Author: DEFENDEDGE

  • Discovery of 56 OT Device Flaws Blamed on Lackluster Security Culture

    Culture of ‘insecure-by-design’ security is cited in discovery of bug-riddled operational technology devices. Read more

  • Vulnerability Summary for the Week of June 13, 2022

    Original release date: June 20, 2022   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info citrix — application_delivery_management Corruption of the system by a remote, unauthenticated user. The impact of this can include the reset of the administrator password at the next device reboot, allowing an attacker with ssh… Read more

  • China-linked APT Flew Under Radar for Decade

    Evidence suggests that a just-discovered APT has been active since 2013. Read more

  • CISA Requests Public Comment on CISA’s TIC 3.0 Cloud Use Case

    Original release date: June 16, 2022 CISA has released Trusted Internet Connections (TIC) 3.0 Cloud Use Case for public comment. TIC is a federal cybersecurity initiative intended to secure federal data, networks, and boundaries while providing visibility into agency traffic, including cloud communications. TIC use cases provide guidance on the secure implementation and configuration of… Read more

  • SAP Releases June 2022 Security Updates

    Original release date: June 14, 2022 SAP has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review SAP Security Patch Day – June 2022 and apply the necessary updates. This product is provided subject… Read more

  • Citrix Releases Security Updates for Application Delivery Management

    Original release date: June 14, 2022 Citrix has released security updates to address vulnerabilities in Application Delivery Management. An attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Citrix Security Update CTX460016 and apply the necessary updates. This product is provided subject to this Notification and… Read more

  • Microsoft Releases June 2022 Security Updates

    Original release date: June 14, 2022 Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s June 2022 Security Update Summary and Deployment Information and apply the necessary updates. This product is provided… Read more

  • Vulnerability Summary for the Week of June 6, 2022

    Original release date: June 13, 2022   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info demokratian — demokratian A vulnerability was found in Demokratian. It has been rated as critical. Affected by this issue is some unknown functionality of the file basicos_php/genera_select.php. The manipulation of the argument id_provincia with… Read more

  • CISA Adds 36 Known Exploited Vulnerabilities to Catalog 

    Original release date: June 8, 2022 CISA has added 36 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog,… Read more

  • AA22-158A: People’s Republic of China State-Sponsored Cyber Actors Exploit Network Providers and Devices

    Original release date: June 7, 2022 Summary Best Practices • Apply patches as soon as possible • Disable unnecessary ports and protocols • Replace end-of-life infrastructure • Implement a centralized patch management system This joint Cybersecurity Advisory describes the ways in which People’s Republic of China (PRC) state-sponsored cyber actors continue to exploit publicly known… Read more