fbpx

Citrix Releases Security Updates for ADC and Gateway

https://www.cisa.gov/uscert/ncas/current-activity/2022/05/26/citrix-releases-security-updates-adc-and-gateway Citrix has released security updates to address vulnerabilities in ADC and Gateway. An attacker could exploit these vulnerabilities to cause a denial-of-service condition. CISA encourages users and administrators to review Citrix Security Update CTX457048 and apply the necessary updates.

Drupal Releases Security Updates

https://www.cisa.gov/uscert/ncas/current-activity/2022/05/26/drupal-releases-security-updates Drupal has released security updates to address a vulnerability that does not affect Drupal core but may affect some contributed projects or custom code on Drupal sites. Exploitation of this vulnerability could allow a remote attacker to take control of an affected website. CISA encourages users and administrators to Read more…

Google Releases Security Updates for Chrome

https://www.cisa.gov/uscert/ncas/current-activity/2022/05/25/google-releases-security-updates-chrome Google has released Chrome version 102.0.5005.61 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.  CISA encourages users and administrators to review the Chrome Release Note and apply the necessary update.

CISA Adds 34 Known Exploited Vulnerabilities to Catalog

https://www.cisa.gov/uscert/ncas/current-activity/2022/05/25/cisa-adds-34-known-exploited-vulnerabilities-catalog CISA has added 34 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the Read more…

CISA Adds 20 Known Exploited Vulnerabilities to Catalog

https://www.cisa.gov/uscert/ncas/current-activity/2022/05/24/cisa-adds-20-known-exploited-vulnerabilities-catalog CISA has added 20 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow Read more…

Mozilla Releases Security Products for Multiple Firefox Products

https://www.cisa.gov/uscert/ncas/current-activity/2022/05/23/mozilla-releases-security-products-multiple-firefox-products Mozilla has released security updates to address vulnerabilities in Firefox 100.0.2, Firefox for Android 100.3.0, and Firefox ESR 91.9.1. An attacker could exploit these vulnerabilities to take control of an affected system.   CISA encourages users and administrators to review Mozilla security advisory MFSA 2022-19 and apply the necessary updates.

ISC Releases Security Advisory for BIND

https://www.cisa.gov/uscert/ncas/current-activity/2022/05/19/isc-releases-security-advisory-bind The Internet Systems Consortium (ISC) has released a security advisory that addresses a vulnerability affecting version 9.18.0 of ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit this vulnerability to cause a denial-of-service condition. CISA encourages users and administrators to review the ISC advisory for CVE-2022-1183 and apply the Read more…

CISA Releases Analysis of FY21 Risk and Vulnerability Assessments

https://www.cisa.gov/uscert/ncas/current-activity/2022/05/19/cisa-releases-analysis-fy21-risk-and-vulnerability-assessments CISA has released an analysis and infographic detailing the findings from the 112 Risk and Vulnerability Assessments (RVAs) conducted across multiple sectors in Fiscal Year 2021 (FY21).  The analysis details a sample attack path comprising 11 successive tactics, or steps, a cyber threat actor could take to compromise an Read more…

CISA Issues Emergency Directive and Releases Advisory Related to VMware Vulnerabilities

https://www.cisa.gov/uscert/ncas/current-activity/2022/05/18/cisa-issues-emergency-directive-and-releases-advisory-related CISA has issued Emergency Directive (ED) 22-03 and released a Cybersecurity Advisory (CSA) in response to active and expected exploitation of multiple vulnerabilities in the following VMware products: VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM), VMware vRealize Automation (vRA), VMware Cloud Foundation, vRealize Suite Lifecycle Manager. The CSA, AA22-138B: Threat Actors Chaining Read more…