Security News

A notification from the U.S. Cybersecurity Infrastructure and Security Agency warns that threat actors are exploiting vulnerabilities in Zabbix open-source tool for monitoring networks, servers, virtual machines, and cloud services. The agency is asking federal agencies to patch any Zabbix servers against security issues tracked as CVE-2022-23131 and CVE-2022-23134, to avoid "Significant risk" from malicious cyber actors.

The U.S. Cybersecurity and Infrastructure Security Agency has warned of active exploitation of two security flaws impacting Zabbix open-source enterprise monitoring platform, adding them to its Known Exploited Vulnerabilities Catalog. On top of that, CISA is also recommending that Federal Civilian Executive Branch agencies patch all systems against the vulnerabilities by March 8, 2022 to reduce their exposure to potential cyberattacks.

The U.S. Cybersecurity and Infrastructure Security Agency has published a list of free cybersecurity services and tools to help organizations increase their security capabilities and better defend against cyberattacks. While the set is neither comprehensive nor impervious to change, it aims to mature an entity's cybersecurity risk management when combined with baseline security practices for a strong cybersecurity program.

CISA urged leaders of U.S. critical infrastructure organizations on Friday to increase their orgs' resilience against a growing risk of being targeted by foreign influence operations using misinformation, disinformation, and malformation tactics. "Multiple influence operations coordinated by foreign actors had an impact on US critical services and functions across critical sectors," according to the cybersecurity agency.

"CISA is super proud to announce the start of a new catalog of free resources available to those critical infrastructure owners and operators who would benefit from tools to help their security and resilience," said CISA director Jen Easterly in a statement. The Register asked CISA to clarify the selection criteria for inclusion on the list.

The US Cybersecurity and Infrastructure Security Agency has added nine new flaws to its collection of actively exploited vulnerabilities, including two recently patched zero-days impacting Google Chrome and Adobe Commerce/Magento Open Source. The Chrome vulnerability is a high severity use after free bug that can let attackers execute arbitrary code or escape the browser's security sandbox on computers running unpatched Chrome versions addressed in Chrome 98.0.4758.102.

The US Cybersecurity and Infrastructure Security Agency has added nine new flaws to its collection of actively exploited vulnerabilities, including two recently patched zero-days impacting Google Chrome and Adobe Commerce/Magento Open Source. The Chrome vulnerability is a high severity use after free bug that can let attackers execute arbitrary code or escape the browser's security sandbox on computers running unpatched Chrome versions addressed in Chrome 98.0.4758.102.

Cybersecurity authorities from Australia, the U.K., and the U.S. have published a joint advisory warning of an increase in sophisticated, high-impact ransomware attacks targeting critical infrastructure organizations across the world in 2021. "Ransomware tactics and techniques continued to evolve in 2021, which demonstrates ransomware threat actors' growing technological sophistication and an increased ransomware threat to organizations globally," the agencies said in the joint bulletin.

The US Cybersecurity and Infrastructure Security Agency has added a new flaw to its catalog of vulnerabilities exploited in the wild, an Apple WebKit remote code execution bug used to target iPhones, iPads, and Macs. According to the binding operational directive issued by CISA in November, federal agencies are now required to patch their systems against this actively exploited vulnerability impacting iOS, iPadOS, and macOS devices.

The US Cybersecurity and Infrastructure Security Agency has added a new flaw to its catalog of vulnerabilities exploited in the wild, an Apple WebKit bug used to target iPhones, iPads, and Macs. According to the binding operational directive issued by CISA in November, federal agencies are now required to patch their systems against this actively exploited vulnerability impacting iOS, iPadOS, and macOS devices.