May 2022 - Secure | IT

Cybersecurity Exploits Security Patches Software

Microsoft Releases Workaround Guidance for MSDT “Follina” Vulnerability

https://www.cisa.gov/uscert/ncas/current-activity/2022/05/31/microsoft-releases-workaround-guidance-msdt-follina-vulnerability Microsoft has released workaround guidance to address a remote code execution (RCE) vulnerability—CVE-2022-30190, known as “Follina”—affecting the Microsoft Support Diagnostic Tool (MSDT) in Windows. A remote, unauthenticated attacker could exploit this vulnerability to take control of an affected system. Microsoft has reported active exploitation of this vulnerability in the Read more…

By Krypteia Group, 2 years2022-05-31 ago

Cybersecurity Exploits Security Patches

ICS Medical Advisory (ICSMA-22-151-01)

BD Pyxis https://www.cisa.gov/uscert/ics/advisories/icsma-22-151-01 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Becton, Dickinson and Company (BD) Equipment: Pyxis Vulnerability: Not Using Password Aging 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain access to electronic protected health information (ePHI) or other sensitive information. 3. TECHNICAL Read more…

By Krypteia Group, 2 years2022-05-31 ago

Cybersecurity Exploits

ICS Medical Advisory (ICSMA-22-151-02)

BD Synapsys https://www.cisa.gov/uscert/ics/advisories/icsma-22-151-02 1. EXECUTIVE SUMMARY CVSS v3 5.7 ATTENTION: Low attack complexity Vendor: Becton, Dickinson and Company (BD) Equipment: Synapsys Vulnerability: Insufficient Session Expiration 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access, modify, or delete sensitive information. This includes electronic protected health information (ePHI), protected health information Read more…

By Krypteia Group, 2 years2022-05-31 ago

Cybersecurity Exploits Security Patches

Bulletin (SB22-150)

Vulnerability Summary for the Week of May 23, 2022 https://www.cisa.gov/uscert/ncas/bulletins/sb22-150 The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin Read more…

By Krypteia Group, 2 years2022-05-30 ago

Cybersecurity Hardware IT Software Solutions

Chipmaker Broadcom Is Acquiring VMware For $61 Billion

https://www.forbes.com/sites/roberthart/2022/05/26/chipmaker-broadcom-is-acquiring-vmware-for-61-billion/?utm_campaign=forbes&utm_source=facebook&utm_medium=social&utm_term=Gordie&fbclid=IwAR3MTsVOxIK7gbPM73ywVW5hH6wLij8x0K8c0xaRiV3xPMM9vTyLxEMzyVQ&sh=48bf5670243f U.S. chipmaker Broadcom on Thursday announced a $61 billion deal to buy software firm VMware, marking one of the biggest tech deals of all time and a potentially massive windfall for computer billionaire Michael Dell, VMware’s largest shareholder. KEY FACTS Broadcom will buy VMware in a cash-and-stock deal, the company said. Read more…

By Krypteia Group, 2 years2022-05-26 ago

Cybersecurity IT Solutions

CISA and DoD Release 5G Security Evaluation Process Investigation Study

https://www.cisa.gov/uscert/ncas/current-activity/2022/05/26/cisa-and-dod-release-5g-security-evaluation-process-investigation CISA and the Department of Defense (DoD) have released their 5G Security Evaluation Process Investigation Study for federal agencies. The new features, capabilities, and services offered by fifth-generation (5G) cellular network technology can transform mission and business operations; and federal agencies will eventually be applying different 5G usage scenarios: low-, mid-, Read more…

By Krypteia Group, 2 years2022-05-26 ago

Cybersecurity Exploits Security Patches

Citrix Releases Security Updates for ADC and Gateway

https://www.cisa.gov/uscert/ncas/current-activity/2022/05/26/citrix-releases-security-updates-adc-and-gateway Citrix has released security updates to address vulnerabilities in ADC and Gateway. An attacker could exploit these vulnerabilities to cause a denial-of-service condition. CISA encourages users and administrators to review Citrix Security Update CTX457048 and apply the necessary updates.

By Krypteia Group, 2 years2022-05-26 ago

Cybersecurity Exploits Security Patches Software

Drupal Releases Security Updates

https://www.cisa.gov/uscert/ncas/current-activity/2022/05/26/drupal-releases-security-updates Drupal has released security updates to address a vulnerability that does not affect Drupal core but may affect some contributed projects or custom code on Drupal sites. Exploitation of this vulnerability could allow a remote attacker to take control of an affected website. CISA encourages users and administrators to Read more…

By Krypteia Group, 2 years2022-05-26 ago

Cybersecurity Exploits Security Patches Software

Google Releases Security Updates for Chrome

https://www.cisa.gov/uscert/ncas/current-activity/2022/05/25/google-releases-security-updates-chrome Google has released Chrome version 102.0.5005.61 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the Chrome Release Note and apply the necessary update.

By Krypteia Group, 2 years2022-05-25 ago

Cybersecurity Exploits Security Patches

CISA Adds 34 Known Exploited Vulnerabilities to Catalog

https://www.cisa.gov/uscert/ncas/current-activity/2022/05/25/cisa-adds-34-known-exploited-vulnerabilities-catalog CISA has added 34 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the Read more…

By Krypteia Group, 2 years2022-05-25 ago