![]() ![]() |
Security InformationThis page is dedicated to security, it includes local security information, as well as a number of syndicated security feeds, alerts, tools and news from major security portals. This page aims to provide a single security information access point, helping you stay current with recent security threats. You can check the SG Security FAQ and visit the SG Security forum with any questions you might have. SG Security ScanThe SG Security Scan is a great tool that tests a number of ports on your computer for the most common vulnerabilities.![]() ![]() ![]() ![]()
SG Security Articles![]() ![]() ![]() ![]() ![]() ![]() ![]() Latest Security Advisories (US-CERT)CISA Releases Seven Industrial Control Systems Advisories (2024.07.02) CISA released seven Industrial Control Systems (ICS) advisories on July 2, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations. CISA Adds One Known Exploited Vulnerability to Catalog (2024.07.02) CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria. Juniper Networks Releases Security Bulletin for Junos OS SRX Series (2024.07.02) Juniper Networks released a security bulletin to address a vulnerability in Junos OS: SRX Series. A cyber threat actor could exploit this vulnerability to cause a denial-of-service condition. Users and administrators are encouraged to review the following and apply the necessary updates: Progress Software Releases Security Bulletin for MOVEit Transfer (2024.06.28) Progress Software released a security bulletin to address a vulnerability in MOVEit Transfer. A cyber threat actor could exploit this vulnerability to take control of an affected system. Users and administrators are encouraged to review the following bulletin and apply the necessary updates: CISA Releases Seven Industrial Control Systems Advisories (2024.06.27) CISA released seven Industrial Control Systems (ICS) advisories on June 27, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations. CISA Adds Three Known Exploited Vulnerabilities to Catalog (2024.06.26) CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria. CISA and Partners Release Guidance for Exploring Memory Safety in Critical Open Source Projects (2024.06.26) Today, CISA, in partnership with the Federal Bureau of Investigation, Australian Signals Directorates Australian Cyber Security Centre, and Canadian Cyber Security Center, released Exploring Memory Safety in Critical Open Source Projects. This guidance was crafted to provide organizations with findings on the scale of memory safety risk in selected open source software (OSS). This joint guidance builds on the guide The Case for Memory Safe Roadmaps by providing a starting point for software manufacturers to create memory safe roadmaps, including plans to address memory safety in external dependencies which commonly include OSS. Exploring Memory Safety in Critical Open Source Projects also aligns with the 2023 National Cybersecurity Strategy and corresponding implementation plan, which discusses investing in memory safety and collaborating with the open source communityincluding the establishment of the interagency Open Source Software Security Initiative (OS3I) and investment in memory-safe programming languages. CISA encourages all organizations and software manufacturers to review the methodology and results found in the guidance to:
To learn more about taking a top-down approach to developing secure products, visit CISAs Secure by Design webpage. CISA Releases Two Industrial Control Systems Advisories (2024.06.25) CISA released two Industrial Control Systems (ICS) advisories on June 25, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations.
|
Recent News
|