Author: DEFENDEDGE

  • Ivanti Releases Security Updates for Neurons for ITSM and Standalone Sentry

    Ivanti has released security advisories to address vulnerabilities in Ivanti Neurons for ITSM and Standalone Sentry. A cyber threat actor could exploit these vulnerabilities to take control of an affected system.  CISA encourages users and administrators to review the following Ivanti advisories and apply the necessary updates:  CVE-2023-46808 (Authenticated Remote File Write) for Ivanti Neurons for… Read more

  • CISA, FBI, and MS-ISAC Release Update to Joint Guidance on Distributed Denial-of-Service Techniques

    Today, CISA, the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released an updated joint guide, Understanding and Responding to Distributed Denial-Of-Service Attacks, to address the specific needs and challenges faced by organizations in defending against DDoS attacks. The guidance now includes detailed insight into three different types of… Read more

  • Vulnerability Summary for the Week of March 11, 2024

      High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info academylms — academy_lms_-_elearning_and_online_course_solution_for_wordpress   The Academy LMS – eLearning and online course solution for WordPress plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.9.19. This is due to plugin allowing arbitrary user meta… Read more

  • Repository for Software Attestation and Artifacts Now Live

    Software producers who partner with the federal government can now upload their Secure Software Development Attestation Forms to CISA’s Repository for Software Attestation and Artifacts. Software producers that provide the government software can fill out the form to attest to implementation of specific security practices. CISA and the Office of Management and Budget (OMB) released… Read more

  • Cisco Releases Security Updates for IOS XR Software

    Cisco released security updates to address vulnerabilities in Cisco IOS XR software. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected device.  CISA encourages users and administrators to review the following advisories and apply the necessary updates:  Cisco IOS XR Software for ASR 9000 Series Aggregation Services Routers… Read more

  • Vulnerability Summary for the Week of March 4, 2024

      High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info acowebs — pdf_invoices_and_packing_slips_for_woocommerce   The PDF Invoices and Packing Slips For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.7 via deserialization of untrusted input via the order_id parameter. This makes… Read more

  • Apple Released Security Updates for Multiple Products

    Apple released security updates to address vulnerabilities in Safari, macOS, watchOS, tvOS, and visionOS. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.  CISA encourages users and administrators to review the following advisories and apply the necessary updates:  Safari 17.4  macOS Sonoma 14.4  macOS Ventura 13.6.5  macOS Monterey… Read more

  • Cisco Releases Security Updates for Secure Client

    Cisco released security updates to address vulnerabilities in Cisco Secure Client and Secure Client for Linux. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected device. CISA encourages users and administrators to review the following security releases and apply the necessary updates:  Cisco Secure Client Carriage Return Line… Read more

  • VMware Releases Security Advisory for Multiple Products

    VMware released a security advisory to address multiple vulnerabilities in ESXi, Workstation, Fusion, and Cloud Foundation. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following VMware security advisory and apply the necessary updates: VMSA-2024-0006 Read more

  • Vulnerability Summary for the Week of February 26, 2024

    Read more