< ciso
brief />
Tag Banner

All news with #advisory tag

373 articles

OpenSSL HollowByte memory-exhaustion flaw analysis

๐Ÿ›ก๏ธ OpenSSL received a silent June fix for a denial-of-service issue Okta branded "HollowByte," which causes servers to allocate up to 131 KB per TLS ClientHello before the body arrives. The bug lets attackers exhaust connections and, on glibc systems, fragment the heap so freed memory remains resident until process restart. Fixed releases are 4.0.1, 3.6.3, 3.5.7, 3.4.6, and 3.0.21 dated June 9, but OpenSSL chose to treat the change as a "bug or hardening" without a CVE, advisory, or changelog note.
read more โ†’

Chained Zero-Day Flaws in Siemens ROX II Switches

๐Ÿ›ก๏ธ This Unit 42 advisory, developed in partnership with Siemens, describes a chained exploit of three zero-day vulnerabilities in Siemens ROX II OT switches. The chain (CVE-2025-40948, CVE-2025-40947, CVE-2025-40949) enables arbitrary file disclosure, root privilege escalation and persistent root execution, risking full device compromise. Siemens has issued advisories and a firmware update V2.17.1; Palo Alto Networks provides virtual patching and OT device protections.
read more โ†’

CISA urges immediate SharePoint hardening now

๐Ÿ”’ CISA has warned that three Microsoft SharePoint vulnerabilities are being actively exploited and urged organizations to immediately patch on-premises SharePoint deployments. Administrators should follow Microsoftโ€™s mitigation guidance, enable AMSI integration, hunt for indicators of compromise, and rotate machine keys where appropriate. The agency added CVE-2026-33201, CVE-2026-45659, and the newly listed CVE-2026-56164 to its Known Exploited Vulnerabilities catalog and required rapid remediation for federal agencies.
read more โ†’

Microsoft July 2026 Patch Tuesday: 570+ Vulnerabilities

๐Ÿ”’ Julyโ€™s Patch Tuesday from Microsoft addressed an unprecedented number of vulnerabilities, with reports of 570โ€“622 CVEs (620 if platform-level fixes are counted), plus hundreds in Chromium. The release includes many high-severity flaws โ€” notably elevation of privilege and remote code execution bugs โ€” with only three zero-days and 59 critical issues. Microsoftโ€™s new summary-style advisories and its AI-powered MDASH scanning explain the surge, forcing organizations to reassess patch management and prioritization.
read more โ†’

FSB Centre 16 Targets Routers Using Weak SNMP

๐Ÿ”’ Cyber agencies from 12 countries warn that Russian FSB Centre 16 (aka Berserk Bear/Static Tundra) is scanning the internet for routers using default or weak SNMP credentials and occasionally exploiting known CVEs in Cisco devices. Sectors such as communications, defence, energy, finance, government and healthcare are urged to adopt SNMPv3, patch affected systems and disable vulnerable features like Smart Install when patching is not possible. The advisory links Centre 16โ€™s tactics to broader disruptive campaigns and coincides with UK/EU attribution of late 2025 attacks on Polandโ€™s energy grid to the group.
read more โ†’

Talos: Multiple Vulnerabilities in WolfSSL, GeoVision, VTK

๐Ÿ”’ Cisco Talos disclosed multiple vulnerabilities across WolfSSL, GeoVision, and VTK-DICOM, all of which have been patched by vendors in line with Ciscoโ€™s disclosure policy. The findings include three WolfSSL issues (two improper input validation and one integer underflow), 14 GeoVision advisories spanning 37 CVEs, and one heap-based buffer overflow in VTK-DICOM. Snort rules to detect exploit attempts are available from Snort.org. Discoveries were made by Ankur Tyagi, Philippe Laulheret, and Emmanuel Tacheau of Cisco Talos.
read more โ†’

