Author: DEFENDEDGE

Original release date: March 9, 2022 CISA, the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and the United States Secret Service (USSS) have re-released an advisory on Conti ransomware. Conti cyber threat actors remain active and reported Conti ransomware attacks against U.S. and international organizations have risen to more than 1,000.  CISA,… Read more

The computing giant patched 71 security vulnerabilities in an uncharacteristically light scheduled update, including its first Xbox bug. Read more

Original release date: March 8, 2022 SAP has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the SAP Security Notes for March 2022 and apply the necessary updates.  This product is provided subject… Read more

Original release date: March 8, 2022 Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s March 2022 Security Update Summary and Deployment Information and apply the necessary updates.  … Read more

While IT automation is growing, big challenges remain. Chris Hass, director of information security and research at Automox, discusses how the future looks. Read more

Original release date: March 8, 2022 The Federal Bureau of Investigation (FBI) has released a Flash report detailing indicators of compromise (IOCs) associated with ransomware attacks by RagnarLocker, a group of a ransomware actors targeting critical infrastructure sectors. CISA encourages users and administrators to review the IOCs and technical details in FBI Flash CU-000163-MW and apply the recommended mitigations.… Read more

The ‘TLStorm’ vulnerabilities, found in APC Smart-UPS products, could allow attackers to cause both cyber and physical damage by taking down critical infrastructure. Read more

A missing check allows unprivileged attackers to escape containers and execute arbitrary commands in the kernel. Read more

Original release date: March 7, 2022   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info jetbrains — teamcity In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible. 2022-02-25 7.5 CVE-2022-24331 MISC MISC jetbrains — teamcity In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file… Read more

Researchers have discovered how to remotely manipulate the Amazon Echo through its own speakers. Read more