Category: alerts
Category Added in a WPeMatico Campaign
-
CISA and FBI Update Advisory on Destructive Malware Targeting Organizations in Ukraine
Original release date: April 28, 2022 CISA and the Federal Bureau of Investigation (FBI) have updated joint Cybersecurity Advisory AA22-057A: Destructive Malware Targeting Organizations in Ukraine, originally released February 26, 2022. The advisory has been updated to include additional indicators of compromise for WhisperGate and technical details for HermeticWiper, IsaacWiper, HermeticWizard, and CaddyWiper destructive malware.… Read more
-
Attacker Breach ‘Dozens’ of GitHub Repos Using Stolen OAuth Tokens
GitHub shared the timeline of breaches in April 2022, this timeline encompasses the information related to when a threat actor gained access and stole private repositories belonging to dozens of organizations. Read more
-
Emotet is Back From ‘Spring Break’ With New Nasty Tricks
The Botnet appears to use a new delivery method for compromising Windows systems after Microsoft disables VBA macros by default. Read more
-
2021 Top Routinely Exploited Vulnerabilities
Original release date: April 27, 2022 CISA, the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), the Australian Cyber Security Centre (ACSC), the Canadian Centre for Cyber Security (CCCS), the New Zealand National Cyber Security Centre (NZ NCSC), and the United Kingdom’s National Cyber Security Centre (NCSC-UK) have released a joint Cybersecurity Advisory that… Read more
-
AA22-117A: 2021 Top Routinely Exploited Vulnerabilities
Original release date: April 27, 2022 Summary This joint Cybersecurity Advisory (CSA) was coauthored by cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom: the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security… Read more
-
Millions of Java Apps Remain Vulnerable to Log4Shell
Four months after the critical flaw was discovered, attackers have a massive attack surface from which they can exploit the flaw and take over systems, researchers found. Read more
-
Vulnerability Summary for the Week of April 18, 2022
Original release date: April 25, 2022 | Last revised: April 26, 2022 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info microsoft — windows_10 Remote Procedure Call Runtime Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24492, CVE-2022-24528. 2022-04-15 10 CVE-2022-26809 N/A microsoft — windows_10 Remote Procedure… Read more
-
Firms Push for CVE-Like Cloud Bug System
Researchers propose fresh approaches to cloud-security bugs and mitigating exposure, impact and risk. Read more
-
CISA Adds Seven Known Exploited Vulnerabilities to Catalog
Original release date: April 25, 2022 CISA has added seven new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog,… Read more
-
FBI Releases IOCs Associated with BlackCat/ALPHV Ransomware
Original release date: April 22, 2022 The Federal Bureau of Investigation (FBI) has released a Flash report detailing indicators of compromise (IOCs) associated with attacks involving BlackCat/ALPHV, a Ransomware-as-a-Service that has compromised at least 60 entities worldwide. CISA encourages users and administrators to review the IOCs and technical details in FBI Flash CU-000167-MW and apply the recommend… Read more