Author: DEFENDEDGE

Original release date: April 18, 2022 | Last revised: April 19, 2022   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info dell — emc_unity_operating_environment Dell VNX2 for file version 8.1.21.266 and earlier, contain an unauthenticated remote code execution vulnerability which may lead unauthenticated users to execute commands on the… Read more

Exploring what’s next for public-cloud security, including top risks and how to implement better risk management. Read more

Original release date: April 18, 2022 | Last revised: April 19, 2022 CISA has released draft versions of two guidance documents—along with a request for comment (RFC)—that are a part of the recently launched Secure Cloud Business Applications (SCuBA) project: Secure Cloud Business Applications (SCuBA) Technical Reference Architecture (TRA)  Extensible Visibility Reference Framework (eVRF) Program… Read more

Original release date: April 18, 2022 CISA,  the Federal Bureau of Investigation (FBI), and the U.S. Treasury Department have released a joint Cybersecurity Advisory (CSA) that details cyber threats associated with cryptocurrency thefts and tactics used by a North Korean state-sponsored advanced persistent threat (APT) actor known as the Lazarus Group.   CISA encourages organizations to… Read more

Original release date: April 18, 2022 Summary Actions to take today to mitigate cyber threats to cryptocurrency: • Patch all systems. • Prioritize patching known exploited vulnerabilities. • Train users to recognize and report phishing attempts. • Use multifactor authentication. The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the… Read more

Fortinet’s Derek Manky discusses the exponential increase in the speed that attackers weaponize fresh vulnerabilities, where botnets and offensive automation fit in, and the ramifications for security teams. Read more

Original release date: April 15, 2022 VMware has released security updates to address a remote code execution vulnerability in Cloud Director. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory VMSA-2022-0013 and apply the necessary updates. This product is provided subject to… Read more

Original release date: April 13, 2022 Microsoft has released an advisory to address CVE-2022-26809, a critical remote code execution vulnerability in Remote Procedure Call Runtime Library. A remote, unauthenticated attacker could exploit this vulnerability to take control of an affected system.  CISA encourages users and administrators to review Microsoft’s advisory and apply the recommended mitigations. This product is… Read more

Original release date: April 13, 2022 CISA, the Department of Energy (DOE), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) have released a joint Cybersecurity Advisory (CSA), warning that certain advanced persistent threat (APT) actors have exhibited the capability to gain full system access to multiple industrial control system (ICS)/supervisory control… Read more

Original release date: April 13, 2022 Summary Actions to Take Today to Protect ICS/SCADA Devices: • Enforce multifactor authentication for all remote access to ICS networks and devices whenever possible. • Change all passwords to ICS/SCADA devices and systems on a consistent schedule, especially all default passwords, to device-unique strong passwords to mitigate password brute… Read more