fbpx

Mozilla Releases Security Updates for Firefox and Firefox ESR

https://www.cisa.gov/uscert/ncas/current-activity/2022/03/08/mozilla-releases-security-updates-firefox-and-firefox-esr Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system.  CISA encourages users and administrators to review the Mozilla security advisories for Firefox 98 and Firefox ESR 91.7 and apply the necessary updates.

CISA Releases Security Advisory on PTC Axeda Agent and Desktop Server

https://www.cisa.gov/uscert/ncas/current-activity/2022/03/08/cisa-releases-security-advisory-ptc-axeda-agent-and-desktop-server CISA has released an Industrial Controls Systems Advisory (ICSA), detailing vulnerabilities in PTC Axeda agent and Axeda Desktop Server. Successful exploitation of these vulnerabilities—collectively known as “Access:7”—could result in full system access, remote code execution, read/change configuration, file system read access, log information access, or a denial-of-service condition. CISA Read more…

FBI Releases Indicators of Compromise for RagnarLocker Ransomware

https://www.cisa.gov/uscert/ncas/current-activity/2022/03/08/fbi-releases-indicators-compromise-ragnarlocker-ransomware The Federal Bureau of Investigation (FBI) has released a Flash report detailing indicators of compromise (IOCs) associated with ransomware attacks by RagnarLocker, a group of a ransomware actors targeting critical infrastructure sectors. CISA encourages users and administrators to review the IOCs and technical details in FBI Flash CU-000163-MW and apply the recommended mitigations.

Adobe Releases Security Updates for Multiple Products

https://www.cisa.gov/uscert/ncas/current-activity/2022/03/08/adobe-releases-security-updates-multiple-products Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.  CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates.  Photoshop APSB22-14  Illustrator APSB22-15  After Effects APSB22-17 

CISA Adds 11 Known Exploited Vulnerabilities to Catalog 

https://www.cisa.gov/uscert/ncas/current-activity/2022/03/07/cisa-adds-11-known-exploited-vulnerabilities-catalog CISA has added 11 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to Read more…

Mozilla Releases Security Updates for Multiple Products

https://www.cisa.gov/uscert/ncas/current-activity/2022/03/07/mozilla-releases-security-updates-multiple-products Mozilla has released security updates to address vulnerabilities in multiple products. An attacker could exploit these vulnerabilities to take control of an affected system.    CISA encourages users and administrators to review Mozilla security advisory MFSA 2022-09 and apply the necessary updates.

CISA’s Zero Trust Guidance for Enterprise Mobility Available for Public Comment

https://www.cisa.gov/uscert/ncas/current-activity/2022/03/07/cisas-zero-trust-guidance-enterprise-mobility-available-public CISA has released a draft version of Applying Zero Trust Principles to Enterprise Mobility for public comment. The paper guides federal agencies as they evolve and operationalize cybersecurity programs and capabilities, including cybersecurity for mobility. The public comment period will close April 18, 2022. Executive Order 14028:  Improving the Nation’s Read more…

Cisco Releases Security Updates for Multiple Products

https://www.cisa.gov/uscert/ncas/current-activity/2021/07/08/cisco-releases-security-updates-multiple-products Cisco has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. CISA encourages users and administrators to review the following Cisco Security Advisories Read more…

NSA Releases Network Infrastructure Security Guidance

https://www.cisa.gov/uscert/ncas/current-activity/2022/03/03/nsa-releases-network-infrastructure-security-guidance The National Security Agency (NSA) has released a new Cybersecurity Technical Report (CTR): Network Infrastructure Security Guidance. The report captures best practices based on the depth and breadth of experience in supporting customers and responding to threats. Recommendations include perimeter and internal network defenses to improve monitoring and access controls Read more…

CISA releases 3 Industrial Control Systems Advisories

CISA releases 3 Industrial Control Systems Advisories 3/3/2022 12:52 PM EST ICS-CERT released the following 3 advisories today, March 3, 2022. Click on the links below for more detailed information on these Industrial Control Systems vulnerabilities. BD Pyxis This advisory contains mitigations for a Use of Hard-coded Credentials vulnerability in the BD Read more…