Category: alerts
Category Added in a WPeMatico Campaign
-
CISA Releases Forty-One Industrial Control Systems Advisories
Original release date: December 15, 2022 CISA has released forty-one (41) Industrial Control Systems (ICS) advisories on 15 December 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-22-349-01 Prosys OPC UA… Read more
-
CISA Consolidates Twitter Accounts
Original release date: December 15, 2022 CISA has consolidated its social media presence on Twitter. Three accounts — @ICSCERT, @Cyber, and @CISAInfraSec — are no longer active. Additionally, the @USCERT_gov Twitter account is now renamed @CISACyber. The following current active Twitter accounts will include posts on content previously covered on the now-inactive accounts. @CISACyber will… Read more
-
Drupal Releases Security Updates to Address Vulnerabilities in H5P and File (Field) Paths
Original release date: December 15, 2022 Drupal has released security updates to address vulnerabilities affecting H5P and the File (Field) Paths modules for Drupal 7.x. An attacker could exploit these vulnerabilities to access sensitive information and remotely execute code. CISA encourages users and administrators to review Drupal’s security advisories SA-CONTRIB-2022-064 and SA-CONTRIB-2022-065 and apply the necessary update.… Read more
-
Microsoft Releases December 2022 Security Updates
Original release date: December 13, 2022 Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s December 2022 Security Update Guide and Deployment Information and apply the necessary updates. This product is provided… Read more
-
CISA Updates Advisory on #StopRansomware: Cuba Ransomware
Original release date: December 13, 2022 The Federal Bureau of Investigation (FBI) and CISA have updated joint Cybersecurity Advisory AA22-335A: #StopRansomware: Cuba Ransomware, originally released on December 01, 2022. The advisory has been updated to include additional indicators of compromise (IOCs). CISA encourages organizations to review the latest update to AA22-335A and apply the recommended… Read more
-
Citrix Releases Security Updates for Citrix ADC, Citrix Gateway
Original release date: December 13, 2022 Citrix has released security updates to address a critical vulnerability (CVE-2022-27518) in Citrix ADC and Citrix Gateway. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability has been exploited in the wild. CISA encourages users and administrators to review Citrix security bulletin CTX457836 and… Read more
-
Vulnerability Summary for the Week of December 5, 2022
Original release date: December 12, 2022 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info activerecord_project — activerecord A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record < 7.0.3.1, <6.1.6.1, <6.0.5.1 and <5.2.8.1 which could allow an attacker, that can manipulate data in… Read more
-
Fortinet Releases Security Updates for FortiOS
Original release date: December 12, 2022 Fortinet has released security updates to address a heap-based buffer overflow vulnerability (CVE-2022-42475) in FortiOS. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability has been exploited in the wild. CISA encourages users and administrators to review Fortinet security advisory FG-IR-22-368, apply the… Read more
-
Cisco Releases Security Advisory for IP Phone 7800 and 8800 Series
Original release date: December 9, 2022 Cisco released a security advisory for a vulnerability affecting IP Phone 7800 and 8800 Series. A remote attacker could exploit this vulnerability to cause a denial-of-service condition. For more information, see the Cisco Security Advisories page. CISA encourages users and administrators to review Cisco IP Phone 7800 and 8800… Read more
-
CISA Releases Phishing Infographic
Original release date: December 8, 2022 Today, CISA published a Phishing Infographic to help protect both organizations and individuals from successful phishing operations. This infographic provides a visual summary of how threat actors execute successful phishing operations. Details include metrics that compare the likelihood of certain types of “bait” and how commonly each bait type succeeds… Read more