fbpx

March 2022

FBI Releases Indicators of Compromise for RagnarLocker Ransomware

https://www.cisa.gov/uscert/ncas/current-activity/2022/03/08/fbi-releases-indicators-compromise-ragnarlocker-ransomware The Federal Bureau of Investigation (FBI) has released a Flash report detailing indicators of compromise (IOCs) associated with ransomware attacks by RagnarLocker, a group of a ransomware actors targeting critical infrastructure sectors. CISA encourages users and administrators to review the IOCs and technical details in FBI Flash CU-000163-MW and apply the recommended mitigations.

By Krypteia Group, ago

Adobe Releases Security Updates for Multiple Products

https://www.cisa.gov/uscert/ncas/current-activity/2022/03/08/adobe-releases-security-updates-multiple-products Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.  CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates.  Photoshop APSB22-14  Illustrator APSB22-15  After Effects APSB22-17 

By Krypteia Group, ago

CISA Adds 11 Known Exploited Vulnerabilities to Catalog 

https://www.cisa.gov/uscert/ncas/current-activity/2022/03/07/cisa-adds-11-known-exploited-vulnerabilities-catalog CISA has added 11 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to Read more…

By Krypteia Group, ago

Mozilla Releases Security Updates for Multiple Products

https://www.cisa.gov/uscert/ncas/current-activity/2022/03/07/mozilla-releases-security-updates-multiple-products Mozilla has released security updates to address vulnerabilities in multiple products. An attacker could exploit these vulnerabilities to take control of an affected system.    CISA encourages users and administrators to review Mozilla security advisory MFSA 2022-09 and apply the necessary updates.

By Krypteia Group, ago

CISA’s Zero Trust Guidance for Enterprise Mobility Available for Public Comment

https://www.cisa.gov/uscert/ncas/current-activity/2022/03/07/cisas-zero-trust-guidance-enterprise-mobility-available-public CISA has released a draft version of Applying Zero Trust Principles to Enterprise Mobility for public comment. The paper guides federal agencies as they evolve and operationalize cybersecurity programs and capabilities, including cybersecurity for mobility. The public comment period will close April 18, 2022. Executive Order 14028:  Improving the Nation’s Read more…

By Krypteia Group, ago

Cisco Releases Security Updates for Multiple Products

https://www.cisa.gov/uscert/ncas/current-activity/2021/07/08/cisco-releases-security-updates-multiple-products Cisco has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. CISA encourages users and administrators to review the following Cisco Security Advisories Read more…

By Krypteia Group, ago

NSA Releases Network Infrastructure Security Guidance

https://www.cisa.gov/uscert/ncas/current-activity/2022/03/03/nsa-releases-network-infrastructure-security-guidance The National Security Agency (NSA) has released a new Cybersecurity Technical Report (CTR): Network Infrastructure Security Guidance. The report captures best practices based on the depth and breadth of experience in supporting customers and responding to threats. Recommendations include perimeter and internal network defenses to improve monitoring and access controls Read more…

By Krypteia Group, ago

CISA releases 3 Industrial Control Systems Advisories

CISA releases 3 Industrial Control Systems Advisories 3/3/2022 12:52 PM EST ICS-CERT released the following 3 advisories today, March 3, 2022. Click on the links below for more detailed information on these Industrial Control Systems vulnerabilities. BD Pyxis This advisory contains mitigations for a Use of Hard-coded Credentials vulnerability in the BD Read more…

By Krypteia Group, ago

CISA Adds 95 Known Exploited Vulnerabilities to Catalog

https://www.cisa.gov/uscert/ncas/current-activity/2022/03/03/cisa-adds-95-known-exploited-vulnerabilities-catalog CISA has added 95 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click Read more…

By Krypteia Group, ago

Google Releases Security Updates for Chrome

https://www.cisa.gov/uscert/ncas/current-activity/2022/02/15/google-releases-security-updates-chrome Google has released Chrome version 99.0.4844.51 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates.

By Krypteia Group, ago