected system. Users and administrators are encouraged to ... read more
- TZCERT-SU-24-0960 (F5 Security Update)F5 has released security updates to address vulnerabilities in Linux kernel. Exploitation of these vulnerabilities may allow an attacker to gain escalated privilege. Users and administrators are encouraged to review ... read more
- TZCERT-SU-24-0959 (SUSE Security Update)SUSE has released security updates to address vulnerabilities in multiple products. Exploitation of these vulnerabilities may allow an attacker to take control of affected system. Users and administrators are encouraged ... read more
- TZCERT-SU-24-0957 (DebianOS Security Update)Debian has released security updates to address vulnerabilities in trafficserver and python. Exploitation of these vulnerabilities may allow an attacker to cause a denial of service condition. Users and administrators ... read more
- TZCERT-SU-24-0958 (Chrome Security Update)Google has released security update to address vulnerabilities in powermail. Exploitation of these vulnerabilities may allow an attacker to gain escalated privilege. Users and administrators are encouraged to review Typo3 ... read more
- TZCERT-SU-24-0955 (Dell Security Update)Dell has released security updates to address vulnerabilities in multiple products. Exploitation of these vulnerabilities may allow an attacker to take control of affected system. Users and administrators are encouraged ... read more
- TZCERT-SU-24-0956 (IBM Security Update)IBM has released security updates to address vulnerabilities in its multiple products. Exploitation of these vulnerabilities may allow an attacker to cause a denial of service condition. Users and administrators ... read more
- Vulnérabilité dans MongoDB Server (28 août 2024)Une vulnérabilité a été découverte dans MongoDB Server. Elle permet à un attaquant de provoquer une exécution de code arbitraire. ... read more
- CISA and Partners Release Advisory on Iran-based Cyber Actors Enabling Ransomware Attacks on US OrganizationsToday, CISA—in partnership with the Federal Bureau of Investigation (FBI) and the Department of Defense Cyber Crime Center (DC3)—released Iran-based Cyber Actors Enabling Ransomware Attacks on U.S. Organizations. This joint ... read more
- Kritisk sårbarhed i SonicOSDer er fundet en kritisk sårbarhed i adgangskontrollen i nogle versioner af SonicWalls SonicOS. Det fremgår af en advisory fra SonicWall. Sårbarheden kan udnyttes af en ondsindet aktør til at ... read more
- Falske mails fra CFCS i omløbDer er tale om en phishing-mail, som ondsindede aktører sender ud for at lokke modtageren til, at afgive information eller downloade malware. Læs mere om phishing og hvordan du spotter ... read more
- Falske mails fra CFCS i omløbCFCS (Center for Cybersikkerhed) meddeler, at enkelte borgere har henvendt sig fordi de har modtaget mails, som udgiver sig for at være fra CFCS. De falske mails bærer overskriften "Sikkerhedsadvarsel" ... read more
- Weekly Report: JPCERT/CCが「TSUBAMEレポート Overflow(2024年4-6月)」を公表JPCERT/CCは、ブログ「TSUBAMEレポート Overflow(2024年4-6月)」を公表しました。2024年4-6月の観測結果として、海外に設置しているセンサーの観測動向の比較や、その他の活動などについて紹介しています。続きを読む ... read more
- Weekly Report: 複数のセーフィー製品にサーバ証明書の検証不備の脆弱性セーフィー株式会社が提供する複数の製品には、サーバ証明書の検証不備の脆弱性があります。この問題は、当該製品を修正済みのバージョンに更新することで解決します。詳細は、開発者が提供する情報を参照してください。続きを読む ... read more
- Weekly Report: スマートフォンアプリ「楽天市場アプリ」にアクセス制限不備の脆弱性楽天グループ株式会社が提供するスマートフォンアプリ「楽天市場アプリ」には、アクセス制限不備の脆弱性があります。この問題は、当該製品を修正済みのバージョンに更新することで解決します。続きを読む ... read more
- Weekly Report: SolarWinds Web help deskにハードコードされた認証情報の脆弱性SolarWinds Web help deskには、ハードコードされた認証情報の脆弱性があります。この問題は、当該製品にホットフィックスを適用することで解決します。詳細は、開発者が提供する情報を参照してください。続きを読む ... read more
Title | Category | Tag |
Africa – The State of African Utilities Performance Assessment and Benchmarking Report – Water |
SmartCitiesStandardsPracticesWater | africa infrastructure water |
Project Management Evaluation Good Practice Standards – ECG – EPCM |
EPCMStandardsPractices | epcm standards |