August 13, 2024 at 02:23PM CISA has added six new known exploited vulnerabilities to the catalog, including remote code execution, memory corruption, and privilege escalation issues in Microsoft products. These are common attack vectors for cyber actors and pose risks to the federal enterprise. BOD 22-01 mandates remediation to protect FCEB networks from active threats, … Read more
July 30, 2024 at 03:57PM CISA orders U.S. FCEB agencies to secure servers against VMware ESXi vulnerability exploited in ransomware attacks. VMware fixed flaw CVE-2024-37085, allowing attackers to gain admin privileges. Ransomware gangs exploit this to steal data, move laterally, and encrypt ESXi. Agencies have 3 weeks to secure systems under directive BOD 22-01. CISA … Read more
July 24, 2024 at 10:42AM CISA added a recent Twilio Authy bug, tracked as CVE-2024-39891, to its Known Exploited Vulnerabilities catalog due to an information disclosure issue. Twilio warned of the vulnerability and urged users to update to versions 25.1.0 for Android and 26.1.0 for iOS. No Twilio systems were compromised, and CISA urged vulnerable … Read more