Category: alerts
Category Added in a WPeMatico Campaign
-
Critical MQTT-Related Bugs Open Industrial Networks to RCE Via Moxa
A collection of five security vulnerabilities with a collective CVSS score of 10 out of 10 threaten critical infrastructure environments that use Moxa MXview. Read more
-
Apple Patches Actively Exploited WebKit Zero Day
A memory issue affects myriad iPhone, iPad and MacOS devices and allows attackers to execute arbitrary code after processing malicious web content. Read more
-
SAP to Give Threat Briefing on Uber-Severe ‘ICMAD’ Bugs
SAP’s Patch Tuesday brought fixes for a trio of flaws in the ubiquitous ICM component in internet-exposed apps. One of them, with a risk score of 10, could allow attackers to hijack identities, steal data and more. Read more
-
PHP Everywhere Bugs Put 30K+ WordPress Sites at Risk of RCE
The plug-in’s default settings spawned flaws that could allow for full site takeover but have since been fixed in an update that users should immediately install, Wordfence researchers said. Read more
-
AA22-040A: 2021 Trends Show Increased Globalized Threat of Ransomware
Original release date: February 9, 2022 Summary Immediate Actions You Can Take Now to Protect Against Ransomware: • Update your operating system and software. • Implement user training and phishing exercises to raise awareness about the risk of suspicious links and attachments. • If you use Remote Desktop Protocol (RDP), secure and monitor it. • Make an offline backup… Read more
-
2021 Trends Show Increased Globalized Threat of Ransomware
Original release date: February 9, 2022 CISA, the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), the Australian Cyber Security Centre (ACSC), and the United Kingdom’s National Cyber Security Centre (NCSC-UK) have released a joint Cybersecurity Advisory (CSA) highlighting a global increase in sophisticated, high-impact, ransomware incidents against critical infrastructure organizations in 2021.… Read more
-
No Critical Bugs for Microsoft February 2022 Patch Tuesday, 1 Zero-Day
This batch had zero critical CVEs, which is unheard of. Most (50) of the patches are labeled Important, so don’t delay to apply the patches, security experts said. Read more
-
Microsoft Releases February 2022 Security Updates
Original release date: February 8, 2022 Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s February 2022 Security Update Summary and Deployment Information and apply the necessary updates. This… Read more
-
Vulnerability Summary for the Week of January 31, 2022
Original release date: February 7, 2022 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info advantech — deviceon/iedge A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iEdge Server 1.0.2. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker… Read more
-
CISA Orders Federal Agencies to Fix Actively Exploited Windows Bug
Feb. 18 is the deadline to patch a bug that affects all unpatched versions of Windows 10 and requires zero user interaction to exploit. Read more