CISA has added nine new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal Read more…
Google has released Chrome version 98.0.4758.102 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. One of these vulnerabilities has been detected in exploits in the wild. CISA encourages users and administrators to review the Chrome Release Note and apply Read more…
https://www.cisa.gov/uscert/ncas/current-activity/2022/02/15/fbi-and-usss-release-advisory-blackbyte-ransomware The Federal Bureau of Investigation (FBI) and the United States Secret Service (USSS) have released a joint Cybersecurity Advisory (CSA) identifying indicators of compromise associated with BlackByte ransomware. BlackByte is a Ransomware-as-a-Service group that encrypts files on compromised Windows host systems, including physical and virtual servers. CISA encourages organizations to review Read more…
https://www.cisa.gov/uscert/ncas/current-activity/2022/02/14/adobe-releases-security-updates-commerce-and-magento-open-source Adobe has released security updates to address a vulnerability affecting Adobe Commerce and Magento Open Source. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability has been detected in exploits in the wild. CISA encourages users and administrators to review Adobe Security Bulletin APSB22-12 and apply the Read more…
https://www.cisa.gov/uscert/ncas/current-activity/2022/02/09/2021-trends-show-increased-globalized-threat-ransomware CISA, the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), the Australian Cyber Security Centre (ACSC), and the United Kingdom’s National Cyber Security Centre (NCSC-UK) have released a joint Cybersecurity Advisory (CSA) highlighting a global increase in sophisticated, high-impact, ransomware incidents against critical infrastructure organizations in 2021. This CSA Read more…
Critical vulnerabilities affecting SAP applications employing internet communication manager (ICM). They help manage critical processes..
https://www.cisa.gov/uscert/ncas/current-activity/2021/12/14/adobe-releases-security-updates-multiple-products#:~:text=Adobe%20has%20released%20security%20updates,and%20apply%20the%20necessary%20updates. Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates. Premiere Rush APSB22-06 Illustrator APSB22-07 Photoshop APSB22-08 After Read more…
https://www.cisa.gov/uscert/ncas/current-activity/2021/09/09/citrix-releases-security-updates-hypervisor Citrix has released security updates to address vulnerabilities in Hypervisor. An attacker could exploit these vulnerabilities to cause a denial-of-service condition. CISA encourages users and administrators to review Citrix Security Update CTX337526 and apply the necessary updates.
https://www.cisa.gov/uscert/ncas/current-activity/2022/01/11/mozilla-releases-security-updates-firefox-firefox-esr-and#:~:text=Mozilla%20Releases%20Security%20Updates%20for%20Firefox%2C%20Firefox%20ESR%2C%20and%20Thunderbird,-Original%20release%20date&text=Mozilla%20has%20released%20security%20updates,control%20of%20an%20affected%20system. Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Mozilla security advisories for Firefox 97 and Firefox ESR 91.6 and apply the necessary updates.
https://www.cisa.gov/uscert/ncas/current-activity/2022/02/07/fbi-releases-indicators-compromise-associated-lockbit-20 The Federal Bureau of Investigation (FBI) has released a Flash report detailing indicators of compromise (IOCs) associated with attacks, using LockBit 2.0, a Ransomware-as-a-Service that employs a wide variety of tactics, techniques, and procedures, creating significant challenges for defense and mitigation. CISA encourages users and administrators to review the IOCs and Read more…