fbpx

State-Sponsored Russian Cyber Actors Targeted Energy Sector from 2011 to 2018

https://www.cisa.gov/uscert/ncas/current-activity/2022/03/24/state-sponsored-russian-cyber-actors-targeted-energy-sector-2011 CISA, the Federal Bureau of Investigation, and the Department of Energy have released a joint Cybersecurity Advisory (CSA) detailing campaigns conducted by state-sponsored Russian cyber actors from 2011 to 2018 that targeted U.S. and international Energy Sector organizations. The CSA highlights historical tactics, techniques, and procedures as well as mitigations Read more…

VMware Releases Security Updates

https://www.cisa.gov/uscert/ncas/current-activity/2022/03/24/vmware-releases-security-updates VMware has released security updates to address multiple vulnerabilities in VMware Carbon Black App Control software. A remote attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory VMSA-2022-0008 and apply the necessary updates.

Drupal Releases Security Updates

https://www.cisa.gov/uscert/ncas/current-activity/2022/03/22/drupal-releases-security-updates Drupal has released security updates to address a vulnerability affecting Drupal 9.2 and 9.3. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review Drupal Security Advisory SA-CORE-006 and apply the necessary update.

FBI and FinCEN Release Advisory on AvosLocker Ransomware

https://www.cisa.gov/uscert/ncas/current-activity/2022/03/22/fbi-and-fincen-release-advisory-avoslocker-ransomware The Federal Bureau of Investigation (FBI) and the Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) have released a joint Cybersecurity Advisory identifying indicators of compromise associated with AvosLocker ransomware. AvosLocker is a ransomware-as-a-service affiliate-based group that has targeted victims across multiple critical infrastructure sectors in the United States Read more…

CRI-O Security Update for Kubernetes

https://www.cisa.gov/uscert/ncas/current-activity/2022/03/18/cri-o-security-update-kubernetes CRI-O has released a security update addressing a critical vulnerability—CVE-2022-0811—in CRI-O 1.19. A local attacker could exploit this vulnerability to take control of an affected Kubernetes environment as well as other software or platforms that use CRI-O runtime containers. CISA encourages users and administrators to review the CRI-O Security Read more…

Drupal Releases Security Updates

https://www.cisa.gov/uscert/ncas/current-activity/2022/03/17/drupal-releases-security-updates Drupal has released security updates to address vulnerabilities affecting Drupal 9.2 and 9.3. An attacker could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Drupal Advisory SA-CORE-2022-05 and apply the necessary updates.

Strengthening Cybersecurity of SATCOM Network Providers and Customers

https://www.cisa.gov/uscert/ncas/current-activity/2022/03/17/strengthening-cybersecurity-satcom-network-providers-and-customers CISA and the Federal Bureau of Investigation (FBI) are aware of possible threats to U.S. and international satellite communications (SATCOM) networks. Successful intrusions into SATCOM networks could create additional risk for SATCOM network customer environments. In response, CISA and FBI have published joint Cybersecurity Advisory (CSA) Strengthening Cybersecurity of Read more…

OpenSSL Releases Security Updates

https://www.cisa.gov/uscert/ncas/current-activity/2022/03/17/openssl-releases-security-updates OpenSSL has released security updates addressing a vulnerability affecting multiple versions of OpenSSL. An attacker could exploit this vulnerability to cause a denial-of-service condition. CISA encourages users and administrators to review the OpenSSL Advisory and upgrade to the appropriate version.

ISC Releases Security Advisories for BIND

https://www.cisa.gov/uscert/ncas/current-activity/2022/03/17/isc-releases-security-advisories-bind The Internet Systems Consortium (ISC) has released security advisories that address vulnerabilities affecting multiple versions of ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition. CISA encourages users and administrators to review the following ISC advisories and apply the necessary Read more…