fbpx

Spring Releases Security Updates Addressing “Spring4Shell” and Spring Cloud Function Vulnerabilities

https://www.cisa.gov/uscert/ncas/current-activity/2022/04/01/spring-releases-security-updates-addressing-spring4shell-and Spring by VMWare has released Spring Cloud Function versions 3.1.7 and 3.2.3 to address remote code execution (RCE) vulnerability CVE-2022-22963 as well as Spring Framework versions 5.3.18 and 5.2.20 to address RCE vulnerability CVE-2022-22965, known as “Spring4Shell.” A remote attacker could exploit these vulnerabilities to take control of an Read more…

Apple Releases Security Updates

https://www.cisa.gov/uscert/ncas/current-activity/2022/04/01/apple-releases-security-updates-0 Apple has released security updates to address vulnerabilities—CVE-2022-22674 and CVE-2022-22675—in multiple products. An attacker could exploit one of these vulnerabilities to take control of an affected device. These vulnerabilities have been detected in exploits in the wild. CISA encourages users and administrators to review the security update page for Read more…

CISA Releases Security Advisories for Rockwell Automation Products

https://www.cisa.gov/uscert/ncas/current-activity/2022/03/31/cisa-releases-security-advisories-rockwell-automation-products CISA has released two Industrial Controls Systems Advisories (ICSAs) detailing vulnerabilities in Rockwell Automation products. An attacker could exploit these vulnerabilities to inject code on affected system.  CISA encourages users and administrators to review ICSA-22-090-05: Rockwell Automation Logix Controllers and ICSA-22-090-07: Rockwell Automation Studio 5000 Logix Designer for more information and to Read more…

FBI Releases PIN on Ransomware Straining Local Governments and Public Services

https://www.cisa.gov/uscert/ncas/current-activity/2022/03/31/fbi-releases-pin-ransomware-straining-local-governments-and-public The Federal Bureau of Investigation (FBI) has released a Private Industry Notification (PIN) to inform U.S. Government Facilities Sector partners of cyber actors conducting ransomware attacks on local government agencies that have resulted in disrupted operational services, risks to public safety, and financial losses. CISA encourages local government officials Read more…

CISA Adds Eight Known Exploited Vulnerabilities to Catalog

https://www.cisa.gov/uscert/ncas/current-activity/2022/03/31/cisa-adds-eight-known-exploited-vulnerabilities-catalog CISA has added eight new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, Read more…

FBI Releases PIN on Phishing Campaign against U.S. Election Officials

https://www.cisa.gov/uscert/ncas/current-activity/2022/03/30/fbi-releases-pin-phishing-campaign-against-us-election-officials The Federal Bureau of Investigation (FBI) has released a Private Industry Notification (PIN) to warn U.S. election and other state and local government officials about invoice-themed phishing emails that could be used to harvest officials’ login credentials.  CISA encourages federal, state, and local government officials to review FBI PIN: Read more…

Google Releases Security Updates for Chrome

https://www.cisa.gov/uscert/ncas/current-activity/2022/03/30/google-releases-security-updates-chrome Google has released Chrome version 100.0.4896.60 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.  CISA encourages users and administrators to review the Chrome Release Note and apply the necessary update.

Mitigating Attacks Against Uninterruptable Power Supply Devices

https://www.cisa.gov/uscert/ncas/current-activity/2022/03/29/mitigating-attacks-against-uninterruptable-power-supply-devices CISA and the Department of Energy (DOE) are aware of threat actors gaining access to a variety of internet-connected uninterruptable power supply (UPS) devices, often through unchanged default usernames and passwords. Organizations can mitigate attacks against their UPS devices, which provide emergency power in a variety of applications when Read more…

Google Releases Security Updates for Chrome

https://www.cisa.gov/uscert/ncas/current-activity/2022/03/28/google-releases-security-updates-chrome Google has released Chrome version 99.0.4844.84 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates. 

Shields Health Care Group became aware of suspicious activity on its network

Shields Health Care Group, Inc. (“Shields”) recently became aware of suspicious activity on its network.  Shields provides management and imaging services on behalf of the health care facilities (“Facility Partners”) listed below.  With the assistance of third-party forensic specialists, we took immediate steps to contain the incident and to investigate Read more…