https://www.cisa.gov/uscert/ncas/current-activity/2022/05/26/citrix-releases-security-updates-adc-and-gateway Citrix has released security updates to address vulnerabilities in ADC and Gateway. An attacker could exploit these vulnerabilities to cause a denial-of-service condition. CISA encourages users and administrators to review Citrix Security Update CTX457048 and apply the necessary updates.
https://www.cisa.gov/uscert/ncas/current-activity/2022/05/26/drupal-releases-security-updates Drupal has released security updates to address a vulnerability that does not affect Drupal core but may affect some contributed projects or custom code on Drupal sites. Exploitation of this vulnerability could allow a remote attacker to take control of an affected website. CISA encourages users Read more…
https://www.cisa.gov/uscert/ncas/current-activity/2022/05/25/google-releases-security-updates-chrome Google has released Chrome version 102.0.5005.61 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the Chrome Release Note and apply the necessary update.
https://www.cisa.gov/uscert/ncas/current-activity/2022/05/25/cisa-adds-34-known-exploited-vulnerabilities-catalog CISA has added 34 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, Read more…
Vulnerability Summary for the Week of May 16, 2022 The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in Read more…
https://www.cisa.gov/uscert/ncas/current-activity/2022/05/24/cisa-adds-20-known-exploited-vulnerabilities-catalog CISA has added 20 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click Read more…
https://www.cisa.gov/uscert/ncas/current-activity/2022/05/23/mozilla-releases-security-products-multiple-firefox-products Mozilla has released security updates to address vulnerabilities in Firefox 100.0.2, Firefox for Android 100.3.0, and Firefox ESR 91.9.1. An attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Mozilla security advisory MFSA 2022-19 and apply the necessary updates.
https://www.cisa.gov/uscert/ncas/current-activity/2022/05/19/isc-releases-security-advisory-bind The Internet Systems Consortium (ISC) has released a security advisory that addresses a vulnerability affecting version 9.18.0 of ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit this vulnerability to cause a denial-of-service condition. CISA encourages users and administrators to review the ISC advisory for Read more…
https://www.cisa.gov/uscert/ncas/current-activity/2022/05/19/cisa-releases-analysis-fy21-risk-and-vulnerability-assessments CISA has released an analysis and infographic detailing the findings from the 112 Risk and Vulnerability Assessments (RVAs) conducted across multiple sectors in Fiscal Year 2021 (FY21). The analysis details a sample attack path comprising 11 successive tactics, or steps, a cyber threat actor could take Read more…
https://www.cisa.gov/uscert/ncas/current-activity/2022/05/18/cisa-issues-emergency-directive-and-releases-advisory-related CISA has issued Emergency Directive (ED) 22-03 and released a Cybersecurity Advisory (CSA) in response to active and expected exploitation of multiple vulnerabilities in the following VMware products: VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM), VMware vRealize Automation (vRA), VMware Cloud Foundation, vRealize Suite Lifecycle Manager. The CSA, AA22-138B: Read more…
Coming soon!