Author: DEFENDEDGE
-
Vulnerability Summary for the Week of December 18, 2023
High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info 52north — 52north_wps An XXE (XML External Entity) vulnerability has been detected in 52North WPS affecting versions prior to 4.0.0-beta.11. This vulnerability allows the use of external entities in its WebProcessingService servlet for an attacker to retrieve files by making HTTP… Read more
-
#StopRansomware: ALPHV Blackcat
SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov… Read more
-
Vulnerability Summary for the Week of December 11, 2023
-
Example Quiz
-
FBI, CISA, and ASD’s ACSC Release Advisory on Play Ransomware
Today, the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) released a joint Cybersecurity Advisory (CSA), #StopRansomware: Play Ransomware, to disseminate Play ransomware group’s tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) identified through FBI investigations as recently as… Read more
-
#StopRansomware: Play Ransomware
SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov… Read more
-
CISA Releases Advisory on Cyber Resilience for the HPH Sector
Today, CISA released a Cybersecurity Advisory, Enhancing Cyber Resilience: Insights from the CISA Healthcare and Public Health Sector Risk and Vulnerability Assessment, that details findings from our risk and vulnerability assessments of a Health and Public Health (HPH) Sector organization. CISA encourages all critical infrastructure organizations as well as software manufacturers to review the advisory and… Read more
-
Enhancing Cyber Resilience: Insights from the CISA Healthcare and Public Health Sector Risk and Vulnerability Assessment
SUMMARY In January 2023, the Cybersecurity and Infrastructure Security Agency (CISA) conducted a Risk and Vulnerability Assessment (RVA) at the request of a Healthcare and Public Health (HPH) sector organization to identify vulnerabilities and areas for improvement. An RVA is a two-week penetration test of an entire organization, with one week spent on external testing… Read more
-
CISA Secure by Design Alert Urges Manufacturers to Eliminate Default Passwords
Today, CISA published guidance on How Manufacturers Can Protect Customers by Eliminating Default Passwords as a part of our new Secure by Design (SbD) Alert series. This SbD Alert urges technology manufacturers to proactively eliminate the risk of default password exploitation by implementing principles one and three of the joint guidance, Shifting the Balance of… Read more
-
FortiGuard Releases Security Updates for Multiple Products
FortiGuard has released security updates to address vulnerabilities in multiple FortiGuard products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories and apply necessary updates: FG-IR-23-196: Double free in cache management FG-IR-22-038: FortiMail, FortiNDR, FortiRecorder, FortiSwitch, FortiVoice… Read more