Security News

Two of the US government's leading security agencies are building a machine learning-based analytics environment to defend against rapidly evolving threats and create more resilient infrastructures for both government entities and private organizations. The Department of Homeland Security - in particular its Science and Technology Directorate research arm - and Cybersecurity and Infrastructure Security Agency picture a multicloud collaborative sandbox that will become a training ground for government boffins to test analytic methods and technologies that rely heavily on artificial intelligence and machine learning techniques.

The U.S. Cybersecurity and Infrastructure Security Agency has added two years-old security flaws impacting TIBCO Software's JasperReports product to its Known Exploited Vulnerabilities catalog, citing evidence of active exploitation. TIBCO JasperReports is a Java-based reporting and data analytics platform for creating, distributing, and managing reports and dashboards.

The U.S. Cybersecurity and Infrastructure Security Agency has added two vulnerabilities impacting Veeam Backup & Replication software to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation in the wild. "The Veeam Distribution Service allows unauthenticated users to access internal API functions," Veeam noted in an advisory published in March 2022.

The flaw was patched as an actively exploited zero-day bug in the Google Chrome web browser on Friday for Windows, Mac, and Linux users. In a security advisory published right before the weekend, Google said it "Is aware of reports that an exploit for CVE-2022-4262 exists in the wild."

The U.S. Cybersecurity and Infrastructure Security Agency this week released an Industrial Control Systems advisory warning of multiple vulnerabilities in Mitsubishi Electric GX Works3 engineering software. "Successful exploitation of these vulnerabilities could allow unauthorized users to gain access to the MELSEC iQ-R/F/L series CPU modules and the MELSEC iQ-R series OPC UA server module or to view and execute programs," the agency said.

The U.S. Cybersecurity and Infrastructure Security Agency this week released an Industrial Control Systems advisory warning of multiple vulnerabilities in Mitsubishi Electric GX Works3 engineering software. "Successful exploitation of these vulnerabilities could allow unauthorized users to gain access to the MELSEC iQ-R/F/L series CPU modules and the MELSEC iQ-R series OPC UA server module or to view and execute programs," the agency said.

The new Cyber Incident Reporting for Critical Infrastructure Act of 2022 requires CISA to create rules regarding cyber incident reporting by critical infrastructure organizations. CISA will share data from cyber incident reports, including defensive measures and anonymized cyber threat indicators, with other organizations.

The new Cyber Incident Reporting for Critical Infrastructure Act of 2022 requires CISA to create rules regarding cyber incident reporting by critical infrastructure organizations. CISA will share data from cyber incident reports, including defensive measures and anonymized cyber threat indicators, with other organizations.

The U.S. Cybersecurity and Infrastructure Security Agency on Monday added a critical flaw impacting Oracle Fusion Middleware to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2021-35587, carries a CVSS score of 9.8 and impacts Oracle Access Manager versions 11.1.2.3.0, 12.2.1.3.0, and 12.2.1.4.0.

The U.S. Cybersecurity and Infrastructure Security Agency on Monday added a critical flaw impacting Oracle Fusion Middleware to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2021-35587, carries a CVSS score of 9.8 and impacts Oracle Access Manager versions 11.1.2.3.0, 12.2.1.3.0, and 12.2.1.4.0.