MITRE ATT&CK & CISA CVE Mapping
I have a connection established with CISA's CVE JSON and MITRE ATT&CK's TAXII API. But how do I map them together?
https://wadebach.blackcatwhitehatsecurity.com/blog.cfm#cvemapping
#Blog #MITRE #ATTACK #CISA #CVE #Mapping #programming
#Cisa
CISA Releases Four Industrial Control Systems Advisories https://www.cisa.gov/news-events/alerts/2025/07/03/cisa-releases-four-industrial-control-systems-advisories #CISA #cybersecurity #infosec
ESET: How government cyber cuts will affect you and your business https://www.welivesecurity.com/en/business-security/how-government-cyber-cuts-will-affect-you-and-your-business/ @ESETresearch #cybersecurity #infosec #CISA
746 CVE Records + severity scores when available in CISA’s Vulnerability Summary bulletin for the week of June 23, 2025
https://www.cisa.gov/news-events/bulletins/sb25-181
#CVE #CVEID #CVSS #CWE #Vulnerability #VulnerabilityManagement #HSSEDI #CISA
#CISA has added CVE-2025-6554 to their exploited list.
Google Chromium V8 Type Confusion Vulnerability:
Google Chromium V8 contains a type confusion vulnerability that could allow a remote attacker to perform arbitrary read/write via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
CISA has added to the KEV catalogue.
- CVE-2025-6554: Google Chromium V8 Type Confusion Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-6554 #CISA #Google #cybersecurity #infosec
U.S. #CISA adds #TeleMessage TM SGNL flaws to its Known Exploited Vulnerabilities catalog
https://securityaffairs.com/179542/hacking/u-s-cisa-adds-telemessage-tm-sgnl-flaws-to-its-known-exploited-vulnerabilities-catalog.html
#securityaffairs #hacking
CISA has added to the KEV catalogue:
- CVE-2025-48927: TeleMessage TM SGNL Initialization of a Resource with an Insecure Default Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-48927
- CVE-2025-48928: TeleMessage TM SGNL Exposure of Core Dump File to an Unauthorized Control Sphere Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-48928
From yesterday:
- CVE-2025-6543: Citrix NetScaler ADC and Gateway Buffer Overflow Vulnerability https://www.cve.org/CVERecord?id=CVE-2025-6543 #CISA #cybersecurity #infosec
#CISA has added CVE-2025-48927 to their exploited list.
TeleMessage TM SGNL Initialization of a Resource with an Insecure Default Vulnerability:
TeleMessage TM SGNL contains an initialization of a resource with an insecure default vulnerability. This vulnerability relies on how the Spring Boot Actuator is configured with an exposed heap dump endpoint at a /heapdump URI.
#CISA has added CVE-2025-48928 to their exploited list.
TeleMessage TM SGNL Exposure of Core Dump File to an Unauthorized Control Sphere Vulnerability:
TeleMessage TM SGNL contains an exposure of core dump file to an unauthorized control sphere Vulnerability. This vulnerability is based on a JSP application in which the heap content is roughly equivalent to a "core dump" in which a password previously sent over HTTP would be included in this dump.
#CISA and U.S. Agencies warn of ongoing Iranian cyber threats to critical infrastructure
https://securityaffairs.com/179484/hacking/cisa-and-u-s-agencies-warn-of-ongoing-iranian-cyber-threats-to-critical-infrastructure.html
#securityaffairs #hacking #Iran
「イランによる米国の重要インフラに対する潜在的な標的型サイバー活動に関するCISA、FBI、DC3、NSAの共同声明 」: #CISA
「イランの国家が支援または関与する脅威アクターは、パッチ未適用または古いソフトウェアの既知の脆弱性を悪用し、デフォルトまたは脆弱なパスワードを使用しているインターネット接続アカウントやデバイスを侵害し、ランサムウェアの関連会社と協力して機密情報を暗号化、盗難、漏洩するなど、さまざまな標的型サイバー活動を行っていることが知られています。
現時点では、米国においてイランに起因すると考えられる悪意のあるサイバー活動の組織的なキャンペーンの兆候は確認されていません。しかしながら、重要インフラ組織の皆様には、米国のデバイスやネットワークを標的とする可能性のあるイラン系サイバーアクターへの警戒を怠らないよう強くお願いいたします。」
#CISA has added CVE-2025-6543 to their exploited list.
Citrix NetScaler ADC and Gateway Buffer Overflow Vulnerability:
Citrix NetScaler ADC and Gateway contain a buffer overflow vulnerability leading to unintended control flow and Denial of Service. NetScaler must be configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server.
1,054 CVE Records + severity scores when available in CISA’s Vulnerability Summary bulletin for the week of June 16, 2025
https://www.cisa.gov/news-events/bulletins/sb25-174
#CVE #CVEID #CVSS #CWE #Vulnerability #VulnerabilityManagement #HSSEDI #CISA
The latest joint guidance from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA) elevates memory-safe languages such as Rust, Go, Java, Python, and C# from “best practice” to a national-security baseline.
https://forum.hashpwn.net/post/677
#cybersecurity #memorysafety #programming #nsa #cisa #hashpwn #news
CISA: Iranian Cyber Actors May Target Vulnerable US Networks and Entities of Interest https://www.cisa.gov/resources-tools/resources/iranian-cyber-actors-may-target-vulnerable-us-networks-and-entities-interest #CISA #cybersecurity #infosec
NSA and CISA urge shift to languages improving memory safety https://www.developer-tech.com/news/nsa-and-cisa-urge-shift-languages-improving-memory-safety/ #nsa #cisa #developers #cybersecurity #infosec #hacking #coding #programming #security #tech #news #technology
Man, this seems really bad.
But at least our government isn’t pulling back on the #cybersecurity we need to protect this information!
Whew!
https://www.npr.org/2025/06/29/nx-s1-5409608/citizenship-trump-privacy-voting-database
CISA Catalog of Known Exploited Vulnerabilities
Choose your products that to compare to current CVEs. The list is generated from current CVEs. Download them or create a custom GRC plan.
https://blackcatwhitehatsecurity.com/cveProducts.cfm
#CISA #Catalog #Known #Exploited #Vulnerabilities #technology
📢 CISA et NSA publient un guide pour renforcer la sécurité des logiciels grâce aux langages sûrs pour la mémoire
📝 L'article publié par CISA en collaboration ave...
📖 cyberveille : https://cyberveille.ch/posts/2025-06-27-cisa-et-nsa-publient-un-guide-pour-renforcer-la-securite-des-logiciels-grace-aux-langages-surs-pour-la-memoire/
🌐 source : https://www.cisa.gov/news-events/alerts/2025/06/24/new-guidance-released-reducing-memory-related-vulnerabilities
#CISA #NSA #Cyberveille
Client Info
Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst