Vulnerability Summary for the Week of May 2, 2022 https://www.cisa.gov/uscert/ncas/bulletins/sb22-129 The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin Read more…
https://www.bleepingcomputer.com/news/security/lincoln-college-to-close-after-157-years-due-ransomware-attack/ Lincoln College, a liberal-arts school from rural Illinois, says it will close its doors later this month, 157 years since its founding and following a brutal hit on its finances from the COVID-19 pandemic and a recent ransomware attack.
Cisco has released security updates to address multiple vulnerabilities in Enterprise NFV Infrastructure Software. An attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Cisco advisory cisco-sa-NFVIS-MUL-7DySRX9 and apply the necessary updates. For updates addressing lower severity vulnerabilities, see the Cisco Security Read more…
https://www.cisa.gov/uscert/ncas/current-activity/2022/05/04/f5-releases-security-advisories-addressing-multiple F5 has released security advisories on vulnerabilities affecting multiple products, including various versions of BIG-IP. Included in the release is an advisory for CVE-2022-1388, which allows undisclosed requests to bypass the iControl REST authentication in BIG-IP. An attacker could exploit CVE-2022-1388 to take control of an affected system. CISA encourages Read more…
https://www.cisa.gov/uscert/ncas/current-activity/2022/05/04/mozilla-releases-security-updates-firefox-firefox-esr-and Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Mozilla Security Advisory for Firefox 100, Firefox ESR 91.9, and Thunderbird 91.9 and apply the necessary updates.
https://www.cisa.gov/uscert/ncas/current-activity/2022/05/04/cisa-adds-five-known-exploited-vulnerabilities-catalog CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click Read more…
Yokogawa CENTUM and ProSafe-RS https://www.cisa.gov/uscert/ics/advisories/icsa-22-123-01 Successful exploitation of these vulnerabilities may allow leakage/tampering of data, cause a denial-of-service condition, or allow a local attacker to execute arbitrary program
What is Spear Phishing? Don’t let the terminology confuse you– spear phishing is not the act of hunting for fish in the ocean, it’s a specific type of phishing attack where cyber criminals use detailed personal information to attack a specific individual or organization. This typically happens through email with the goal of Read more…
Vulnerability Summary for the Week of April 25, 2022 https://www.cisa.gov/uscert/ncas/bulletins/sb22-122 The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin Read more…
Data shows that wire fraud risk remained at heightened levels in Q1 2022 The Cybersecurity and Infrastructure Security Agency (CISA) and the Biden Administration have issued a “Shields Up” warning to U.S. businesses regarding the increased threat of cyberattacks related to Russia’s invasion of Ukraine earlier this year. “Evolving intelligence indicates that Read more…