https://www.cisa.gov/uscert/ncas/current-activity/2022/03/22/drupal-releases-security-updates Drupal has released security updates to address a vulnerability affecting Drupal 9.2 and 9.3. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review Drupal Security Advisory SA-CORE-006 and apply the necessary update.
https://www.cisa.gov/uscert/ncas/current-activity/2022/03/22/fbi-and-fincen-release-advisory-avoslocker-ransomware The Federal Bureau of Investigation (FBI) and the Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) have released a joint Cybersecurity Advisory identifying indicators of compromise associated with AvosLocker ransomware. AvosLocker is a ransomware-as-a-service affiliate-based group that has targeted victims across multiple critical infrastructure sectors in the United States Read more…
https://www.cisa.gov/uscert/ncas/current-activity/2022/03/18/cri-o-security-update-kubernetes CRI-O has released a security update addressing a critical vulnerability—CVE-2022-0811—in CRI-O 1.19. A local attacker could exploit this vulnerability to take control of an affected Kubernetes environment as well as other software or platforms that use CRI-O runtime containers. CISA encourages users and administrators to review the CRI-O Security Read more…
https://www.cisa.gov/uscert/ncas/current-activity/2022/03/17/drupal-releases-security-updates Drupal has released security updates to address vulnerabilities affecting Drupal 9.2 and 9.3. An attacker could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Drupal Advisory SA-CORE-2022-05 and apply the necessary updates.
If Russia disconnects from—or is booted from— the internet’s governing bodies, the internet may never be the same again for any of us. Russia’s disconnection from the online services of the West has been as abrupt and complete as its disconnection from real-world global trade routes. Facebook has been blocked Read more…
https://www.cisa.gov/uscert/ncas/current-activity/2022/03/17/strengthening-cybersecurity-satcom-network-providers-and-customers CISA and the Federal Bureau of Investigation (FBI) are aware of possible threats to U.S. and international satellite communications (SATCOM) networks. Successful intrusions into SATCOM networks could create additional risk for SATCOM network customer environments. In response, CISA and FBI have published joint Cybersecurity Advisory (CSA) Strengthening Cybersecurity of Read more…
https://www.cisa.gov/uscert/ncas/current-activity/2022/03/17/openssl-releases-security-updates OpenSSL has released security updates addressing a vulnerability affecting multiple versions of OpenSSL. An attacker could exploit this vulnerability to cause a denial-of-service condition. CISA encourages users and administrators to review the OpenSSL Advisory and upgrade to the appropriate version.
https://www.cisa.gov/uscert/ncas/current-activity/2022/03/17/isc-releases-security-advisories-bind The Internet Systems Consortium (ISC) has released security advisories that address vulnerabilities affecting multiple versions of ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition. CISA encourages users and administrators to review the following ISC advisories and apply the necessary Read more…
https://www.cisa.gov/uscert/ncas/current-activity/2022/03/16/apple-releases-security-updates-multiple-products Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Apple security page and apply the necessary updates.
https://www.cisa.gov/uscert/ncas/current-activity/2022/03/16/google-releases-security-updates-chrome Google has released Chrome version 99.0.4844.74 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates.