Our news
-
AA22-040A: 2021 Trends Show Increased Globalized Threat of Ransomware
Original release date: February 9, 2022 Summary Immediate Actions You Can Take Now to Protect Against Ransomware: • Update your operating system and software. • Implement user training and phishing exercises to raise awareness about the risk of suspicious links and attachments. • If you use Remote Desktop Protocol (RDP), secure and monitor it. • Make an offline backup…
-
No Critical Bugs for Microsoft February 2022 Patch Tuesday, 1 Zero-Day
This batch had zero critical CVEs, which is unheard of. Most (50) of the patches are labeled Important, so don’t delay to apply the patches, security experts said.
-
Microsoft Releases February 2022 Security Updates
Original release date: February 8, 2022 Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s February 2022 Security Update Summary and Deployment Information and apply the necessary updates. This…
-
Vulnerability Summary for the Week of January 31, 2022
Original release date: February 7, 2022 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info advantech — deviceon/iedge A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iEdge Server 1.0.2. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker…
-
CISA Orders Federal Agencies to Fix Actively Exploited Windows Bug
Feb. 18 is the deadline to patch a bug that affects all unpatched versions of Windows 10 and requires zero user interaction to exploit.
-
LockBit, BlackCat, Swissport, Oh My! Ransomware Activity Stays Strong
However, groups are rebranding and recalibrating their profiles and tactics to respond to law enforcement and the security community’s focus on stopping ransomware attacks.
-
QuaDream, 2nd Israeli Spyware Firm, Weaponizes iPhone Bug
The now-patched flaw that led to the ForcedEntry exploit of iPhones was exploited by both NSO Group and a different, newly detailed surveillance vendor.
-
FBI Releases Indicators of Compromise Associated with LockBit 2.0 Ransomware
Original release date: February 7, 2022 The Federal Bureau of Investigation (FBI) has released a Flash report detailing indicators of compromise (IOCs) associated with attacks, using LockBit 2.0, a Ransomware-as-a-Service that employs a wide variety of tactics, techniques, and procedures, creating significant challenges for defense and mitigation. CISA encourages users and administrators to review the IOCs…
-
‘Long Live Log4Shell’: CVE-2021-44228 Not Dead Yet
The ubiquitous Log4j bug will be with us for years. John Hammond, senior security researcher at Huntress, discusses what’s next.
-
Argo CD Security Bug Opens Kubernetes Cloud Apps to Attackers
The popular continuous-delivery platform has a path-traversal bug (CVE-2022-24348) that could allow cyberattackers to hop from one application ecosystem to another.