Security News

Cybersecurity authorities from Australia, the U.K., and the U.S. have published a joint advisory warning of an increase in sophisticated, high-impact ransomware attacks targeting critical infrastructure organizations across the world in 2021. "Ransomware tactics and techniques continued to evolve in 2021, which demonstrates ransomware threat actors' growing technological sophistication and an increased ransomware threat to organizations globally," the agencies said in the joint bulletin.

The US Cybersecurity and Infrastructure Security Agency has added a new flaw to its catalog of vulnerabilities exploited in the wild, an Apple WebKit remote code execution bug used to target iPhones, iPads, and Macs. According to the binding operational directive issued by CISA in November, federal agencies are now required to patch their systems against this actively exploited vulnerability impacting iOS, iPadOS, and macOS devices.

The US Cybersecurity and Infrastructure Security Agency has added a new flaw to its catalog of vulnerabilities exploited in the wild, an Apple WebKit bug used to target iPhones, iPads, and Macs. According to the binding operational directive issued by CISA in November, federal agencies are now required to patch their systems against this actively exploited vulnerability impacting iOS, iPadOS, and macOS devices.

The U.S. Cybersecurity & Infrastructure Security Agency has added to the catalog of vulnerabilities another 15 security issues actively used in cyberattacks.CISA's warning about these vulnerabilities serves as a wake-up call to all system administrators that they need to prioritize installing security updates to protect the organization's network.

The US Cybersecurity and Infrastructure Security Agency has warned admins to patch a set of severe security flaws dubbed ICMAD and impacting SAP business apps using Internet Communication Manager. Yesterday, Onapsis Research Labs who found and reported CVE-2022-22536, one of the three ICMAD bugs and the one rated as a maximum severity issue, also cautioned SAP customers to patch them immediately.

CISA is putting the thumbscrews on federal agencies to get them to patch an actively exploited Windows vulnerability. The move means that Federal Civilian Executive Branch agencies have until Feb. 18, 2022 to remediate the vulnerability, which affects all unpatched versions of Windows 10.

The U.S. Cybersecurity and Infrastructure Security Agency is urging federal agencies to secure their systems against an actively exploited security vulnerability in Windows that could be abused to gain elevated permissions on affected hosts. To that end, the agency has added CVE-2022-21882 to the Known Exploited Vulnerabilities Catalog, necessitating that Federal Civilian Executive Branch agencies patch all systems against this vulnerability by February 18, 2022.

The U.S. Cybersecurity and Infrastructure Security Agency on Thursday published an Industrial Controls Systems Advisory warning of multiple vulnerabilities in the Airspan Networks Mimosa equipment that could be abused to gain remote code execution, create a denial-of-service condition, and obtain sensitive information. "Successful exploitation of these vulnerabilities could allow an attacker to gain user data and other sensitive data, compromise Mimosa's AWS cloud EC2 instance and S3 Buckets, and execute unauthorized remote code on all cloud-connected Mimosa devices," CISA said in the alert.

The Cybersecurity and Infrastructure Security Agency has ordered federal agencies to patch their systems against an actively exploited Windows vulnerability that enables attackers to gain SYSTEM privileges. Per a binding operational directive issued in November and today's announcement, all Federal Civilian Executive Branch Agencies agencies are now required to patch all systems against this vulnerability, tracked as CVE-2022-21882 within two weeks, until February 18th. While BOD 22-01 only applies to FCEB agencies, CISA strongly urges all private and public sector organizations to reduce their exposure to ongoing cyberattacks by adopting this Directive and prioritizing mitigation of vulnerabilities included in its catalog of actively exploited security flaws.

The US Cybersecurity & Infrastructure Security Agency has added eight more flaws to its catalog of exploited vulnerabilities that are known to be used in attacks, and they're a mix of old and new. The goal of publishing these vulnerabilities is to raise awareness and remind federal organizations of their obligation to apply security updates by a specified strict deadline.