Author: DEFENDEDGE

  • Vulnerability Summary for the Week of April 18, 2022

    Original release date: April 25, 2022 | Last revised: April 26, 2022   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info microsoft — windows_10 Remote Procedure Call Runtime Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24492, CVE-2022-24528. 2022-04-15 10 CVE-2022-26809 N/A microsoft — windows_10 Remote Procedure… Read more

  • Firms Push for CVE-Like Cloud Bug System

    Researchers propose fresh approaches to cloud-security bugs and mitigating exposure, impact and risk. Read more

  • CISA Adds Seven Known Exploited Vulnerabilities to Catalog

    Original release date: April 25, 2022 CISA has added seven new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog,… Read more

  • FBI Releases IOCs Associated with BlackCat/ALPHV Ransomware

    Original release date: April 22, 2022 The Federal Bureau of Investigation (FBI) has released a Flash report detailing indicators of compromise (IOCs) associated with attacks involving BlackCat/ALPHV, a Ransomware-as-a-Service that has compromised at least 60 entities worldwide. CISA encourages users and administrators to review the IOCs and technical details in FBI Flash CU-000167-MW and apply the recommend… Read more

  • Zero-Trust For All: A Practical Guide

    How to use zero-trust architecture effectively in today’s modern cloud-dependent infrastructures. Read more

  • Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure

    Original release date: April 20, 2022 The cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom have released a joint Cybersecurity Advisory (CSA) to warn organizations that Russia’s invasion of Ukraine could expose organizations both within and beyond the region to increased malicious cyber activity from Russian state-sponsored cyber actors or… Read more

  • AA22-110A: Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure

    Original release date: April 20, 2022 Summary Actions critical infrastructure organizations should implement to immediately protect against Russian state-sponsored and criminal cyber threats: • Patch all systems. Prioritize patching known exploited vulnerabilities. • Enforce multifactor authentication. • Secure and monitor Remote Desktop Protocol and other risky services. • Provide end-user awareness and training. The cybersecurity… Read more

  • Most Email Security Approaches Fail to Block Common Threats

    A full 89 percent of organizations experienced one or more successful email breaches during the previous 12 months, translating into big-time costs. Read more

  • Google: 2021 was a Banner Year for Exploited 0-Day Bugs

    Last year, Google Project Zero tracked a record 58 exploited-in-the-wild zero-day security holes. Read more

  • Oracle Releases April 2022 Critical Patch Update

    Original release date: April 19, 2022 Oracle has released its Critical Patch Update for April 2022 to address 520 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.  CISA encourages users and administrators to review the Oracle April 2022 Critical Patch Update and apply the… Read more