Current security issues, vulnerabilities, and exploits

  • CISA Announces Vulnerability Disclosure Policy (VDP) Platform
    on July 30, 2021

    Original release date: July 30, 2021CISA has announced the establishment of its Vulnerability Disclosure Policy (VDP) Platform for the federal civilian enterprise, which will allow the Federal Civilian Executive Branch to coordinate with the civilian security research community in a streamlined fashion. The VDP Platform provides a single, centrally managed website that agencies can leverage as the primary point of entry for intaking, triaging, and routing vulnerabilities disclosed by researchers. It enables researchers and members of the general public to find vulnerabilities in agency websites and submit reports for analysis. This new platform allows agencies to gain greater insights into potential vulnerabilities, which will improve their cybersecurity posture. This approach also means  agencies no longer need to develop separate systems to enable vulnerability reporting  and triage of identified vulnerabilities, providing government-wide cost savings that CISA estimates at over $10 million. For more details, see the blog post by CISA’s Executive Assistant Director for Cybersecurity, Eric Goldstein. This product is provided subject to this Notification and this Privacy & Use policy.



  • NSA Releases Guidance on Securing Wireless Devices While in Public
    on July 30, 2021

    Original release date: July 30, 2021The National Security Agency (NSA) has released an information sheet with guidance on securing wireless devices while in public for National Security System, Department of Defense, and Defense Industrial Base teleworkers, as well as the general public. This information sheet provides information on malicious techniques used by cyber actors to target wireless devices and ways to protect against it. CISA encourages organization leaders, administrators, and users to review NSA’s guidance on Securing Wireless Devices in Public Settings and CISA’s Security Tip on Privacy and Mobile Device Apps for information on protecting devices and data. This product is provided subject to this Notification and this Privacy & Use policy.

  • Top Routinely Exploited Vulnerabilities
    on July 28, 2021

    Original release date: July 28, 2021CISA, the Australian Cyber Security Centre (ACSC), the United Kingdom’s National Cyber Security Centre (NCSC), and the U.S. Federal Bureau of Investigation (FBI) have released the Joint Cybersecurity Advisory Top Routinely Exploited Vulnerabilities, which details the top vulnerabilities routinely exploited by malicious actors in 2020 and those being widely exploited thus far in 2021.    CISA encourages users and administrators to review the Joint Cybersecurity Advisory for information on assessing and remediating vulnerabilities as quickly as possible to reduce the risk of exploitation.   This product is provided subject to this Notification and this Privacy & Use policy.

  • CISA Releases Security Advisory for Geutebruck Devices
    on July 27, 2021

    Original release date: July 27, 2021CISA has released an Industrial Control Systems (ICS) advisory detailing multiple vulnerabilities in multiple Geutebruck G-CAM E2 series devices and Encoder G-Code versions. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the ICS Advisory ICSA-21-208-03 Geutebruck G-Cam E2 and G-Code and apply the necessary updates and workarounds This product is provided subject to this Notification and this Privacy & Use policy.

  • Apple Releases Security Updates
    on July 27, 2021

    Original release date: July 27, 2021Apple has released security updates to address a vulnerability in multiple products. An attacker could exploit this vulnerability to take control of an affected device. CISA encourages users and administrators to review the security update page for the following products and apply the necessary updates: MacOS Big Sur 11.5.1 iOS 14.7.1 and iPadOS 14.7.1 This product is provided subject to this Notification and this Privacy & Use policy.

  • Microsoft Releases Guidance for Mitigating PetitPotam NTLM Relay Attacks
    on July 27, 2021

    Original release date: July 27, 2021On July 23, Microsoft released KB5005413: Mitigating NTLM Relay Attacks on Active Directory Certificate Services (AD CS) to address a NTLM Relay Attack named PetitPotam. CISA encourages users and administrators to review KB5005413 and apply the necessary mitigations. This product is provided subject to this Notification and this Privacy & Use policy.

  •  Cisco Releases Security Updates
    on July 22, 2021

    Original release date: July 22, 2021Cisco has released security updates to address multiple vulnerabilities in Intersight Virtual Appliance. An attacker could exploit these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. CISA encourages users and administrators to review Cisco Advisory cisco-sa-ucsi2-iptaclbp-L8Dzs8m8 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.