Aggregator

Pivoting in cyber thre

It was created in 1973 by Peter Kirstein:So from the beginning I put password protection

CISA has added four vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2024-55591 Fortinet FortiOS Authorization Bypass Vulnerability
• CVE-2025-21333 Microsoft Windows Hyper-V NT Kernel Integration VSP Heap-based Buffer Overflow Vulnerability
• CVE-2025-21334 Microsoft Windows Hyper-V NT Kernel Integration VSP Use-After-Free Vulnerability
• CVE-2025-21335 Microsoft Windows Hyper-V NT Kernel Integration VSP Use-After-Free Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Fortinet released security updates to address vulnerabilities in multiple Fortinet products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the following and apply necessary updates:

• Fortinet Security Updates

Adobe released security updates to address vulnerabilities in multiple Adobe software products including Adobe Photoshop, Animate, and Illustrator for iPad. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. 

CISA encourages users and administrators to review the following Adobe Security Bulletin and apply necessary updates:

• Adobe Product Security Updates for January

 

Microsoft released security updates to address vulnerabilities in multiple Microsoft products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. 

CISA encourages users and administrators to review the following and apply necessary updates:

• Microsoft Security Update Guide for January

Ivanti released security updates to address vulnerabilities in Ivanti Avalanche, Ivanti Application Control Engine, and Ivanti EPM. 

CISA encourages users and administrators to review the following Ivanti security advisories and apply the necessary guidance and updates:

• Ivanti Avalanche
• Ivanti Application Control Engine
• Ivanti EPM

Today, CISA released the JCDC AI Cybersecurity Collaboration Playbook and Fact Sheet to foster operational collaboration among government, industry, and international partners and strengthen artificial intelligence (AI) cybersecurity. The playbook provides voluntary information-sharing processes that, if adopted, can help protect organizations from emerging AI threats. 

Specifically, the playbook:

• Facilitates collaboration between federal agencies, private industry, international partners, and other stakeholders to raise awareness of AI cybersecurity risks and improve the resilience of AI systems.
• Guides JCDC partners on how to voluntarily share information related to cybersecurity incidents and vulnerabilities associated with AI systems.
• Delineates information-sharing protections and mechanisms.
• Outlines CISA’s actions upon receiving shared information. 

CISA urges JCDC partners to integrate the playbook into their incident response and information-sharing processes, make iterative improvements as needed, and provide feedback to CISA through [email protected].

Not a partner? Join JCDC to engage in synchronized cybersecurity planning, cyber defense, and response. Learn more by visiting CISA’s JCDC webpage and emailing [email protected]. 

CISA released four Industrial Control Systems (ICS) advisories on January 14, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-25-014-01 Hitachi Energy FOXMAN-UN
• ICSA-25-014-02 Schneider Electric Vijeo Designer
• ICSA-25-014-03 Schneider Electric EcoStruxure
• ICSA-25-014-04 Belledonne Communications Linphone-Desktop

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

Three BSIMM15 software security trends Regulatory pressures to secure the software supply chain

Home Blog Podcast Vulns About Us Contact

Explore key trends in the BSIMM15 report, such as securing AI and the software supply chain, plus recommendations for enhancing your software security program.

The post BSIMM15: New focus on securing AI and the software supply chain appeared first on Blog.

The post BSIMM15: New focus on securing AI and the software supply chain appeared first on Security Boulevard.

Pivoting in cyber threat intelligence refers to using one piece of data to find and explore related information and expand your understanding of a threat. It lets you discover hidden connections between indicators of compromise and find potential vulnerabilities before they are exploited.   Why pivoting matters  Cyber threat intelligence concentrates on indicators of compromise, IOCs. […]

The post Threat Intelligence Pivoting: Actionable Insights Behind Indicators appeared first on ANY.RUN's Cybersecurity Blog.

Сервис Huione Guarantee активно развивается, добавляя в систему автономную инфраструктуру.