Max-severity Adobe ColdFusion flaw being actively exploited

๐Ÿ”ง Adobe has issued emergency updates to fix a maximum-severity ColdFusion vulnerability (CVE-2026-48282) that is now being actively exploited, the Canadian Center for Cyber Security (CCCS) warned. The flaw affects ColdFusion 2025.9, 2023.20, and earlier, enabling unauthenticated remote code execution on unpatched systems. Adobe urges administrators to install the patch immediately, and Shadowserver reports nearly 800 exposed ColdFusion instances online.
read more โ†’

FBI warns Russian actors stealing Signal backup keys

๐Ÿ” The FBI and CISA warn that Russian-linked threat actors have shifted phishing tactics to steal Signal Backup Recovery Keys, enabling access to users' historical messages. The campaign, tracked as UNC5792 and UNC4221, targets high-value individuals including officials, journalists, and military personnel. Attackers impersonate Signal support, trick users into enabling backups and then request the recovery key to restore data to attacker-controlled devices. Authorities advise that official support never asks for codes or recovery keys and recommend reporting incidents to the FBI or CISA.
read more โ†’

CISA urges hardening of Fortinet devices after breaches

๐Ÿ”’ CISA warns that malicious actors have targeted internet-accessible Fortinet devices using compromised credentials, a campaign dubbed FortiBleed affecting roughly 74,000 devices including firewalls and VPN gateways. The agency urges immediate actions such as terminating active SSL VPN and administrative sessions, resetting credentials, enforcing strong password policies, and ensuring secure credential storage using PBKDF2. Organizations should review logs for suspicious activity, enable phishing-resistant MFA for remote and administrative access, and restrict management interfaces from public internet exposure.
read more โ†’

PavilionX Missing Authorization Vulnerability Adviso

๐Ÿ”’ A security issue was identified in Rockwell Automation FactoryTalk Analytics PavilionX due to improper authorization enforcement in API endpoints, allowing unauthorized actors to perform privileged operations such as user and role management. Rockwell Automation recommends updating PavilionX to version 7.01 or later. CISA advises minimizing network exposure of control system devices, isolating them behind firewalls, and using secure remote access methods while performing impact analysis before defensive changes.
read more โ†’

Rockwell Logix 5370/5570 CIP Denial-of-Service Fixes

๐Ÿ›ก๏ธ A denial-of-service vulnerability in Rockwell Automation Logix 5370 and 5570 controllers can cause a major nonrecoverable fault (MNRF) when a crafted CIP message is processed, with devices having less memory at greater risk. Rockwell advises updating to specific firmware versions: CompactLogix 5370 (34.016+), Compact GuardLogix 5370 (35.015+), ControlLogix 5570 (36.012+), and GuardLogix 5570 (37.011+). CISA recommends minimizing network exposure, isolating control networks behind firewalls, using secure remote access methods such as VPNs, and following ICS defensive best practices to reduce exploitation risk.
read more โ†’

RSLinx Classic vulnerability advisory and mitigations

๐Ÿ”’ This advisory describes a stack-based buffer overflow and an out-of-bounds read in Rockwell Automation RSLinx Classic Third-Party components that can cause denial of service or enable remote code execution. Rockwell recommends upgrading to version 4.60.00 or later or applying patch BF31213 where upgrades are not possible. CISA urges minimizing network exposure, isolating control systems behind firewalls, and using secure remote access methods such as updated VPNs while performing impact analysis and risk assessments.
read more โ†’

CISA Adds Two Vulnerabilities to KEV Catalog

๐Ÿ”” CISA added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog after confirming active exploitation. The agency emphasizes these flaws are common attack vectors that present substantial risk to the federal enterprise. BOD 26-04 requires Federal Civilian Executive Branch agencies to prioritize rapid remediation of high-risk CVEs in the KEV catalog and to assess potential compromise before patching. CISA urges all organizations to adopt risk-based vulnerability management and to submit suspected exploited flaws via the KEV Nomination Form.
read more โ†’

