Author: DEFENDEDGE

Original release date: March 14, 2022   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info a3rev — page_view_count The Page View Count WordPress plugin before 2.4.15 does not sanitise and escape the post_ids parameter before using it in a SQL statement via a REST endpoint, available to both unauthenticated… Read more

Original release date: March 10, 2022 CISA is aware of a privilege escalation vulnerability in Linux kernel versions 5.8 and later known as “Dirty Pipe” (CVE-2022-0847). A local attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review (CVE-2022-0847) and update to Linux kernel versions 5.16.11,… Read more

A new survey suggests that security is becoming more important for enterprises, but they’re still falling back on old “security by obscurity” ways. Read more

The China-affiliated state-sponsored threat actor used Log4j and zero-day bugs in the USAHerds animal-tracking software to hack into multiple government networks. Read more

Original release date: March 9, 2022 CISA, the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and the United States Secret Service (USSS) have re-released an advisory on Conti ransomware. Conti cyber threat actors remain active and reported Conti ransomware attacks against U.S. and international organizations have risen to more than 1,000.  CISA,… Read more

The computing giant patched 71 security vulnerabilities in an uncharacteristically light scheduled update, including its first Xbox bug. Read more

Original release date: March 8, 2022 SAP has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the SAP Security Notes for March 2022 and apply the necessary updates.  This product is provided subject… Read more

Original release date: March 8, 2022 Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s March 2022 Security Update Summary and Deployment Information and apply the necessary updates.  … Read more

While IT automation is growing, big challenges remain. Chris Hass, director of information security and research at Automox, discusses how the future looks. Read more

Original release date: March 8, 2022 The Federal Bureau of Investigation (FBI) has released a Flash report detailing indicators of compromise (IOCs) associated with ransomware attacks by RagnarLocker, a group of a ransomware actors targeting critical infrastructure sectors. CISA encourages users and administrators to review the IOCs and technical details in FBI Flash CU-000163-MW and apply the recommended mitigations.… Read more