Category: alerts
Category Added in a WPeMatico Campaign
-
Drupal Releases Security Update to Address a Vulnerability in Apigee Edge
Original release date: February 2, 2023 Drupal released a security update to address a vulnerability affecting the Apigee Edge module for Drupal 9.x. An attacker could exploit this vulnerability to bypass access authorization or disclose sensitive information. CISA encourages users and administrators to review Drupal’s security advisory SA-CONTRIB- 2023-005 and apply the necessary update. This product… Read more
-
VMware Releases Security Update for VMware vRealize Operations
Original release date: February 1, 2023 VMware released a security update that addresses a cross-site request forgery bypass vulnerability affecting VMware vRealize Operations. A malicious user could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory VMSA-2023-0002 and apply the necessary updates. This product… Read more
-
Vulnerability Summary for the Week of January 23, 2023
Original release date: January 30, 2023 | Last revised: January 31, 2023 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info adobe — acrobat_reader Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by an out-of-bounds write vulnerability that could result in… Read more
-
JCDC Announces 2023 Planning Agenda
Original release date: January 26, 2023 Today, the Joint Cyber Defense Collaborative (JCDC) announced its 2023 Planning Agenda. This release marks a major milestone in the continued evolution and maturation of the collaborative’s planning efforts. JCDC’s Planning Agenda brings together government and private sector partners to develop and execute cyber defense plans that achieve specific… Read more
-
CISA, NSA, and MS-ISAC Release Advisory on the Malicious Use of RMM Software
Original release date: January 25, 2023 Today, the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released joint Cybersecurity Advisory (CSA) Protecting Against Malicious Use of Remote Monitoring and Management Software. The advisory describes a phishing scam in which cyber threat actors maliciously… Read more
-
AA23-025A: Protecting Against Malicious Use of Remote Monitoring and Management Software
Original release date: January 25, 2023 Summary The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Multi-State Information Sharing and Analysis Center (MS-ISAC) (hereafter referred to as the “authoring organizations”) are releasing this joint Cybersecurity Advisory (CSA) to warn network defenders about malicious use of legitimate remote monitoring and management (RMM) software.… Read more
-
VMware Releases Security Updates for VMware vRealize Log Insight
Original release date: January 25, 2023 VMware released security updates to address multiple vulnerabilities in VMware vRealize Log Insight. A remote attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory VMSA-2023-0001 and apply the necessary updates. This product is provided subject to this… Read more
-
Vulnerability Summary for the Week of January 16, 2023
Original release date: January 23, 2023 | Last revised: January 24, 2023 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info adobe — acrobat_reader Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by an out-of-bounds write vulnerability that could result in… Read more
-
CISA Releases Protecting Our Future: Partnering to Safeguard K–12 organizations from Cybersecurity Threats
Original release date: January 24, 2023 Today, CISA released Protecting Our Future: Partnering to Safeguard K–12 organizations from Cybersecurity Threats. The report provides recommendations and resources to help K-12 schools and school districts address systemic cybersecurity risk. It also provides insight into the current threat landscape specific to the K-12 community and offers simple steps… Read more
-
Drupal Releases Security Advisories to Address Multiple Vulnerabilities
Original release date: January 20, 2023 Drupal has released security advisories to address vulnerabilities affecting multiple products. An attacker could exploit these vulnerabilities to access sensitive information. CISA encourages users and administrators to review Drupal’s security advisories SA-CORE-2023-001, SA-CONTRIB-2023-002, SA-CONTRIB-2023-003, and SA-CONTRIB-2023-004 and apply the necessary updates. This product is provided subject to this Notification… Read more