All news with #advisory tag

⚠️A vulnerability in Hitachi Energy Asset Suite (versions 9.7 and prior) permits an authenticated user to manipulate or inject performance log entries (CWE-117). Tracked as CVE-2025-10217, it has a CVSS v3.1 base score of 6.5 and CVSS v4 base score of 6.0; exploitation could enable further malicious actions by corrupting logs. Hitachi Energy recommends disabling performance logging and applying updates when available, while CISA advises network segmentation, firewall protections, and secure remote access to minimize exposure.

🔔 CISA released four Industrial Control Systems (ICS) Advisories on October 9, 2025, covering vulnerabilities in Hitachi Energy Asset Suite, Rockwell Automation Lifecycle Services with Cisco, Rockwell Automation Stratix, and an update to Mitsubishi Electric Multiple FA Products. Each advisory provides technical details, risk ratings, and recommended mitigations. Administrators and asset owners should review the advisories promptly and apply mitigations or vendor patches to reduce exposure. CISA emphasizes timely review and implementation to protect operational environments.

🛡️ AWS has published a new whitepaper titled Security Overview of Amazon EKS Auto Mode that explains the service’s architecture, core security principles, and built-in protections. The guidance highlights a new approach to node management that leverages Amazon EC2 managed instances to let customers delegate operational control to AWS. Intended for cloud architects, security professionals, and Kubernetes practitioners, the document helps teams understand how EKS Auto Mode reduces infrastructure complexity while maintaining secure operations.

🔐 Microsoft published a second installment of the Secure Future Initiative (SFI) patterns and practices, delivering six practical, practitioner-built guides that address network isolation, tenant hardening, Entra ID app security, Zero Trust for source code access, software supply chain protection, and centralized log collection. Each article outlines the problem, Microsoft’s internal solution, actionable customer guidance, and trade-offs to help teams apply scalable controls across complex, multi-cloud environments.

🛡️ CISA released two Industrial Control Systems advisories on October 7, 2025, addressing security issues in Delta Electronics DIAScreen and an updated advisory for Rockwell Automation 1756-EN4TR/1756-EN4TRXT. The notices provide technical details, vulnerability descriptions, and recommended mitigations to reduce exposure in operational environments. Administrators and users are urged to review the advisories and apply mitigations promptly to protect ICS assets.

🔔 CISA has added five vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog after observing evidence of active exploitation. The additions are CVE-2014-6278 (GNU Bash), CVE-2015-7755 (Juniper ScreenOS), CVE-2017-1000353 (Jenkins), CVE-2025-4008 (Smartbedded Meteobridge), and CVE-2025-21043 (Samsung mobile). Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate cataloged CVEs by their due dates; CISA urges all organizations to prioritize timely mitigation and patching.

🔔 CISA released two Industrial Control Systems advisories on October 2, 2025, covering Raise3D Pro2 Series 3D printers (ICSA-25-275-01) and the Hitachi Energy MSM product (ICSA-25-275-02). Each advisory provides technical details on reported vulnerabilities, potential impacts to device confidentiality, integrity, or availability, and recommended mitigations including configuration changes and firmware updates where available. CISA encourages operators and administrators to review the advisories promptly, implement vendor recommendations, and apply compensating controls to reduce operational risk.

⚠️ CISA warns of a high-severity authentication bypass in Raise3D Pro2 Series 3D printers caused by an unauthenticated debug port that can expose the device file system. The flaw, CVE-2025-10653, has a CVSS v4 score of 8.8 and is remotely exploitable with low complexity when developer mode is enabled. Raise3D is developing firmware fixes; users should disable developer mode and limit network access until patched.

🔧 Microsoft is investigating a known issue that causes classic Outlook on Windows to crash at launch for some Microsoft 365 customers. The vendor has not provided a public fix; affected customers must open a support case in the Microsoft 365 Admin portal so Exchange Online support can request a service change. Microsoft notes the error can stem from different causes but recent cases have involved user mailboxes, and it recommends capturing a Fiddler trace for triage. Temporary workarounds include using new Outlook for Windows or Outlook Web Access until mitigation is applied.

⚠️ Microsoft has confirmed that the Windows 11 Media Creation Tool (version 26100.6584), released on September 29, 2025, may not run on devices with Arm64 processors after the Windows 11 25H2 rollout. Affected users report an error that reads, "We're not sure what happened, but we're unable to run this tool on your PC," blocking creation of bootable installation media. Microsoft says the tool does not support creating media for Arm64 devices and that the normally available ability for Arm64 systems to produce x64 media is also failing. As a temporary workaround, Microsoft recommends using a PC with an AMD64 processor to create installation media while it investigates and prepares a fix.

