Vulnerability Summary for the Week of May 16, 2022 The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may Read more…
https://www.cisa.gov/uscert/ncas/current-activity/2022/05/24/cisa-adds-20-known-exploited-vulnerabilities-catalog CISA has added 20 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow Read more…
https://www.cisa.gov/uscert/ncas/current-activity/2022/05/23/mozilla-releases-security-products-multiple-firefox-products Mozilla has released security updates to address vulnerabilities in Firefox 100.0.2, Firefox for Android 100.3.0, and Firefox ESR 91.9.1. An attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Mozilla security advisory MFSA 2022-19 and apply the necessary updates.
https://www.cisa.gov/uscert/ncas/current-activity/2022/05/19/isc-releases-security-advisory-bind The Internet Systems Consortium (ISC) has released a security advisory that addresses a vulnerability affecting version 9.18.0 of ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit this vulnerability to cause a denial-of-service condition. CISA encourages users and administrators to review the ISC advisory for CVE-2022-1183 and apply the Read more…
https://www.cisa.gov/uscert/ncas/current-activity/2022/05/19/cisa-releases-analysis-fy21-risk-and-vulnerability-assessments CISA has released an analysis and infographic detailing the findings from the 112 Risk and Vulnerability Assessments (RVAs) conducted across multiple sectors in Fiscal Year 2021 (FY21). The analysis details a sample attack path comprising 11 successive tactics, or steps, a cyber threat actor could take to compromise an Read more…
https://www.cisa.gov/uscert/ncas/current-activity/2022/05/18/cisa-issues-emergency-directive-and-releases-advisory-related CISA has issued Emergency Directive (ED) 22-03 and released a Cybersecurity Advisory (CSA) in response to active and expected exploitation of multiple vulnerabilities in the following VMware products: VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM), VMware vRealize Automation (vRA), VMware Cloud Foundation, vRealize Suite Lifecycle Manager. The CSA, AA22-138B: Threat Actors Chaining Read more…
https://www.cisa.gov/uscert/ncas/current-activity/2022/05/18/threat-actors-exploiting-f5-big-ip-cve-2022-1388 CISA and the Multi-State Information Sharing and Analysis Center (MS-ISAC) have released the joint Cybersecurity Advisory Threat Actors Exploiting F5 BIG-IP CVE-2022-1388 in response to active exploitation of CVE-2022-1388, which affects F5 Networks BIG-IP devices. The vulnerability allows an unauthenticated actor to gain control of affected systems via the management port Read more…
https://www.cisa.gov/uscert/ncas/current-activity/2022/05/17/weak-security-controls-and-practices-routinely-exploited-initial The cybersecurity authorities of the United States, Canada, New Zealand, the Netherlands, and the United Kingdom have issued a joint Cybersecurity Advisory (CSA) on 10 routinely exploited weak security controls, poor configurations, and bad practices that allow malicious actors to compromise networks. While these poor practices may be common, organizations can Read more…
https://www.cisa.gov/uscert/ncas/current-activity/2022/05/17/apple-releases-security-updates-multiple-products Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. Note: Apple notes they are aware of a report that states CVE-2022-22675 may have been actively exploited. CVE-2022-22675 affects watchOS, tvOS, and macOS Big Sur. Read more…
Vulnerability Summary for the Week of May 9, 2022 https://www.cisa.gov/uscert/ncas/bulletins/sb22-136 The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin Read more…