Lindsay P. Stought, CSM, PMP’s Post

#CyberNews The US Cybersecurity and Infrastructure Agency (CISA) has initiated "Vulnrichment," a project designed to enhance the enrichment of CVE records amid slowdowns in the National Vulnerability Database (NVD) managed by NIST. This slowdown has resulted from an uptick in software vulnerabilities and shifts in interagency support, causing significant backlogs in vulnerability analyses. Vulnrichment aims to categorize and update public CVE records swiftly, leveraging a decision tree model to prioritize remediation actions based on the severity and exploitability of vulnerabilities, ensuring that stakeholders can integrate these insights into their security protocols efficiently. Read More: https://lnkd.in/ebhkzQqg #USA #CISA #Vulnerabilities

Security Advisory 🚨: Critical vulnerabilities (CVE-2024-9463 & CVE-2024-9465) in Palo Alto Networks Expedition are being actively exploited, allowing unauthenticated attackers to execute commands as root or access sensitive data. Immediate updates to Expedition 1.2.96 or later are essential to mitigate these risks. 👉 Learn more and secure your systems here: https://hubs.ly/Q02YyTW70

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a critical vulnerability in Ivanti’s Endpoint Manager (EPM) that is now being actively exploited by threat actors. This remote code execution (RCE) flaw, tracked as CVE-2024-29824, allows attackers to exploit SQL Injection vulnerabilities on unpatched systems to execute arbitrary commands. Read more: https://lnkd.in/gK9REduK #ivanti #epm #vulnerability #poc #exploit #hacking #rce #sqlinjection #informationsecurity #infosec

On June 25, Progress disclosed two vulnerabilities: CVE-2024-5805, a critical severity authentication bypass vulnerability affecting MOVEit Gateway (SFTP module); and CVE-2024-5806, a high-severity authentication bypass vulnerability affecting MOVEit Transfer. Learn more about these vulnerabilities, how threat actors may exploit them, and our recommendations for remediation in our latest security bulletin: https://lnkd.in/gD9urmXu #EndCyberRisk CVE-2024-5805 & CVE-2024-5806 | Arctic Wolfarcticwolf.com

On June 25, Progress disclosed two vulnerabilities: CVE-2024-5805, a critical severity authentication bypass vulnerability affecting MOVEit Gateway (SFTP module); and CVE-2024-5806, a high-severity authentication bypass vulnerability affecting MOVEit Transfer. Learn more about these vulnerabilities, how threat actors may exploit them, and our recommendations for remediation in our latest security bulletin: https://lnkd.in/gD9urmXu #EndCyberRisk

CISA Adds Two Known Exploited Vulnerabilities to Catalog: CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. * CVE-2024-9463 Palo Alto Networks Expedition OS Command Injection Vulnerability * CVE-2024-9465 Palo Alto Networks Expedition SQL Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria. https://lnkd.in/gFAX8XD9

🚨 Critical Security Advisory: CVE-2024-5910 🚨 Palo Alto Networks has disclosed a CRITICAL vulnerability (CVE-2024-5910) in its Expedition tool, allowing potential admin account takeovers due to missing authentication for a critical function. Key Details: Severity: 9.3 (CRITICAL) Attack Vector: Network Privileges Required: None Exploitation Status: Active (reported by CISA) Affected Versions: Expedition 1.2 (versions < 1.2.92) Fix: Upgrade to Expedition 1.2.92 or later Impact: This vulnerability puts sensitive configuration data such as credentials and secrets at risk. Organizations using Expedition must act immediately to secure their systems. Mitigation Steps: Update: Upgrade Expedition to version 1.2.92 or later. Restrict Access: Limit network access to Expedition to authorized users, hosts, or networks. Let’s stay vigilant and proactive to ensure our systems remain secure! For more details, refer to the CISA Known Exploited Vulnerabilities Catalog ( https://lnkd.in/gH4EYi2T ). #CyberSecurity #VulnerabilityManagement #PaloAltoNetworks #CVE2024 #InfoSec

CISA Adds One Known Exploited Vulnerability to Catalog CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-21338 Microsoft Windows Kernel Exposed IOCTL with Insufficient Access Control Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria. via: https://lnkd.in/gcZkQMyU

Attention GitLab Users: Critical Flaw Added to CISA's Known Exploited Vulnerabilities Catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently added a critical vulnerability affecting GitLab to its Known Exploited Vulnerabilities (KEV) catalog. This addition is due to active exploitation of the flaw in the wild. The vulnerability, identified as CVE-2023-7028, has been assigned a CVSS score of 10.0, indicating maximum severity. It allows attackers to take over user accounts by sending password reset emails to unverified email addresses. GitLab has confirmed that the issue was introduced in version 16.1.0 on May 1, 2023, and affects all authentication mechanisms within the affected versions. Successful exploitation of this vulnerability can lead to serious consequences, such as: -Theft of sensitive information and credentials -Poisoning of source code repositories with malicious code -Supply chain attacks To address this critical issue, GitLab has released patches in versions 16.5.6, 16.6.4, and 16.7.2, with backported fixes available for versions 16.1.6, 16.2.9, 16.3.7, and 16.4.5. As a precautionary measure, CISA requires federal agencies to apply the latest fixes by May 22, 2024, to secure their networks against potential attacks. We strongly recommend all GitLab users to update their instances to the latest patched versions immediately to mitigate the risk of account takeover and potential supply chain attacks. https://lnkd.in/emiA3Wzz

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. CVE-2024-27198 JetBrains TeamCity Authentication Bypass Vulnerability CISA urges organizations to review the following JetBrains blog post and apply the necessary updates: Additional Critical Security Issues Affecting TeamCity On-Premises