Author: DEFENDEDGE

  • Mozilla Releases Security Updates for Multiple Products

    Original release date: March 7, 2022 Mozilla has released security updates to address vulnerabilities in multiple products. An attacker could exploit these vulnerabilities to take control of an affected system.    CISA encourages users and administrators to review Mozilla security advisory MFSA 2022-09 and apply the necessary updates. This product is provided subject to this Notification and this… Read more

  • Critical Firefox Zero-Day Bugs Allow RCE, Sandbox Escape

    Both vulnerabilities are use-after-free issues in Mozilla’s popular web browser. Read more

  • NSA Releases Network Infrastructure Security Guidance

    Original release date: March 3, 2022 The National Security Agency (NSA) has released a new Cybersecurity Technical Report (CTR): Network Infrastructure Security Guidance. The report captures best practices based on the depth and breadth of experience in supporting customers and responding to threats. Recommendations include perimeter and internal network defenses to improve monitoring and access… Read more

  • CISA Adds 95 Known Exploited Vulnerabilities to Catalog

    Original release date: March 3, 2022 CISA has added 95 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click… Read more

  • TeaBot Trojan Haunts Google Play Store, Again

    Malicious Google Play apps have circumvented censorship by hiding trojans in software updates. Read more

  • Vulnerability Summary for the Week of February 21, 2022

    Original release date: February 28, 2022 | Last revised: March 1, 2022   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info airspan — mimosa_management_platform MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not… Read more

  • RCE Bugs in WhatsApp, Other Hugely Popular VoIP Apps: Patch Now!

    The flaws are in the ubiquitous open-source PJSIP multimedia communication library, used by the Asterisk PBX toolkit that’s found in a massive number of VoIP implementations. Read more

  • Broadcom Software Discloses APT Actors Deploying Daxin Malware in Global Espionage Campaign

    Original release date: February 28, 2022 Broadcom Software—an industry member of CISA’s Joint Cyber Defense Collaborative (JCDC)—uncovers an advanced persistent threat (APT) campaign against select governments and other critical infrastructure targets in a publication titled Daxin: Stealthy Backdoor Designed for Attacks Against Hardened Networks. The Symantec Threat Hunter team, part of Broadcom Software, worked with… Read more

  • CISA Releases Advisory on Destructive Malware Targeting Organizations in Ukraine

    Original release date: February 26, 2022 CISA and the Federal Bureau of Investigation have released an advisory on destructive malware targeting organizations in Ukraine. The advisory also provides recommendations and strategies to prepare for and respond to destructive malware.  Additionally, CISA has created a new Shields Up Technical Guidance webpage that details other malicious cyber activity affecting… Read more

  • AA22-057A: Destructive Malware Targeting Organizations in Ukraine

    Original release date: February 26, 2022 Summary Actions to Take Today: • Set antivirus and antimalware programs to conduct regular scans. • Enable strong spam filters to prevent phishing emails from reaching end users. • Filter network traffic. • Update software. • Require multifactor authentication. Leading up to Russia’s unprovoked attack against Ukraine, threat actors… Read more