All news with #advisory tag

🔒 METZ CONNECT released firmware updates addressing multiple critical vulnerabilities in EWIO2 devices that allow unauthenticated remote attackers to bypass authentication, upload and execute arbitrary code, and read PHP source files. The flaws include an authentication bypass, PHP remote file inclusion, unrestricted file uploads, path traversal, and improper access control. METZ CONNECT firmware 2.2.0 remediates these issues; administrators should schedule and install the update and ensure devices are not exposed to the internet.

🔔 CISA released six Industrial Control Systems (ICS) advisories detailing current security issues, vulnerabilities, and potential exploits affecting multiple vendors and products. The advisories cover Schneider Electric products (including EcoStruxure Machine SCADA Expert, Pro-face BLUE Open Studio, and PowerChute Serial Shutdown), Shelly Pro devices, and METZ CONNECT hardware. One advisory is an update (B) to a prior Schneider Electric notice. Users and administrators are encouraged to review the technical details and apply recommended mitigations promptly.

🔒 Schneider Electric has released updates for PowerChute Serial Shutdown to address multiple vulnerabilities that may be exploited locally on the network. The issues include path traversal (CWE-22, CVE-2025-11565), excessive authentication attempts (CWE-307, CVE-2025-11566), and incorrect default permissions (CWE-276, CVE-2025-11567) with CVSS scores up to 7.8. Schneider Electric published version 1.4 with fixes for Windows and Linux; administrators should upgrade and apply recommended permissions and network isolation measures.

⚠️ A remote-accessible out-of-bounds read vulnerability (CVE-2025-12056) in Shelly Pro 3EM can be triggered by a specially crafted Modbus request to force the device to access illegal memory addresses and reboot. CISA assigns a CVSS v4 score of 8.3 and warns this may result in a denial-of-service condition. Shelly did not respond to coordination; users should contact the vendor, keep devices updated, minimize network exposure, and follow recommended ICS defensive practices.

🔒 This advisory describes a cryptographic weakness in Schneider Electric's EcoStruxure Machine SCADA Expert and Pro-face BLUE Open Studio that could allow credential recovery from project files. An attacker with read access to Edge project or offline cache files can brute-force weak hashes to recover app-native or Active Directory passwords (CVE-2025-9317); the flaw requires local/file access and is not remotely exploitable. Apply 2023.1 Patch 1 immediately or implement recommended mitigations such as strict ACLs, strong project master passwords, removing embedded passwords, and following ICS cybersecurity best practices.

⚠️ Fortinet has released an advisory for FortiWeb addressing CVE-2025-64446, a CWE-23 relative path traversal that can allow unauthenticated actors to execute administrative commands via crafted HTTP/HTTPS requests. Affected releases include multiple 7.x and 8.x versions; Fortinet provides specific upgrade targets (8.0.2+, 7.6.5+, 7.4.10+, 7.2.12+, 7.0.12+). If immediate upgrades are not possible, disable HTTP/HTTPS on internet-facing interfaces and, after remediation, review configurations and logs for unexpected modifications or unauthorized administrator accounts.

🛡️ CISA, FBI, DC3, HHS and international partners released updated guidance to help organizations mitigate the evolving Akira ransomware threat. The advisory details new indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) used by the group, which primarily targets small and medium-sized businesses but has also struck larger organizations across multiple sectors. It strongly urges immediate actions such as regular backups, enforcing multifactor authentication, and prioritizing remediation of known exploited vulnerabilities.

🔐 CISA and partner agencies published an updated advisory on Nov. 13, 2025, detailing new indicators, tactics, and detection guidance related to Akira ransomware. The update documents expanded targeting across Manufacturing, Education, IT, Healthcare, Financial, and Food and Agriculture, and links activity to groups such as Storm-1567 and Punk Spider. Key findings include exploitation of edge and backup vulnerabilities, use of remote management tools for defense evasion, and a faster, more destructive Akira_v2 variant that complicates recovery.

🔔 CISA released 18 Industrial Control Systems (ICS) advisories addressing security flaws across a broad set of vendors and product families. The advisories cover firmware, application software, and cloud services used in operational technology and industrial environments, including products from Siemens, Rockwell Automation, AVEVA, and Mitsubishi Electric. Administrators should review the advisories for technical details and apply vendor mitigations, patches, and compensating controls promptly to reduce risk to availability and safety.

🔒 SAP released November security updates addressing a maximum-severity (10.0) hardcoded credentials flaw in the non-GUI component of SQL Anywhere Monitor (CVE-2025-42890) and a critical code-injection issue in SAP Solution Manager (CVE-2025-42887). The embedded credentials could allow attackers to access administrative functions and potentially execute arbitrary code. Administrators should apply updates and follow SAP mitigation guidance promptly.

