Category: alerts
Category Added in a WPeMatico Campaign
-
Citrix Releases Security Updates for Workspace Apps, Virtual Apps and Desktops
Original release date: February 14, 2023 Citrix has released security updates to address high-severity vulnerabilities (CVE-2023-24486, CVE-2023-24484, CVE-2023-24485, and CVE-2023-24483) in Citrix Workspace Apps, Virtual Apps and Desktops. A local user could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Citrix security bulletins CTX477618, CTX477617, and… Read more
-
Vulnerability Summary for the Week of February 6, 2023
Original release date: February 14, 2023 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info webfinance_project — webfinance A vulnerability has been found in fanzila WebFinance 0.5 and classified as critical. This vulnerability affects unknown code of the file htdocs/admin/save_Contract_Signer_Role.php. The manipulation of the argument n/v leads to sql… Read more
-
AA23-040A: #StopRansomware: Ransomware Attacks on Critical Infrastructure Fund DPRK Malicious Cyber Activities
Original release date: February 9, 2023 Summary Note: This Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and various ransomware threat actors. These #StopRansomware advisories detail historically and recently observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help… Read more
-
#StopRansomware – Ransomware Attacks on Critical Infrastructure Fund DPRK Espionage Activities
Original release date: February 9, 2023 CISA, the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), the Department of Health and Human Services (HHS), and Republic of Korea’s Defense Security Agency and National Intelligence Service have released a joint Cybersecurity Advisory (CSA), Ransomware Attacks on Critical Infrastructure Fund DPRK Espionage Activities, to provide… Read more
-
OpenSSL Releases Security Advisory
Original release date: February 9, 2023 OpenSSL has released a security advisory to address multiple vulnerabilities affecting OpenSSL versions 3.0.0, 2.2.2, and 1.0.2. An attacker could exploit some of these vulnerabilities to obtain sensitive information. CISA encourages users and administrators to review the OpenSSL advisory and make the necessary updates. This product is provided subject… Read more
-
CISA and FBI Release ESXiArgs Ransomware Recovery Guidance
Original release date: February 8, 2023 Today, CISA and the Federal Bureau of Investigation (FBI) released a joint Cybersecurity Advisory, ESXiArgs Ransomware Virtual Machine Recovery Guidance. This advisory describes the ongoing ransomware campaign known as “ESXiArgs.” Malicious cyber actors may be exploiting known vulnerabilities in unpatched and out-of-service or out-of-date versions of VMware ESXi software… Read more
-
AA23-039A: ESXiArgs Ransomware Virtual Machine Recovery Guidance
Original release date: February 8, 2023 Summary The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are releasing this joint Cybersecurity Advisory (CSA) in response to the ongoing ransomware campaign, known as “ESXiArgs.” Malicious actors may be exploiting known vulnerabilities in VMware ESXi servers that are likely running unpatched and… Read more
-
CISA Releases ESXiArgs Ransomware Recovery Script
Original release date: February 7, 2023 CISA has released a recovery script for organizations that have fallen victim to ESXiArgs ransomware. The ESXiArgs ransomware encrypts configuration files on vulnerable ESXi servers, potentially rendering virtual machines (VMs) unusable. CISA recommends organizations impacted by ESXiArgs evaluate the script and guidance provided in the accompanying README file to… Read more
-
Vulnerability Summary for the Week of January 30, 2023
Original release date: February 7, 2023 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info qnap — qts A vulnerability has been reported to affect QNAP device running QuTS hero, QTS. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in… Read more
-
Cisco Releases Security Advisories for Multiple Products
Original release date: February 2, 2023 Cisco released security updates for vulnerabilities affecting multiple products. A remote attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Cisco Security Advisories page and apply the necessary updates. This product is provided subject to this Notification and… Read more