Author: DEFENDEDGE
-
Best Practices for Event Logging and Threat Detection
Executive Summary This publication defines a baseline for event logging best practices to mitigate cyber threats. It was developed by the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) in cooperation with the following international partners: United States (US) Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI) and the National… Read more
-
Vulnerability Summary for the Week of August 12, 2024
High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info 10Web Form Builder Team–Form Maker by 10Web Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in 10Web Form Builder Team Form Maker by 10Web allows Reflected XSS.This issue affects Form Maker by 10Web: from n/a through 1.15.26.… Read more
-
Ivanti Releases Security Updates for Avalanche, Neurons for ITSM, and Virtual Traffic Manager
Ivanti released security updates to address multiple vulnerabilities in Ivanti Avalanche, Neurons for ITSM, and Virtual Traffic Manager (vTM). A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. Ivanti advises users to reduce their attack surface and follow industry best practices by adhering to Ivanti’s network configuration… Read more
-
CISA Adds Six Known Exploited Vulnerabilities to Catalog
CISA has added six new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-38189 Microsoft Project Remote Code Execution Vulnerability CVE-2024-38178 Microsoft Windows Scripting Engine Memory Corruption Vulnerability CVE-2024-38213 Microsoft Windows SmartScreen Security Feature Bypass Vulnerability CVE-2024-38193 Microsoft Windows Ancillary Function Driver for WinSock Privilege Escalation Vulnerability CVE-2024-38106 Microsoft Windows Kernel Privilege Escalation Vulnerability CVE-2024-38107 Microsoft Windows… Read more
-
CISA Releases Ten Industrial Control Systems Advisories
CISA released ten Industrial Control Systems (ICS) advisories on August 13, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-226-01 AVEVA SuiteLink Server ICSA-24-226-02 Rockwell Automation AADvance Standalone OPC-DA Server ICSA-24-226-03 Rockwell Automation GuardLogix/ControlLogix 5580 Controller ICSA-24-226-04 Rockwell Automation Pavilion8 ICSA-24-226-05 Rockwell Automation DataMosaix Private Cloud ICSA-24-226-06 Rockwell… Read more
-
Vulnerability Summary for the Week of August 5, 2024
High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info 10web–Slider by 10Web Responsive Image Slider The Slider by 10Web – Responsive Image Slider plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.2.57 due to insufficient escaping on the user… Read more
-
Best Practices for Cisco Device Configuration
In recent incidents, CISA has seen malicious cyber actors acquire system configuration files by leveraging available protocols or software on devices, such as abusing the legacy Cisco Smart Install feature. CISA recommends organizations disable Smart Install and review NSA’s Smart Install Protocol Misuse advisory and Network Infrastructure Security Guide for configuration guidance. CISA also continues… Read more
-
Royal Ransomware Actors Rebrand as “BlackSuit,” FBI and CISA Release Update to Advisory
Today, CISA—in partnership with the Federal Bureau of Investigation (FBI)—released an update to joint Cybersecurity Advisory #StopRansomware: Royal Ransomware, #StopRansomware: BlackSuit (Royal) Ransomware. The updated advisory provides network defenders with recent and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) associated with BlackSuit and legacy Royal activity. FBI investigations identified these… Read more
-
Vulnerability Summary for the Week of July 29, 2024
High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info Apache Software Foundation–Apache SeaTunnel Web Web Authentication vulnerability in Apache SeaTunnel. Since the jwt key is hardcoded in the application, an attacker can forge any token to log in any user. Attacker can get secret key in /seatunnel-server/seatunnel-app/src/main/resources/application.yml and then create a token. This issue… Read more
-
Understanding 2FA vs MFA: A Layered Approach to Cybersecurity
In today’s digital landscape, ensuring robust security measures is paramount. With the ever-increasing sophistication of cyber threats, businesses and individuals alike must adopt rigorous authentication protocols. Two primary methods that stand out are Two-Factor Authentication (2FA) and Multi-Factor Authentication (MFA). While they are often used interchangeably, understanding their nuances is crucial for implementing the most… Read more