Author: DEFENDEDGE

  • Microsoft Releases March 2022 Security Updates

    Original release date: March 8, 2022 Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s March 2022 Security Update Summary and Deployment Information and apply the necessary updates.  … Read more

  • The Uncertain Future of IT Automation

    While IT automation is growing, big challenges remain. Chris Hass, director of information security and research at Automox, discusses how the future looks. Read more

  • FBI Releases Indicators of Compromise for RagnarLocker Ransomware

    Original release date: March 8, 2022 The Federal Bureau of Investigation (FBI) has released a Flash report detailing indicators of compromise (IOCs) associated with ransomware attacks by RagnarLocker, a group of a ransomware actors targeting critical infrastructure sectors. CISA encourages users and administrators to review the IOCs and technical details in FBI Flash CU-000163-MW and apply the recommended mitigations.… Read more

  • Zero-Click Flaws in Widely Used UPS Devices Threaten Critical Infratructure

    The ‘TLStorm’ vulnerabilities, found in APC Smart-UPS products, could allow attackers to cause both cyber and physical damage by taking down critical infrastructure. Read more

  • Bug in the Linux Kernel Allows Privilege Escalation, Container Escape

    A missing check allows unprivileged attackers to escape containers and execute arbitrary commands in the kernel. Read more

  • Vulnerability Summary for the Week of February 28, 2022

    Original release date: March 7, 2022   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info jetbrains — teamcity In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible. 2022-02-25 7.5 CVE-2022-24331 MISC MISC jetbrains — teamcity In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file… Read more

  • Novel Attack Turns Amazon Devices Against Themselves

    Researchers have discovered how to remotely manipulate the Amazon Echo through its own speakers. Read more

  • CISA’s Zero Trust Guidance for Enterprise Mobility Available for Public Comment

    Original release date: March 7, 2022 CISA has released a draft version of Applying Zero Trust Principles to Enterprise Mobility for public comment. The paper guides federal agencies as they evolve and operationalize cybersecurity programs and capabilities, including cybersecurity for mobility. The public comment period will close April 18, 2022. Executive Order 14028:  Improving the Nation’s… Read more

  • CISA Adds 11 Known Exploited Vulnerabilities to Catalog 

    Original release date: March 7, 2022 CISA has added 11 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to… Read more

  • CISA Adds Eleven Known Exploited Vulnerabilities to Catalog 

    Original release date: March 7, 2022 CISA has added eleven new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to… Read more