Author: DEFENDEDGE
-
CISA Adds 10 Known Exploited Vulnerabilities to Catalog
Original release date: April 13, 2022 CISA has added 10 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog,… Read more
-
ICSJWG Spring 2022 Virtual Meeting
Original release date: April 13, 2022 The Industrial Control Systems Joint Working Group (ICSJWG) will hold its Spring 2022 Virtual Meeting April 26–27. ICSJWG meetings facilitate relationship building among critical infrastructure stakeholders and owners/operators of industrial control systems, idea exchanges regarding critical issues affecting industrial control systems (ICS) cybersecurity, and information sharing to reduce the… Read more
-
Apache Releases Security Advisory for Struts 2
Original release date: April 12, 2022 The Apache Software Foundation has released a security advisory to address a vulnerability in Struts in the version range 2.0.0 to 2.5.29. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review Apache’s security advisory S2-062 and upgrade to… Read more
-
Citrix Releases Security Updates for SD-WAN Products
Original release date: April 12, 2022 Citrix has released security updates to address vulnerabilities in multiple SD-WAN products. An attacker could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Citrix Security Update CTX370550 and apply the necessary updates. This product is provided subject to this… Read more
-
Microsoft Releases April 2022 Security Updates
Original release date: April 12, 2022 Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s April 2022 Security Update Summary and Deployment Information and apply the necessary updates. This product is provided… Read more
-
Microsoft Zero-Days, Wormable Bugs Spark Concern
For April Patch Tuesday, the computing giant addressed a zero-day under active attack and several critical security vulnerabilities, including three that allow self-propagating exploits. Read more
-
Vulnerability Summary for the Week of April 4, 2022
Original release date: April 11, 2022 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info escanav — escan_anti-virus An local privilege escalation vulnerability due to a “runasroot” command in eScan Anti-Virus. This vulnerability is due to invalid arguments and insufficient execution conditions related to “runasroot” command. This vulnerability can… Read more
-
Guidance on Sharing Cyber Incident Information
Original release date: April 7, 2022 CISA’s Sharing Cyber Event Information Fact Sheet provides our stakeholders with clear guidance and information about what to share, who should share, and how to share information about unusual cyber incidents or activity. CISA uses this information from partners to build a common understanding of how adversaries are… Read more
-
SSRF Flaw in Fintech Platform Allowed for Compromise of Bank Accounts
Researchers discovered the vulnerability in an API already integrated into many bank systems, which could have defrauded millions of users by giving attackers access to their funds. Read more
-
CISA Adds Three Known Exploited Vulnerabilities to Catalog
Original release date: April 6, 2022 CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog,… Read more