Author: DEFENDEDGE

Original release date: February 15, 2022 The Federal Bureau of Investigation (FBI) and the United States Secret Service (USSS) have released a joint Cybersecurity Advisory (CSA) identifying indicators of compromise associated with BlackByte ransomware. BlackByte is a Ransomware-as-a-Service group that encrypts files on compromised Windows host systems, including physical and virtual servers. CISA encourages organizations to… Read more

Original release date: February 14, 2022   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info [gwa]_autoresponder_project — [gwa]_autoresponder Unauthenticated SQL Injection (SQLi) vulnerability discovered in [GWA] AutoResponder WordPress plugin (versions <= 2.3), vulnerable at (&listid). No patched version available, plugin closed. 2022-02-04 7.5 CVE-2021-44779 CONFIRM CONFIRM advantech — adam-3600_firmware… Read more

Original release date: February 14, 2022 Adobe has released security updates to address a vulnerability affecting Adobe Commerce and Magento Open Source. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability has been detected in exploits in the wild. CISA encourages users and administrators to review Adobe Security Bulletin APSB22-12 and apply… Read more

The vendor issued an emergency fix on Sunday, and eCommerce websites should update ASAP to avoid Magecart card-skimming attacks and other problems. Read more

A collection of five security vulnerabilities with a collective CVSS score of 10 out of 10 threaten critical infrastructure environments that use Moxa MXview. Read more

A memory issue affects myriad iPhone, iPad and MacOS devices and allows attackers to execute arbitrary code after processing malicious web content. Read more

SAP’s Patch Tuesday brought fixes for a trio of flaws in the ubiquitous ICM component in internet-exposed apps. One of them, with a risk score of 10, could allow attackers to hijack identities, steal data and more. Read more

The plug-in’s default settings spawned flaws that could allow for full site takeover but have since been fixed in an update that users should immediately install, Wordfence researchers said. Read more

Original release date: February 9, 2022 CISA, the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), the Australian Cyber Security Centre (ACSC), and the United Kingdom’s National Cyber Security Centre (NCSC-UK) have released a joint Cybersecurity Advisory (CSA) highlighting a global increase in sophisticated, high-impact, ransomware incidents against critical infrastructure organizations in 2021.… Read more

Original release date: February 9, 2022 Summary Immediate Actions You Can Take Now to Protect Against Ransomware: • Update your operating system and software. • Implement user training and phishing exercises to raise awareness about the risk of suspicious links and attachments. • If you use Remote Desktop Protocol (RDP), secure and monitor it. • Make an offline backup… Read more