Security Bulletin

Rapid7 InsightVM's asset, vulnerability, and fix data is ingested into Cisco Vulnerability Management for data centralization and effective risk prioritization.

Ingress security from Cisco Multicloud Defense gives organizations consistent visibility and control across multicloud environments.

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-23222 Apple Multiple Products Type Confusion Vulnerability These types of vulnerabilities are frequent attack...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.4 ATTENTION: Low attack complexity Vendor: Crestron Equipment: AM-300 Vulnerability: OS Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to escalate...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.7 ATTENTION: Low attack complexity Vendor: Lantronix Equipment: XPort Vulnerability: Weak Encoding for Password 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to...

Apple has released security updates for iOS and iPadOS, macOS, Safari, watchOS, and tvOS. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Voltronic Power Equipment: ViewPower Pro Vulnerabilities: Deserialization of Untrusted Data, Missing Authentication for Critical Function...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Orthanc Equipment: Osimis Web Viewer Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable via adjacent network / low attack complexity Vendor: APsystems Equipment: Energy communication Unit (ECU-C) Power Control Software Vulnerability: Improper Access Control 2. RISK...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Westermo Equipment: Lynx 206-F2G Vulnerabilities: Cross-site Scripting, Code Injection, Cross-Origin Resource Sharing, Cleartext Transmission of...

CISA released six Industrial Control Systems (ICS) advisories on January 23, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-023-01 APsystems Energy Communication...

CISA has collaborated with the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) on Engaging with Artificial Intelligence—joint guidance, led by ACSC, on how to use AI systems securely. The following organizations also...