Month: October 2022

Original release date: October 13, 2022 CISA has released twenty-five (25) Industrial Control Systems (ICS) advisories on October 13, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: •    ICSA-22-286-01 Siemens LOGO!… Read more

Original release date: October 11, 2022 Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s October 2022 Security Update Summary and Deployment Information and apply the necessary updates.   This product is… Read more

Original release date: October 11, 2022   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info actian — psql If folder security is misconfigured for Actian Zen PSQL BEFORE Patch Update 1 for Zen 15 SP1 (v15.11.005), Patch Update 4 for Zen 15 (v15.01.017), or Patch Update 5 for Zen… Read more

Original release date: October 7, 2022 Title: FBI and CISA Publish a PSA on Information Manipulation Tactics for 2022 Midterm Elections   Content: The Federal Bureau of Investigation (FBI) and CISA have published a joint public service announcement that: Describes methods that foreign actors use to spread and amplify false information—including reports of alleged malicious cyber activity—in attempts… Read more

Original release date: October 6, 2022 CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have released a joint Cybersecurity Advisory (CSA) providing the top Common Vulnerabilities and Exposures (CVEs) used since 2020 by People’s Republic of China (PRC) state-sponsored cyber actors. PRC state-sponsored cyber actors continue to exploit known vulnerabilities… Read more

Original release date: October 6, 2022 Summary This joint Cybersecurity Advisory (CSA) provides the top Common Vulnerabilities and Exposures (CVEs) used since 2020 by People’s Republic of China (PRC) state-sponsored cyber actors as assessed by the National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and Federal Bureau of Investigation (FBI). PRC state-sponsored cyber… Read more

Original release date: October 6, 2022 CISA released two (2) Industrial Control Systems (ICS) advisories on October 06, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-22-279-01 Rockwell Automation FactoryTalk VantagePoint… Read more

Original release date: October 3, 2022 | Last revised: October 5, 2022   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info acer — altos_t110_f3 There is a stack buffer overflow vulnerability, which could lead to arbitrary code execution in UEFI DXE driver on some Acer products. An attack could… Read more

Original release date: October 5, 2022 The Federal Bureau of Investigation (FBI) and CISA have published a joint public service announcement that: Assesses malicious cyber activity aiming to compromise election infrastructure is unlikely to result in large-scale disruptions or prevent voting. Confirms “the FBI and CISA have no reporting to suggest cyber activity has ever prevented a registered… Read more

Original release date: October 4, 2022 CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have released a joint Cybersecurity Advisory (CSA), Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization, highlighting advanced persistent threat (APT) activity observed on a Defense Industrial Base (DIB) Sector organization’s… Read more