Category: alerts

Adobe updated its recent out-of-band security advisory to add another critical bug, while researchers put out a PoC for the one it emergency-fixed last weekend. Read more

Original release date: February 18, 2022 CISA has compiled and published a list of free cybersecurity services and tools to help organizations reduce cybersecurity risk and strengthen resiliency. This non-exhaustive living repository includes services provided by CISA, widely used open source tools, and free tools and services offered by private and public sector organizations across the cybersecurity… Read more

An oversight in a WordPress plug-in exposes PII and authentication data to malicious insiders. Read more

Original release date: February 17, 2022 The National Security Agency (NSA) has released a Cybersecurity Information (CSI) sheet with guidance on securing network infrastructure devices and credentials. Cisco devices are used globally to secure network infrastructure devices, including across the Department of Defense, National Security Systems, and the Defense Industrial Base. Credentials within Cisco configuration… Read more

Original release date: February 17, 2022 Cisco has released security updates to address a vulnerability affecting Cisco Email Security Appliance. A remote attacker could exploit this vulnerability to cause a denial-of-service condition. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. CISA encourages users and administrators to review Cisco Advisory cisco-sa-esa-dos-MxZvGtgU and… Read more

The resurgent trojan has targeted 60 top companies to harvest credentials for a wide range of applications, with an eye to virulent follow-on attacks. Read more

On the plus side, only instances with non-standard not recommended configurations are vulnerable. On the downside, those configurations aren’t easy to track down, and it’s easy as pie to exploit. Read more

Original release date: February 16, 2022 Summary Actions to Help Protect Against Russian State-Sponsored Malicious Cyber Activity: • Enforce multifactor authentication. • Enforce strong, unique passwords. • Enable M365 Unified Audit Logs. • Implement endpoint detection and response tools. From at least January 2020, through February 2022, the Federal Bureau of Investigation (FBI), National Security… Read more

Original release date: February 16, 2022 CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have released a joint Cybersecurity Advisory (CSA) highlighting regular targeting of U.S. cleared defense contractors (CDCs) by Russian state-sponsored cyber actors. These CDCs support contracts for the U.S. Department of Defense and Intelligence Community. The CSA… Read more

A group of five security vulnerabilities could lead to a range of bad outcomes for virtual-machine enthusiasts, including command execution and DoS. Read more