Category: alerts

Original release date: June 8, 2022 CISA has added 36 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog,… Read more

Original release date: June 7, 2022 Summary Best Practices • Apply patches as soon as possible • Disable unnecessary ports and protocols • Replace end-of-life infrastructure • Implement a centralized patch management system This joint Cybersecurity Advisory describes the ways in which People’s Republic of China (PRC) state-sponsored cyber actors continue to exploit publicly known… Read more

Original release date: June 7, 2022 CISA, the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) have released a joint Cybersecurity Advisory (CSA) to provide information on ways in which People’s Republic of China (PRC) state-sponsored cyber actors continue to exploit publicly known vulnerabilities in order to establish a broad network of… Read more

Original release date: June 7, 2022 Owl Labs has released security updates to address a vulnerability (CVE-2022-31460) in Meeting Owl Pro and Whiteboard Owl. An attacker could exploit this vulnerability to obtain sensitive information.  CISA encourages users and administrators to review the Owl Labs security advisories for Meeting Owl Pro and Whiteboard Owl and update to Version 5.4.1.4. … Read more

The vulnerability remains unpatched on many versions of the collaboration tool and has potential to create a SolarWinds-type scenario. Read more

A government-aligned attacker tried using a Microsoft vulnerability to attack U.S. and E.U. government targets. Read more

Original release date: June 6, 2022   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info microsoft — windows_server_2012 Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability. 2022-06-01 9.3 CVE-2022-30190 N/A Back to top   Medium Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch… Read more

Original release date: June 3, 2022 Atlassian has released new Confluence Server and Data Center versions to address remote code execution vulnerability CVE-2022-26134 affecting these products. An unauthenticated remote attacker could exploit this vulnerability to execute code remotely. Atlassian reports that there is known exploitation of tmhis vulnerability.. CISA strongly urges organizations to review Confluence Security… Read more

Original release date: June 3, 2022 CISA has released an Industrial Controls Systems Advisory (ICSA) detailing vulnerabilities affecting versions of the Dominion Voting Systems Democracy Suite ImageCast X, which is an in-person voting system used to allow voters to mark their ballot. Exploitation of these vulnerabilities would require physical access to individual ImageCast X devices,… Read more

Original release date: June 2, 2022 Atlassian has released a security advisory to address a remote code execution vulnerability (CVE-2022-26134) affecting Confluence Server and Data Center products. An unauthenticated remote attacker could exploit this vulnerability to execute code remotely. Atlassian reports that there is known exploitation of this vulnerability. There are currently no updates available.… Read more