Skip to content
CISA Page 40

CISA

CISA and Partners Release Asset Inventory Guidance to Strengthen Operational Technology Security

CISA and Partners Release Asset Inventory Guidance to Strengthen Operational Technology Security

WASHINGTON – Today, the Cybersecurity and Infrastructure Security Agency (CISA), in partnership with the National Security Agency (NSA), Federal Bureau of Investigation (FBI), Environmental Protection Agency (EPA), Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s… 

Johnson Controls iSTAR Ultra, iSTAR Ultra SE, iSTAR Ultra G2, iSTAR Ultra G2 SE, iSTAR Edge G2

Johnson Controls iSTAR Ultra, iSTAR Ultra SE, iSTAR Ultra G2, iSTAR Ultra G2 SE, iSTAR Edge G2

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls Equipment: iSTAR Ultra, iSTAR Ultra SE, iSTAR Ultra G2, iSTAR, ULTRA G2 SE, iSTAR Edge G2 Vulnerabilities: OS Command… 

Yealink IP Phones and RPS (Redirect and Provisioning Service)

Yealink IP Phones and RPS (Redirect and Provisioning Service)

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.3 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Yealink Equipment: IP Phones Vulnerability: Improper Restriction of Excessive Authentication Attempts, Allocation of Resources Without Limits or Throttling, Incorrect Authorization, Improper… 

CISA issues emergency directive requiring federal agencies to update systems to prevent Microsoft Exchange vulnerability

CISA issues emergency directive requiring federal agencies to update systems to prevent Microsoft Exchange vulnerability

WASHINGTON – Today, the Cybersecurity and Infrastructure Security Agency (CISA) issued Emergency Directive 25-02 in response to a vulnerability that impacts hybrid Microsoft Exchange users. This post-authentication vulnerability allows a cyber threat actor with administrative access…