Brickcom Camera Flaw Allows Unauthenticated Video Access

๐Ÿ”’ The advisory describes vulnerabilities in Brickcom cameras that permit unauthenticated attackers to access live snapshots via the /ONVIF endpoint and exploit default credentials to obtain administrative control. CISA reports vendor non-coordination and urges users to contact Brickcom for support while following defensive measures. Recommended mitigations include isolating devices behind firewalls, minimizing internet exposure, and using secure remote access methods such as updated VPNs.
read more โ†’

Critical IoT Platform Flaws Enable Device Takeover

๐Ÿ”’ CISA published an advisory on multiple critical vulnerabilities in the Naxclow IoT Platform that allow device impersonation, credential exposure, and fleet enumeration. A replayable onboarding flow and inadequate authorization let attackers reassign devices, while persistent, non-rotating relay credentials enable long-term access. Additional weaknesses include a hard-coded platform salt for request signing, predictable device identifiers, and cleartext Wiโ€‘Fi secrets exposed via UART.
read more โ†’

Active privilege escalation flaw in Cisco SDโ€‘WAN Manager

๐Ÿ”’ Cisco warns of an actively exploited high-severity vulnerability in Catalyst SDโ€‘WAN Manager that allows authenticated attackers to escalate privileges to root. The flaw, tracked as CVE-2026-20245, requires local access and netadmin privileges but can be chained with prior authentication bypass bugs. Cisco recommends upgrading to the latest versions, checking edge device configurations, saving logs, and contacting TAC if indicators of compromise are found.
read more โ†’

Critical UniFi OS bug enables unauthenticated root access

๐Ÿ”’ Researchers found that three fixed flaws in UniFi OS Server (CVE-2026-34908, CVE-2026-34909, CVE-2026-34910) can be chained to achieve remote code execution with root privileges on versions 5.0.6 and earlier. Bishop Fox validated the full attack path on a live instance, showing an authentication bypass via URI normalization differences and a subsequent command injection that escalates to root due to passwordless sudo. A detection script and guidance are available; upgrade to 5.0.8 or later.
read more โ†’

CISA warns of attacks on fuel tank monitoring systems

๐Ÿ”’ CISA and multiple US agencies warn that internet-exposed automatic tank gauge (ATG) systems used to monitor fuel and liquid storage tanks are being targeted by cyber actors. The advisory notes attackers exploit authentication bypasses, hardcoded credentials, command-execution flaws, SQL injection, and privilege-escalation vulnerabilities. If compromised, attackers can alter network and tank settings, disable alerts, and impair monitoring, increasing risk to safety and operations. Agencies recommend blocking public access, enforcing strong credentials and MFA, applying updates, and monitoring for unauthorized changes.
read more โ†’

CISA and Partners Urge Hardening of ATG Systems

๐Ÿ”’ The Cybersecurity and Infrastructure Security Agency (CISA), alongside multiple federal partners, warns of malicious cyber activity targeting internet-exposed automatic tank gauge (ATG) systems used across energy, chemical, food and agriculture, and transportation sectors. The advisory outlines observed tacticsโ€”such as authentication bypass, command execution, and privilege escalationโ€”and urges owners to remove ATG devices from public internet exposure, apply patches, enforce strong credentials, and monitor device logs. It also lists reporting contacts and mitigation resources.
read more โ†’

Microsoft and researcher clash over disclosure rules

๐Ÿ›ก๏ธ Microsoft and a prominent researcher publicly traded barbs after the researcher, going by Nightmare Eclipse, published vulnerabilities he said were ignored; Microsoft countered that those disclosures were irresponsible and increased risk. The exchange included personal accusations, account deletions, and threats, prompting discussion within the security community about disclosure practices. Senior Microsoft staff signaled a review of processes while defenders on both sides highlighted valid concerns about communication, prioritization, and trust.
read more โ†’