🛡️ If you’re still running Windows 10, enroll in Microsoft’s Extended Security Updates (ESU) program before the next Patch Tuesday to continue receiving security fixes. Consumers can get one year of ESU for free by signing into a Microsoft account and enabling Windows settings backup, or alternatively pay $30 or redeem 1,000 Microsoft Rewards points. Enrollment is available via Settings > Update & Security > Windows Update and should confirm coverage through October 13, 2026.

🔒 CISA warns that Ubia's Ubox firmware (v1.1.124) exposes API credentials, potentially allowing remote attackers to access backend services. Successful exploitation could permit viewing live camera feeds or modifying device settings. The issue is tracked as CVE-2025-12636 with a CVSS v4 base score of 7.1. Users should minimize network exposure, isolate devices behind firewalls, use secure remote-access methods such as VPNs, and contact Ubia support for guidance.

🔔 CISA released four Industrial Control Systems (ICS) advisories covering Advantech DeviceOn iEdge, Ubia Ubox, ABB FLXeon Controllers, and an update for Hitachi Energy Asset Suite. Each advisory provides technical details on identified vulnerabilities and recommended mitigations. Users and administrators are urged to review the advisories and apply mitigations promptly.

🔒 Microsoft warned that installing Windows security updates released on or after October 14, 2025 can cause some systems to boot into BitLocker recovery, prompting users to enter their recovery key on first restart. The issue mainly affects Intel devices that support Connected Standby (Modern Standby) and occurs during restart or startup on Windows 11 24H2/25H2 and Windows 10 22H2. Microsoft says devices should boot normally after the key is entered and offers a Group Policy mitigation via Known Issue Rollback (KIR), with affected customers advised to contact Microsoft Support for Business.

⚠ A critical vulnerability in the @react-native-community/cli ecosystem could let remote, unauthenticated attackers execute arbitrary OS commands on machines running the React Native development server. JFrog researcher Or Peles reported that the Metro dev server binds to external interfaces by default and exposes a vulnerable /open-url endpoint that passes user input to the unsafe open() call. The flaw (CVE-2025-11953, CVSS 9.8) affected versions 4.8.0–20.0.0-alpha.2 and is fixed in 20.0.0.

🔐 CISA, the NSA and international partners have published the Microsoft Exchange Server Security Best Practices to help organisations reduce exposure to attacks against hybrid and on‑premises Exchange deployments. The guidance reinforces Emergency Directive 25-02 and prioritises restricting administrative access, enforcing multi‑factor and modern authentication, tightening TLS and transport security, and applying Microsoft's Exchange Emergency Mitigation service. It also urges migration from unsupported or end‑of‑life systems and recommends use of secure baselines such as CISA's SCuBA. Agencies stress ongoing collaboration and a prevention-focused posture despite political and operational challenges.

⚠️ The Canadian Centre for Cyber Security warns hacktivists are increasingly exploiting internet-accessible industrial control systems (ICS), citing recent intrusions that affected a water utility, an oil and gas automated tank gauge (ATG), and a farm's grain-drying silo. Attackers manipulated pressure, fuel-gauge, and environmental controls, creating safety and service disruptions. The alert urges secure remote access via VPNs with MFA and inventories of OT assets. Provincial and municipal coordination is recommended to protect sectors lacking cybersecurity oversight.

⚠️ Microsoft confirmed a known issue where closing Task Manager does not terminate the taskmgr.exe process after installing the October 28, 2025 preview update (KB5067036). Multiple background instances can consume CPU and cause stutters. As a temporary workaround, end each process in a new Task Manager window or run: taskkill.exe /im taskmgr.exe /f while Microsoft investigates a permanent fix.

🔒 Cybersecurity agencies in the United States, Australia and Canada have issued coordinated best-practice guidance to help organizations harden on-premises Microsoft Exchange Server installations against ongoing attacks and misconfiguration risks. The advisory emphasizes keeping servers fully patched and on the supported Subscription Edition, enabling Microsoft’s Emergency Mitigation Service, and establishing security baselines. It also urges stronger authentication and encryption, dedicated administrative workstations, and built-in protections such as Microsoft Defender Antivirus and App Control to reduce attack surfaces.

🔒 CISA, the NSA and international partners have issued urgent guidance to harden on‑premises Microsoft Exchange Server instances by restricting administrative access, enforcing multi‑factor authentication, and applying strict transport security. The agencies recommend migrating or decommissioning end‑of‑life and hybrid Exchange servers, enabling the Exchange Emergency Mitigation Service, and disabling remote PowerShell for users. Organizations are also advised to maintain patch cadence, apply security baselines, and enable antivirus, EDR, ASR, and AppLocker controls.