Author: DEFENDEDGE

  • CISA Releases Log4Shell-Related MAR

    Original release date: July 28, 2022 From May through June 2022, CISA responded to an organization that was compromised by an exploitation of an unpatched and unmitigated Log4Shell vulnerability in a VMware Horizon server. CISA analyzed five malware samples obtained from the organization’s network and released a Malware Analysis Report of the findings. Users and… Read more

  • Vulnerability Summary for the Week of July 18, 2022

    Original release date: July 26, 2022   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info infiray — iray-a8z3_firmware An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The firmware contains a potential buffer overflow by calling strcpy() without checking the string length beforehand. 2022-07-17 10 CVE-2022-31209 MISC infiray — iray-a8z3_firmware… Read more

  • IoT Botnets Fuels DDoS Attacks – Are You Prepared?

    The increased proliferation of IoT devices paved the way for the rise of IoT botnets that amplifies DDoS attacks today. This is a dangerous warning that the possibility of a sophisticated DDoS attack and a prolonged service outage will prevent businesses from growing. Read more

  • Oracle Releases July 2022 Critical Patch Update

    Original release date: July 20, 2022 | Last revised: July 21, 2022 Oracle has released its Critical Patch Update for July 2022 to address 349 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.   CISA encourages users and administrators to review the Oracle July… Read more

  • Internet of Things Targeted by Campaigns and Attacks of Opportunity

    ,

    Internet of Things Targeted by Campaigns and Attacks of Opportunity July 19, 2022  By Calvin Bryant   It should come as no surprise that an ever-expanding threat landscape brings with it an increased number of attack vectors for threat bad actors’ use and, subsequently, an inevitable increase in exploitation.  The Internet of Things (IoT) is a common… Read more

  • Vulnerability Summary for the Week of July 11, 2022

    Original release date: July 18, 2022 | Last revised: July 19, 2022   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info ceneo-web-scrapper_project — ceneo-web-scrapper The adriankoczuruek/ceneo-web-scrapper repository through 2021-03-15 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. 2022-07-11 7.5 CVE-2022-31570 MISC clinic’s_patient_management_system_project —… Read more

  • CISA released Security Advisory on MiCODUS MV720 Global Positioning System (GPS) Tracker

    Original release date: July 19, 2022 CISA has released an Industrial Controls Systems Advisory (ICSA) detailing six vulnerabilities that were discovered in MiCODUS MV720 Global Positioning System Tracker. Successful exploitation of these vulnerabilities may allow a remote actor to exploit access and gain control the global positioning system tracker. These vulnerabilities could impact access to… Read more

  • CISA Updates Advisory on Cyber Actors Continued Exploitation of Log4Shell in VMware Horizon Systems

    Original release date: July 18, 2022 CISA has updated the joint CISA-United States Coast Guard Cyber Command (CGCYBER) Cybersecurity Advisory AA22-174A: Malicious Cyber Actors Continue to Exploit Log4Shell in VMware Horizon, originally released June 23, 2022. The advisory now includes IOCs provided in Malware Analysis Report (MAR)-10382580-2. CISA and CGCYBER encourage users and administrators to… Read more

  • CISA Urges Patch of Exploited Windows 11 Bug by Aug. 2

    Feds urge U.S. agencies to patch a Microsoft July Patch Tuesday 2022 bug that is being exploited in the wild by August 2. Read more

  • Juniper Networks Releases Security Updates for Multiple Products

    Original release date: July 14, 2022 Juniper Networks has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.  CISA encourages users and administrators to review the Juniper Networks security advisories page and apply the necessary updates.  This product is provided subject… Read more