Author: DEFENDEDGE

Original release date: March 7, 2022   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info jetbrains — teamcity In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible. 2022-02-25 7.5 CVE-2022-24331 MISC MISC jetbrains — teamcity In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file… Read more

Researchers have discovered how to remotely manipulate the Amazon Echo through its own speakers. Read more

Original release date: March 7, 2022 CISA has released a draft version of Applying Zero Trust Principles to Enterprise Mobility for public comment. The paper guides federal agencies as they evolve and operationalize cybersecurity programs and capabilities, including cybersecurity for mobility. The public comment period will close April 18, 2022. Executive Order 14028:  Improving the Nation’s… Read more

Original release date: March 7, 2022 CISA has added 11 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to… Read more

Original release date: March 7, 2022 CISA has added eleven new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to… Read more

Original release date: March 7, 2022 Mozilla has released security updates to address vulnerabilities in multiple products. An attacker could exploit these vulnerabilities to take control of an affected system.    CISA encourages users and administrators to review Mozilla security advisory MFSA 2022-09 and apply the necessary updates. This product is provided subject to this Notification and this… Read more

Both vulnerabilities are use-after-free issues in Mozilla’s popular web browser. Read more

Original release date: March 3, 2022 The National Security Agency (NSA) has released a new Cybersecurity Technical Report (CTR): Network Infrastructure Security Guidance. The report captures best practices based on the depth and breadth of experience in supporting customers and responding to threats. Recommendations include perimeter and internal network defenses to improve monitoring and access… Read more

Original release date: March 3, 2022 CISA has added 95 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click… Read more

Malicious Google Play apps have circumvented censorship by hiding trojans in software updates. Read more