Author: DEFENDEDGE
-
Apple Releases Security Update for Xcode
Original release date: November 3, 2022 Apple has released a security update to address vulnerabilities in Xcode. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apple security page for Xcode 14.1 and apply the… Read more
-
CISA Upgrades to TLP 2.0
Original release date: November 1, 2022 Today, CISA officially upgraded to Traffic Light Protocol (TLP) 2.0, which facilitates greater information sharing and collaboration. CISA made this upgrade in accordance with the recommendation from the Forum of Incident Response and Security Teams to upgrade to TLP 2.0 by January 2023. Key TLP 2.0 updates: TLP 2.0… Read more
-
CISA Releases One Industrial Control Systems Advisory
Original release date: November 1, 2022 CISA released one Industrial Control Systems (ICS) advisory on November 1, 2022. This advisory provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations: ICSA-22-221-01 Mitsubishi Electric Multiple Factory Automation… Read more
-
Vulnerability Summary for the Week of October 24, 2022
Original release date: October 31, 2022 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info 10web — form_maker The Form Maker by 10Web WordPress plugin before 1.15.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by… Read more
-
CISA Releases Guidance on Phishing-Resistant and Numbers Matching Multifactor Authentication
Original release date: October 31, 2022 CISA has released two fact sheets to highlight threats against accounts and systems using certain forms of multifactor authentication (MFA). CISA strongly urges all organizations to implement phishing-resistant MFA to protect against phishing and other known cyber threats. If an organization using mobile push-notification-based MFA is unable to implement… Read more
-
Joint CISA FBI MS-ISAC Guide on Responding to DDoS Attacks and DDoS Guidance for Federal Agencies
Original release date: October 28, 2022 CISA, the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) have released Understanding and Responding to Distributed Denial-of-Service Attacks provide organizations proactive steps to reduce the likelihood and impact of distributed denial-of-service (DDoS) attacks. The guidance is for both network defenders and leaders to… Read more
-
CISA Adds Six Known Exploited Vulnerabilities to Catalog
Original release date: October 24, 2022 CISA has added six vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on… Read more
-
Vulnerability Summary for the Week of October 17, 2022
Original release date: October 24, 2022 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info 74cms — 74cmsse An arbitrary file upload vulnerability in the component /apiadmin/upload/attach of 74cmsSE v3.13.0 allows attackers to execute arbitrary code via a crafted PHP file. 2022-10-17 9.8 CVE-2022-42154 MISC acer — altos_w2000h-w570h_f4_firmware Acer… Read more
-
#StopRansomware: Daixin Team
Original release date: October 21, 2022 CISA, the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) have released a joint Cybersecurity Advisory (CSA), #StopRansomware: Daixin Team to provide information on the “Daixin Team,” a cybercrime group actively targeting U.S. businesses, predominantly in the Healthcare and Public Health (HPH) Sector,… Read more
-
AA22-294A: #StopRansomware: Daixin Team
Original release date: October 21, 2022 Summary Actions to take today to mitigate cyber threats from ransomware: • Install updates for operating systems, software, and firmware as soon as they are released. • Require phishing-resistant MFA for as many services as possible. • Train users to recognize and report phishing attempts. Note: This joint Cybersecurity… Read more