🔔 On September 30, 2025, CISA released ten Industrial Control Systems advisories summarizing current security issues, vulnerabilities, and known exploits affecting a range of ICS products. The advisories cover MegaSys Enterprises, multiple Festo devices, OpenPLC_V3, National Instruments Circuit Design Suite, LG Innotek cameras, and updates for Keysight Ixia, HEIDENHAIN, and Rockwell Automation. Administrators are urged to review the technical details and apply recommended mitigations promptly to reduce operational risk.

🔒 CISA added a critical vulnerability affecting the Sudo utility to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The flaw, CVE-2025-32463 (CVSS 9.3), impacts Sudo versions prior to 1.9.17p1 and can be abused via the -R (--chroot) option to execute arbitrary commands as root, bypassing sudoers. Four additional flaws were also added to the KEV list. Agencies and organizations are advised to apply mitigations and updates by October 20, 2025 and upgrade or implement compensating controls immediately.

🔔 CISA released one Industrial Control Systems advisory on September 25, 2025 addressing Dingtian DT-R002. The advisory, ICSA-25-268-01, provides technical details on identified vulnerabilities and recommended mitigations for affected ICS devices. Administrators and operators are encouraged to review the advisory promptly and apply mitigations to reduce operational risk. This product is provided subject to CISA's Notification and Privacy & Use policies.

🛡️ Cisco released security updates addressing a high-severity zero-day, tracked as CVE-2025-20352, in IOS and IOS XE. The flaw is a stack-based buffer overflow in the SNMP subsystem that allows authenticated remote attackers with low privileges to trigger DoS, and high-privileged actors to execute code as root on affected devices. Cisco reports exploitation in the wild after Administrator credentials were compromised and urges customers to upgrade; as a temporary mitigation it recommends limiting SNMP access to trusted users.

⚠️ Libraesva has released an urgent update to address a command injection vulnerability in its ESG email security product that is being exploited by state‑sponsored actors. Tracked as CVE-2025-59689 with a CVSS score of 6.1, the flaw is triggered by a malicious compressed attachment and can execute arbitrary commands as a non‑privileged user. Users should upgrade affected versions (4.5–5.5.x before 5.5.7) to the patched releases immediately.

🔒 GitHub is implementing stronger defenses for the npm ecosystem after recent supply-chain attacks that compromised repositories and spread to package registries. The platform will require 2FA for local publishing, shorten token lifetimes to seven days, deprecate classic tokens and TOTP in favor of FIDO/WebAuth, and promote trusted publishing. Changes will roll out gradually with documentation and migration guides to reduce disruption.

🔔 CISA released six Industrial Control Systems (ICS) advisories on September 23, 2025, providing timely information on security issues, vulnerabilities, and potential exploits across multiple product families. The advisories cover AutomationDirect CLICK PLUS, Mitsubishi Electric MELSEC‑Q Series CPU Module, Schneider Electric SESU, Viessmann Vitogate 300, and two updates for Hitachi Energy RTU500 Series. Users and administrators are urged to review each advisory for technical details and apply recommended mitigations promptly.

🔒 SonicWall has disclosed a security incident affecting its cloud backup service for firewalls, reporting that threat actors accessed stored preference files for roughly 5% of its install base. While credentials inside those files are encrypted, exposed metadata such as serial numbers could enable future targeting. SonicWall said this was not a ransomware event but a series of brute-force attempts. Impacted customers are asked to check MySonicWall, restrict WAN access, follow the vendor's remediation checklist, and import a supplied preferences file that randomizes local passwords and IPSec keys.

⚠️ Westermo disclosed an OS command injection vulnerability in WeOS 5 (CVE-2025-46418) affecting versions 5.24 and later. The flaw arises from unsafe handling of media definitions and can allow an authenticated administrator to inject OS commands and potentially exceed intended privileges. CVSS scores include 7.6 (v3.1) and 8.7 (v4). Vendor and CISA recommend restricting admin access, segmenting networks, and using secure remote access practices as mitigations.

🛡️ CISA released nine Industrial Control Systems (ICS) advisories on September 18, 2025, detailing vulnerabilities, exploits, and mitigations affecting multiple vendors and products. The advisories cover Westermo WeOS, Schneider Electric Saitel RTUs, Hitachi Energy Asset and Service Suites, Cognex In‑Sight devices, Dover Fueling Solutions ProGauge MagLink LX4 devices, plus updates for rail linking protocols and Mitsubishi FA engineering tools. Administrators and operators are urged to review the technical details and apply recommended mitigations promptly to reduce operational and safety risk.