Category: alerts

Original release date: March 8, 2022 The Federal Bureau of Investigation (FBI) has released a Flash report detailing indicators of compromise (IOCs) associated with ransomware attacks by RagnarLocker, a group of a ransomware actors targeting critical infrastructure sectors. CISA encourages users and administrators to review the IOCs and technical details in FBI Flash CU-000163-MW and apply the recommended mitigations.… Read more

The ‘TLStorm’ vulnerabilities, found in APC Smart-UPS products, could allow attackers to cause both cyber and physical damage by taking down critical infrastructure. Read more

A missing check allows unprivileged attackers to escape containers and execute arbitrary commands in the kernel. Read more

Original release date: March 7, 2022   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info jetbrains — teamcity In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible. 2022-02-25 7.5 CVE-2022-24331 MISC MISC jetbrains — teamcity In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the configuration file… Read more

Researchers have discovered how to remotely manipulate the Amazon Echo through its own speakers. Read more

Original release date: March 7, 2022 CISA has released a draft version of Applying Zero Trust Principles to Enterprise Mobility for public comment. The paper guides federal agencies as they evolve and operationalize cybersecurity programs and capabilities, including cybersecurity for mobility. The public comment period will close April 18, 2022. Executive Order 14028:  Improving the Nation’s… Read more

Original release date: March 7, 2022 CISA has added 11 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to… Read more

Original release date: March 7, 2022 CISA has added eleven new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to… Read more

Original release date: March 7, 2022 Mozilla has released security updates to address vulnerabilities in multiple products. An attacker could exploit these vulnerabilities to take control of an affected system.    CISA encourages users and administrators to review Mozilla security advisory MFSA 2022-09 and apply the necessary updates. This product is provided subject to this Notification and this… Read more

Both vulnerabilities are use-after-free issues in Mozilla’s popular web browser. Read more