Author: DEFENDEDGE

  • Mozilla Releases Security Updates for Thunderbird 102.8

    Original release date: February 17, 2023 Mozilla has released security updates to address vulnerabilities in Thunderbird 102.8. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Mozilla’s security advisory for Thunderbird 102.8 for more information and apply the necessary updates. This product is provided… Read more

  • CISA Releases Fifteen Industrial Control Systems Advisories

    Original release date: February 16, 2023 CISA released fifteen (15) Industrial Control Systems (ICS) advisories on February 16, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-23-047-01 Siemens Solid Edge ICSA-23-047-02… Read more

  • Mozilla Releases Security Updates for Firefox 110 and Firefox ESR

    Original release date: February 14, 2023 Mozilla has released security updates to address vulnerabilities in Firefox 110 and Firefox ESR. An attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Mozilla’s security advisories for Firefox 110 and Firefox ESR 102.8 for more information and apply the necessary updates.… Read more

  • Citrix Releases Security Updates for Workspace Apps, Virtual Apps and Desktops

    Original release date: February 14, 2023 Citrix has released security updates to address high-severity vulnerabilities (CVE-2023-24486, CVE-2023-24484, CVE-2023-24485, and CVE-2023-24483) in Citrix Workspace Apps, Virtual Apps and Desktops. A local user could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Citrix security bulletins CTX477618, CTX477617, and… Read more

  • Vulnerability Summary for the Week of February 6, 2023

    Original release date: February 14, 2023   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info webfinance_project — webfinance A vulnerability has been found in fanzila WebFinance 0.5 and classified as critical. This vulnerability affects unknown code of the file htdocs/admin/save_Contract_Signer_Role.php. The manipulation of the argument n/v leads to sql… Read more

  • AA23-040A: #StopRansomware: Ransomware Attacks on Critical Infrastructure Fund DPRK Malicious Cyber Activities

    Original release date: February 9, 2023 Summary Note: This Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and various ransomware threat actors. These #StopRansomware advisories detail historically and recently observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help… Read more

  • #StopRansomware – Ransomware Attacks on Critical Infrastructure Fund DPRK Espionage Activities

    Original release date: February 9, 2023 CISA, the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), the Department of Health and Human Services (HHS), and Republic of Korea’s Defense Security Agency and National Intelligence Service have released a joint Cybersecurity Advisory (CSA), Ransomware Attacks on Critical Infrastructure Fund DPRK Espionage Activities, to provide… Read more

  • OpenSSL Releases Security Advisory

    Original release date: February 9, 2023 OpenSSL has released a security advisory to address multiple vulnerabilities affecting OpenSSL versions 3.0.0, 2.2.2, and 1.0.2. An attacker could exploit some of these vulnerabilities to obtain sensitive information. CISA encourages users and administrators to review the OpenSSL advisory and make the necessary updates. This product is provided subject… Read more

  • CISA and FBI Release ESXiArgs Ransomware Recovery Guidance

    Original release date: February 8, 2023 Today, CISA and the Federal Bureau of Investigation (FBI) released a joint Cybersecurity Advisory, ESXiArgs Ransomware Virtual Machine Recovery Guidance. This advisory describes the ongoing ransomware campaign known as “ESXiArgs.” Malicious cyber actors may be exploiting known vulnerabilities in unpatched and out-of-service or out-of-date versions of VMware ESXi software… Read more

  • AA23-039A: ESXiArgs Ransomware Virtual Machine Recovery Guidance

    Original release date: February 8, 2023 Summary The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are releasing this joint Cybersecurity Advisory (CSA) in response to the ongoing ransomware campaign, known as “ESXiArgs.” Malicious actors may be exploiting known vulnerabilities in VMware ESXi servers that are likely running unpatched and… Read more