Author: DEFENDEDGE

Original release date: October 21, 2022 CISA, the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) have released a joint Cybersecurity Advisory (CSA), #StopRansomware: Daixin Team to provide information on the “Daixin Team,” a cybercrime group actively targeting U.S. businesses, predominantly in the Healthcare and Public Health (HPH) Sector,… Read more

Original release date: October 21, 2022 Summary Actions to take today to mitigate cyber threats from ransomware: • Install updates for operating systems, software, and firmware as soon as they are released. • Require phishing-resistant MFA for as many services as possible. • Train users to recognize and report phishing attempts. Note: This joint Cybersecurity… Read more

Original release date: October 21, 2022 Cisco has released a security update to address vulnerabilities affecting Cisco Identity Services Engine (ISE). A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing high and low severity vulnerabilities, see the Cisco Security Advisories page.  CISA encourages users and administrators to… Read more

Original release date: October 17, 2022 | Last revised: October 18, 2022   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info adobe — acrobat_reader Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30381 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code… Read more

Original release date: October 14, 2022 CISA has released RedEye, an interactive open-source analytic tool to visualize and report Red Team command and control activities. RedEye allows an operator to quickly assess complex data, evaluate mitigation strategies, and enable effective decision making. For more information, CISA encourages users to review RedEye on GitHub and watch CISA’s… Read more

Original release date: October 13, 2022 CISA has released twenty-five (25) Industrial Control Systems (ICS) advisories on October 13, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: •    ICSA-22-286-01 Siemens LOGO!… Read more

Original release date: October 11, 2022 Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s October 2022 Security Update Summary and Deployment Information and apply the necessary updates.   This product is… Read more

Original release date: October 11, 2022   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info actian — psql If folder security is misconfigured for Actian Zen PSQL BEFORE Patch Update 1 for Zen 15 SP1 (v15.11.005), Patch Update 4 for Zen 15 (v15.01.017), or Patch Update 5 for Zen… Read more

Original release date: October 7, 2022 Title: FBI and CISA Publish a PSA on Information Manipulation Tactics for 2022 Midterm Elections   Content: The Federal Bureau of Investigation (FBI) and CISA have published a joint public service announcement that: Describes methods that foreign actors use to spread and amplify false information—including reports of alleged malicious cyber activity—in attempts… Read more

Original release date: October 6, 2022 CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have released a joint Cybersecurity Advisory (CSA) providing the top Common Vulnerabilities and Exposures (CVEs) used since 2020 by People’s Republic of China (PRC) state-sponsored cyber actors. PRC state-sponsored cyber actors continue to exploit known vulnerabilities… Read more