Insights

Cisco released security updates to address vulnerabilities in Cisco Secure Client and Secure Client for Linux. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected device. CISA encourages users and administrators to review the following security releases and apply the necessary updates:  Cisco Secure Client Carriage Return Line Feed Injection Vulnerability  Cisco Secure Client for Linux with ISE Posture Module Privilege Escalation Vulnerability

Read More

VMware released a security advisory to address multiple vulnerabilities in ESXi, Workstation, Fusion, and Cloud Foundation. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following VMware security advisory and apply the necessary updates: VMSA-2024-0006

Read More

Cisco released security advisories to address vulnerabilities affecting Cisco NX-OS Software. A cyber threat actor could exploit one of these vulnerabilities to cause a denial-of-service condition. CISA encourages users and administrators to review the following advisories and apply the necessary updates: Cisco NX-OS Software MPLS Encapsulated IPv6 Denial of Service Vulnerability Cisco NX-OS Software External Border Gateway Protocol Denial of Service Vulnerability      

Read More

Today, CISA and the following partners released joint Cybersecurity Advisory Threat Actors Exploit Multiple Vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways:  Federal Bureau of Investigation (FBI)  Multi-State Information Sharing & Analysis Center (MS-ISAC)  Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC)  United Kingdom National Cyber Security Centre (NCSC-UK)  Canadian Centre for Cyber Security (Cyber Centre), a part of the Communications Security Establishment  New Zealand National Cyber Security Centre (NCSC-NZ)  CERT-New Zealand (CERT…

Read More

Today, CISA, the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint Cybersecurity Advisory (CSA), #StopRansomware: Phobos Ransomware, to disseminate known tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs), which are from incident response investigations tied to Phobos ransomware activity from as recently as February, 2024. Structured as a ransomware as a service (RaaS) model, Phobos ransomware actors have targeted entities including municipal and county…

Read More

Today, CISA released a Resource Guide for Cybersecurity Clinics to outline ways CISA can partner with and support cybersecurity clinics and their clients. University cybersecurity clinics train students from diverse backgrounds and academic expertise to strengthen the digital defenses of non-profits, hospitals, municipalities, small businesses, and other under-resourced organizations. They can help address the national cyber workforce gap by developing a talent pipeline for cyber civil defense and helping students see themselves in a cybersecurity…

Read More