Category: alerts

Category Added in a WPeMatico Campaign

  • Microsoft Releases April 2022 Security Updates

    Original release date: April 12, 2022 Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s April 2022 Security Update Summary and Deployment Information and apply the necessary updates. This product is provided… Read more

  • Microsoft Zero-Days, Wormable Bugs Spark Concern

    For April Patch Tuesday, the computing giant addressed a zero-day under active attack and several critical security vulnerabilities, including three that allow self-propagating exploits. Read more

  • Vulnerability Summary for the Week of April 4, 2022

    Original release date: April 11, 2022   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info escanav — escan_anti-virus An local privilege escalation vulnerability due to a “runasroot” command in eScan Anti-Virus. This vulnerability is due to invalid arguments and insufficient execution conditions related to “runasroot” command. This vulnerability can… Read more

  • Guidance on Sharing Cyber Incident Information

    Original release date: April 7, 2022 CISA’s Sharing Cyber Event Information Fact Sheet provides our stakeholders with clear guidance and information about what to share, who should share, and how to share information about unusual cyber incidents or activity.   CISA uses this information from partners to build a common understanding of how adversaries are… Read more

  • SSRF Flaw in Fintech Platform Allowed for Compromise of Bank Accounts

    Researchers discovered the vulnerability in an API already integrated into many bank systems, which could have defrauded millions of users by giving attackers access to their funds. Read more

  • CISA Adds Three Known Exploited Vulnerabilities to Catalog

    Original release date: April 6, 2022 CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog,… Read more

  • Vulnerability Summary for the Week of March 28, 2022

    Original release date: April 4, 2022   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info genians — genian_nac An remote code execution vulnerability due to SSTI vulnerability and insufficient file name parameter validation was discovered in Genian NAC. Remote attackers are able to execute arbitrary malicious code with SYSTEM… Read more

  • Apple Releases Security Updates

    Original release date: April 1, 2022 Apple has released security updates to address vulnerabilities—CVE-2022-22674 and CVE-2022-22675—in multiple products. An attacker could exploit one of these vulnerabilities to take control of an affected device. These vulnerabilities have been detected in exploits in the wild. CISA encourages users and administrators to review the security update page for… Read more

  • Spring Releases Security Updates Addressing “Spring4Shell” and Spring Cloud Function Vulnerabilities

    Original release date: April 1, 2022 Spring has released Spring Cloud Function versions 3.1.7 and 3.2.3 to address remote code execution (RCE) vulnerability CVE-2022-22963 as well as Spring Framework versions 5.3.18 and 5.2.20 to address RCE vulnerability CVE-2022-22965, known as “Spring4Shell.” A remote attacker could exploit these vulnerabilities to take control of an affected system.… Read more

  • CERT/CC Releases Information on Spring4Shell Vulnerability

    Original release date: April 1, 2022 The CERT Coordination Center (CERT/CC) has released information on a vulnerability (CVE-2022-22965), known as “Spring4Shell,” affecting Spring Framework, a Java framework that creates applications, including web applications. A remote attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review the… Read more