Home » Security Information

Security Information

This page is dedicated to security, it includes local security information, as well as a number of syndicated security feeds, alerts, tools and news from major security portals. This page aims to provide a single security information access point, helping you stay current with recent security threats. You can check the SG Security FAQ and visit the SG Security forum with any questions you might have.

SG Security Scan

SG Security Articles

Latest Security Advisories (US-CERT)

CISA released seven Industrial Control Systems (ICS) advisories on July 2, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-24-184-01 Johnson Controls Kantech Door Controllers
• ICSA-24-184-02 mySCADA myPRO
• ICSA-24-184-03 ICONICS and Mitsubishi Electric Products
• ICSA-24-179-04 Johnson Controls Illustra Essentials Gen 4 (Update A)
• ICSA-24-179-05 Johnson Controls Illustra Essentials Gen 4 (Update A)
• ICSA-24-179-06 Johnson Controls Illustra Essentials Gen 4 (Update A)
• ICSA-24-179-07 Johnson Controls Illustra Essentials Gen 4 (Update A)

CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations.

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2024-20399 Cisco NX-OS Command Injection Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Juniper Networks released a security bulletin to address a vulnerability in Junos OS: SRX Series. A cyber threat actor could exploit this vulnerability to cause a denial-of-service condition. 

Users and administrators are encouraged to review the following and apply the necessary updates:

• JSA83195 Juniper Security Bulletin

Progress Software released a security bulletin to address a vulnerability in MOVEit Transfer. A cyber threat actor could exploit this vulnerability to take control of an affected system.

Users and administrators are encouraged to review the following bulletin and apply the necessary updates:

• MOVEit Transfer Critical Security Alert Bulletin June 2024 (CVE-2024-5806)

CISA released seven Industrial Control Systems (ICS) advisories on June 27, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-24-179-01 TELSAT marKoni FM Transmitter
• ICSA-24-179-02 SDG Technologies PnPSCADA
• ICSA-24-179-03 Yokogawa FAST/TOOLS and CI Server
• ICSA-24-179-04 Johnson Controls Illustra Essentials Gen 4
• ICSA-24-179-05 Johnson Controls Illustra Essentials Gen 4
• ICSA-24-179-06 Johnson Controls Illustra Essentials Gen 4
• ICSA-24-179-07 Johnson Controls Illustra Essentials Gen 4

CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations.

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2022-24816 GeoSolutionsGroup JAI-EXT Code Injection Vulnerability
• CVE-2022-2586 Linux Kernel Use-After-Free Vulnerability
• CVE-2020-13965 Roundcube Webmail Cross-Site Scripting (XSS) Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Today, CISA, in partnership with the Federal Bureau of Investigation, Australian Signals Directorates Australian Cyber Security Centre, and Canadian Cyber Security Center, released Exploring Memory Safety in Critical Open Source Projects. This guidance was crafted to provide organizations with findings on the scale of memory safety risk in selected open source software (OSS).

This joint guidance builds on the guide The Case for Memory Safe Roadmaps by providing a starting point for software manufacturers to create memory safe roadmaps, including plans to address memory safety in external dependencies which commonly include OSS. Exploring Memory Safety in Critical Open Source Projects also aligns with the 2023 National Cybersecurity Strategy and corresponding implementation plan, which discusses investing in memory safety and collaborating with the open source communityincluding the establishment of the interagency Open Source Software Security Initiative (OS3I) and investment in memory-safe programming languages.

CISA encourages all organizations and software manufacturers to review the methodology and results found in the guidance to:

• Reduce memory safety vulnerabilities;
• Make secure and informed choices;
• Understand the memory-unsafety risk in OSS;
• Evaluate approaches to reducing this risk; and
• Continue efforts to drive risk-reducing action by software manufacturers.

To learn more about taking a top-down approach to developing secure products, visit CISAs Secure by Design webpage.

CISA released two Industrial Control Systems (ICS) advisories on June 25, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-24-177-01 ABB Ability System 800xA
• ICSA-24-177-02 PTC Creo Elements/Direct License Server

CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations.