Security News

In a joint advisory issued today, CISA and the Multi-State Information Sharing and Analysis Center warned admins of active attacks targeting a critical F5 BIG-IP network security vulnerability. "CISA encourages users and administrators to review the joint advisory for detection methods and mitigations, which include updating F5 BIG-IP software, or, if unable to immediately update, applying temporary workarounds," the cybersecurity agency added.

The Cybersecurity and Infrastructure Security Agency has added two more vulnerabilities to its list of actively exploited bugs, a code injection bug in the Spring Cloud Gateway library and a command injection flaw in Zyxel firmware for business firewalls and VPN devices. Threat actors are also abusing a critical Zyxel firmware vulnerability, patched on May 12th and under active exploitation starting the next day, on May 13th. Rapid7 found over 15,000 vulnerable Zyxel products exposed to Internet access, while the Shadowserver Foundation spotted at least 20,000 potentially impacted devices.

The Cybersecurity and Infrastructure Security Agency has added two more vulnerabilities to its list of actively exploited bugs, a code injection bug in the Spring Cloud Gateway library and a command injection flaw in Zyxel firmware for business firewalls and VPN devices. Threat actors are also abusing a critical Zyxel firmware vulnerability, patched on May 12th and under active exploitation starting the next day, on May 13th. Rapid7 found over 15,000 vulnerable Zyxel products exposed to Internet access, while the Shadowserver Foundation spotted at least 20,000 potentially impacted devices.

The U.S. Cybersecurity and Infrastructure Security Agency has removed a Windows security flaw from its catalog of known exploited vulnerabilities due to Active Directory authentication issues caused by the May 2022 updates that patch it. Unauthenticated attackers abuse CVE-2022-26925 to force domain controllers to authenticate them remotely via the Windows NT LAN Manager security protocol and, likely, gain control over the entire Windows domain.

The U.S. Cybersecurity and Infrastructure Security Agency has added the recently disclosed F5 BIG-IP flaw to its Known Exploited Vulnerabilities Catalog following reports of active abuse in the wild. "An attacker can use this vulnerability to do just about anything they want to on the vulnerable server," Horizon3.

The U.S. Cybersecurity and Infrastructure Security Agency has added a new security vulnerability to its list of actively exploited bugs, the critical severity CVE-2022-1388 affecting BIG-IP network devices. After info F5 BIG-IP exploits used in attacks to brick devices surfaced, CISA added the flaw to the Known Exploited Vulnerabilities Catalog.

Multiple cybersecurity and law enforcement agencies from FVEY countries shared guidance for MSPs to secure networks and sensitive data against these rising cyber threats. "The UK, Australian, Canadian, New Zealand, and U.S. cybersecurity authorities expect malicious cyber actors-including state-sponsored advanced persistent threat groups-to step up their targeting of MSPs in their efforts to exploit provider-customer network trust relationships," the joint advisory reads.

The U.S. Cybersecurity and Infrastructure Security Agency has added seven vulnerabilities to its list of actively exploited security issues, including those from Microsoft, Linux, and Jenkins. The 'Known Exploited Vulnerabilities Catalog' is a list of vulnerabilities known to be actively exploited in cyberattacks and required to be patched by Federal Civilian Executive Branch agencies.

The Cybersecurity and Infrastructure Security Agency has added three new security flaws to its list of actively exploited bugs, including a local privilege escalation bug in the Windows Print Spooler. Redmond patched several other Windows Print Spooler bugs in the last 12 months, including the critical PrintNightmare remote code execution vulnerability.

The U.S. Cybersecurity and Infrastructure Security Agency, along with the Federal Bureau of Investigation and the Treasury Department, warned of a new set of ongoing cyber attacks carried out by the Lazarus Group targeting blockchain companies. Targeted organizations include cryptocurrency exchanges, decentralized finance protocols, play-to-earn cryptocurrency video games, cryptocurrency trading companies, venture capital funds investing in cryptocurrency, and individual holders of large amounts of cryptocurrency or valuable non-fungible tokens.