CISA advisors Jack Cable and æva black describe in our latest blog how we are responding to the XZ Utils compromise and how every tech manufacturer should take a #SecureByDesign approach to securing open source software: go.dhs.gov/JHf

🚩Palo Alto Networks has released workaround guidance for a command injection vulnerability (CVE-2024-3400) affecting PAN-OS versions 10.2, 11.0 & 11.1. Apply workarounds asap 👉 cisa.gov/news-events/al…

#Citrix released security updates to address vulnerabilities in XenServer and Citrix Hypervisor. Review the advisory & update accordingly👉 cisa.gov/news-events/al… #Cybersecurity #InfoSec

#Juniper released security advisories to address multiple vulnerabilities in Junos OS, Junos OS Evolved, Paragon Active Assurance & Junos OS: EX4300 Series. Review & apply updates at cisa.gov/news-events/al… #Cybersecurity #InfoSec

🛡️ Palo Alto Networks PAN-OS users: We added #CVE -2024-3400, a command injection vulnerability in GlobalProtect Gateway, to our Known Exploited Vulnerabilities Catalog. Apply mitigations to protect your org from cyberattacks. go.dhs.gov/Z3Q #Cybersecurity #InfoSec

🛡️D-Link users: We added #CVE -2024-3272 & CVE-2024-3273 to our Known Exploited Vulnerabilities Catalog. Visit go.dhs.gov/Z3Q & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec

🚨 Russian state-sponsored cyber actor, Midnight Blizzard, breached Microsoft email accounts, accessing correspondence with FCEB agencies. Initially issued to agencies last week, Emergency Directive (ED) 24-02 outlines crucial steps to address this breach. go.dhs.gov/JHo

Threat actors like PRC-linked #VoltTyphoon tailor their #TTPs to blend in with the target environment & lack discrete #IOCs when targeting critical infrastructure networks. Employ behavioral-based detection strategies to identify anomalous behavior. More go.dhs.gov/Jfe

⚠️Cybersecurity and Infrastructure Security Agency issued 9 NEW public #ICS advisories. These advisories provide info about current security issues, vulnerabilities, & exploits surrounding ICS. More at cisa.gov/news-events/al…

💡 #ICYMI Explore our High-Risk Communities webpage for critical cybersecurity resources. Communities, like civil society orgs, are vital in advancing democratic & humanitarian causes, but they're also prime targets for cyber threats. go.dhs.gov/Jaa

⚠️ We are collaborating with partners to respond to a recent compromise—discovered by independent security researchers—impacting Sisense. For more info, check out: cisa.gov/news-events/al…

Websites ending in .gov provide reliable information you can trust. Only U.S. government organizations can get a .gov site. Election officials and others can learn more at go.dhs.gov/JzC

#Microsoft released security updates to address vulnerabilities in multiple products. Read more at cisa.gov/news-events/al… #Cybersecurity #InfoSec #PatchTuesday

#Adobe released security updates to address vulnerabilities in multiple products including #AfterEffects , #Photoshop , and #InDesign . Users are encouraged to read more and apply updates 👉 cisa.gov/news-events/al… #Cybersecurity #InfoSec #PatchTuesday

#Fortinet released security updates to address vulnerabilities in multiple Fortinet products. Users & admins are encouraged to review & apply updates. More 👉 cisa.gov/news-events/al… #Cybersecurity #InfoSec #PatchTuesday

⚠️Cybersecurity and Infrastructure Security Agency issued one NEW public #ICS advisory. This advisory provides info about current security issues, vulnerabilities, & exploits surrounding ICS. More at cisa.gov/news-events/al…

Cyber threat actors like PRC-sponsored #VoltTyphoon actively seek to exploit U.S. critical infrastructure networks. Be prepared: implement logging, establish & maintain your baseline, and review logs & compare them to your baseline. Learn more at go.dhs.gov/Jfe.

🛡️ #AndroidPixel users: We added #CVE -2024-29745 & CVE-2024-29748 to our Known Exploited Vulnerabilities Catalog. Visit go.dhs.gov/Z3Q & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec