Month: March 2022

Original release date: March 7, 2022 Mozilla has released security updates to address vulnerabilities in multiple products. An attacker could exploit these vulnerabilities to take control of an affected system.    CISA encourages users and administrators to review Mozilla security advisory MFSA 2022-09 and apply the necessary updates. This product is provided subject to this Notification and this… Read more

Both vulnerabilities are use-after-free issues in Mozilla’s popular web browser. Read more

Original release date: March 3, 2022 The National Security Agency (NSA) has released a new Cybersecurity Technical Report (CTR): Network Infrastructure Security Guidance. The report captures best practices based on the depth and breadth of experience in supporting customers and responding to threats. Recommendations include perimeter and internal network defenses to improve monitoring and access… Read more

Original release date: March 3, 2022 CISA has added 95 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click… Read more

Malicious Google Play apps have circumvented censorship by hiding trojans in software updates. Read more

Original release date: February 28, 2022 | Last revised: March 1, 2022   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info airspan — mimosa_management_platform MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not… Read more

The flaws are in the ubiquitous open-source PJSIP multimedia communication library, used by the Asterisk PBX toolkit that’s found in a massive number of VoIP implementations. Read more