CISA Releases Untitled Goose Tool
The U.S. CISA released free post-incident hunting tools for organizations using Microsoft Azure, Azure Active Directory, and Microsoft 365 applications. The tool was built by CISA and Sandia National Laboratories,…
US Agency Exploited with an Old Progress Telerik RCE
The US CISA has reported that the threat actors are seen exploited a vulnerability that was first documented in 2019 that allows remote code execution (RCE) to access a federal…
CISA KEV Update Part IV – March 2023
The U.S. CISA has added a critical vulnerability in Adobe ColdFusion, tracked as CVE-2023-26360 with a CVSS score: 8.6, to its Known Exploited Vulnerabilities Catalog. Adobe as a part of routine patch tuesday, released…
CISA Establishes RVWP
The US CISA announced earlier this week the creation of a new Ransomware Vulnerability Warning Pilot (RVWP) program. Stemming from the Cyber Incident Reporting for Critical Infrastructure Act of 2022…
CISA adds Vulnerabilities to Known Exploited Catalog Part II – February 2023
The US CISA adds Intel, Terramaster, GoAnywhere MFT flaws, respectively tracked as CVE-2015-2291, CVE-2022-24990 and CVE-2023-0669 to its Known Exploited Vulnerabilities Catalog. The first flaw tracked as CVE-2015-2291 with a…
CISA releases Script to help victims of ESXi Args
The U.S. CISA has released a script to recover VMware ESXi servers infected with ESXiArgs ransomware. The victims of the recent wave of ESXiArgs ransomware attacks, can use the script…
CISA Known Exploited Catalog Update February 2023
The US CISA adds Oracle and SugarCRM flaws, respectively tracked as CVE-2022-21587 and CVE-2023-22952, to its Known Exploited Vulnerabilities Catalog. The CVE-2022-21587 flaw with CVSS score 9.8 affects the Oracle…
CISA adds JasperReports Flaws to Known Exploited Catalog
The US CISA has added TIBCO Software’s JasperReports vulnerabilities, to its Known Exploited Vulnerabilities catalog. TIBCO JasperReports is an open-source Java reporting tool for creating and managing reports and dashboards…