Author: DEFENDEDGE

  • Vulnerability Summary for the Week of March 28, 2022

    Original release date: April 4, 2022   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info genians — genian_nac An remote code execution vulnerability due to SSTI vulnerability and insufficient file name parameter validation was discovered in Genian NAC. Remote attackers are able to execute arbitrary malicious code with SYSTEM… Read more

  • Apple Releases Security Updates

    Original release date: April 1, 2022 Apple has released security updates to address vulnerabilities—CVE-2022-22674 and CVE-2022-22675—in multiple products. An attacker could exploit one of these vulnerabilities to take control of an affected device. These vulnerabilities have been detected in exploits in the wild. CISA encourages users and administrators to review the security update page for… Read more

  • Spring Releases Security Updates Addressing “Spring4Shell” and Spring Cloud Function Vulnerabilities

    Original release date: April 1, 2022 Spring has released Spring Cloud Function versions 3.1.7 and 3.2.3 to address remote code execution (RCE) vulnerability CVE-2022-22963 as well as Spring Framework versions 5.3.18 and 5.2.20 to address RCE vulnerability CVE-2022-22965, known as “Spring4Shell.” A remote attacker could exploit these vulnerabilities to take control of an affected system.… Read more

  • CERT/CC Releases Information on Spring4Shell Vulnerability

    Original release date: April 1, 2022 The CERT Coordination Center (CERT/CC) has released information on a vulnerability (CVE-2022-22965), known as “Spring4Shell,” affecting Spring Framework, a Java framework that creates applications, including web applications. A remote attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review the… Read more

  • Apple Rushes Out Patches for 0-Days in MacOS, iOS

    The vulnerabilities could allow threat actors to disrupt or access kernel activity and may be under active exploit. Read more

  • CISA Releases Security Advisories for Rockwell Automation Products

    Original release date: March 31, 2022 CISA has released two Industrial Controls Systems Advisories (ICSAs) detailing vulnerabilities in Rockwell Automation products. An attacker could exploit these vulnerabilities to inject code on affected system.    CISA encourages users and administrators to review ICSA-22-090-05: Rockwell Automation Logix Controllers and ICSA-22-090-07: Rockwell Automation Studio 5000 Logix Designer for more information… Read more

  • FBI Releases PIN on Ransomware Straining Local Governments and Public Services

    Original release date: March 31, 2022 The Federal Bureau of Investigation (FBI) has released a Private Industry Notification (PIN) to inform U.S. Government Facilities Sector partners of cyber actors conducting ransomware attacks on local government agencies that have resulted in disrupted operational services, risks to public safety, and financial losses. CISA encourages local government officials… Read more

  • Automaker Cybersecurity Lagging Behind Tech Adoption, Experts Warn

    A bug in Honda is indicative of the sprawling car-attack surface that could give cyberattackers easy access to victims, as global use of ‘smart car tech’ and EVs surges. Read more

  • QNAP Customers Adrift, Waiting on Fix for OpenSSL Bug

    QNAP is warning clients that a recently disclosed vulnerability affects most of its NAS devices, with no mitigation available while the vendor readies a patch. Read more

  • Critical RCE Bug in Spring Could Be the Next Log4Shell, Researchers Warn

    The so-called ‘Spring4Shell’ bug has cropped up, so to speak, and could be lurking in literally millions of Java applications. Read more