Author: DEFENDEDGE

  • Russia Lays Groundwork for Cyberattacks on US Infrastructure – White House

    “Evolving intelligence” shows Russia amping up for cyber-war in response to Ukraine-related sanctions, the White House said — but researchers warn that many orgs are not prepared. Read more

  • FBI and FinCEN Release Advisory on AvosLocker Ransomware

    Original release date: March 22, 2022 The Federal Bureau of Investigation (FBI) and the Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) have released a joint Cybersecurity Advisory identifying indicators of compromise associated with AvosLocker ransomware. AvosLocker is a ransomware-as-a-service affiliate-based group that has targeted victims across multiple critical infrastructure sectors in the United States… Read more

  • Vulnerability Summary for the Week of March 14, 2022

    Original release date: March 21, 2022   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info 10web — photo_gallery The Photo Gallery by 10Web WordPress plugin before 1.6.0 does not validate and escape the bwg_tag_id_bwg_thumbnails_0 parameter before using it in a SQL statement via the bwg_frontend_data AJAX action (available to… Read more

  • Sandworm APT Hunts for ASUS Routers with Cyclops Blink Botnet

    The Russian-speaking APT behind the NotPetya attacks and the Ukrainian power grid takedown could be setting up for additional sinister attacks, researchers said. Read more

  • CRI-O Security Update for Kubernetes

    Original release date: March 18, 2022 CRI-O has released a security update addressing a critical vulnerability—CVE-2022-0811—in CRI-O 1.19. A local attacker could exploit this vulnerability to take control of an affected Kubernetes environment as well as other software or platforms that use CRI-O runtime containers. CISA encourages users and administrators to review the CRI-O Security… Read more

  • AA22-076A: Strengthening Cybersecurity of SATCOM Network Providers and Customers

    Original release date: March 17, 2022 Summary Actions to Take Today: • Use secure methods for authentication. • Enforce principle of least privilege. • Review trust relationships. • Implement encryption. • Ensure robust patching and system configuration audits. • Monitor logs for suspicious activity. • Ensure incident response, resilience, and continuity of operations plans are… Read more

  • Dev Sabotages Popular NPM Package to Protest Russian Invasion

    In the latest software supply-chain attack, the code maintainer added malicious code to the hugely popular node-ipc library to replace files with a heart emoji and a peacenotwar module. Read more

  • Misconfigured Firebase Databases Exposing Data in Mobile Apps

    Five percent of the databases are vulnerable to threat actors: It’s a gold mine of exploit opportunity in thousands of mobile apps, researchers say. Read more

  • Reporting Mandates to Clear Up Feds’ Hazy Look into Threat Landscape – Podcast

    It’s about time, AttackIQ’s Jonathan Reiber said about 24H/72H report deadlines mandated in the new spending bill. As it is, visibility into adversary behavior has been muck. Read more

  • CISA Adds 15 Known Exploited Vulnerability to Catalog

    Original release date: March 15, 2022 CISA has added 15 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the… Read more