Cyber Security Information Portal
Original release date: December 22, 2021 CISA, the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and the cybersecurity authorities of Australia, Canada, New Zealand, and the United Kingdom have released a joint Cybersecurity Advisory in response to multiple vulnerabilities in Apache’s Log4j software library. Malicious cyber actors are actively scanning networks to potentially …
Continue reading “Mitigating Log4Shell and Other Log4j-Related Vulnerabilities”
Original release date: December 21, 2021 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info abb — omnicore_c30_firmware A Missing Authentication vulnerability in RobotWare for the OmniCore robot controller allows an attacker to read and modify files on the robot controller if the attacker has access to the Connected Services …
Continue reading “Vulnerability Summary for the Week of December 13, 2021”
VMware Releases Security Advisory Original release date: December 17, 2021 VMware has released a security advisory to address a vulnerability in Workspace ONE UEM console. An attacker could exploit this vulnerability to obtain sensitive information. CISA encourages users and administrators to review VMware Security Advisory VMSA-2021-0029 and apply the necessary mitigation.
CISA Issues ED 22-02 Directing Federal Agencies to Mitigate Apache Log4j Vulnerabilities Original release date: December 17, 2021 CISA has issued Emergency Directive (ED) 22-02: Mitigate Apache Log4j Vulnerability], directing federal civilian executive branch (FCEB) agencies to address Log4j vulnerabilities—most notably, CVE-2021-44228. Although ED 22-02 applies to FCEB agencies, CISA strongly recommends that all organizations …
NSA and CISA Release Final Part IV of Guidance on Securing 5G Cloud Infrastructures 12/16/2021 03:11 PM EST Original release date: December 16, 2021 CISA has announced the joint National Security Agency (NSA) and CISA publication of the final of a four-part series, Security Guidance for 5G Cloud Infrastructures. Part IV: Ensure Integrity of Cloud Infrastructure focuses …
Original release date: December 15, 2021 CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to …
Continue reading “CISA Adds Two Known Exploited Vulnerabilities to Catalog”
Immediate Steps to Strengthen Critical Infrastructure against Potential Cyberattacks 12/15/2021 08:10 AM EST Original release date: December 15, 2021 In light of persistent and ongoing cyber threats, CISA urges critical infrastructure owners and operators to take immediate steps to strengthen their computer network defenses against potential cyberattacks. CISA has released CISA Insights: Preparing For and …
Adobe Releases Security Updates for Multiple Products 12/14/2021 06:53 PM EST Original release date: December 14, 2021 Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Adobe’s Security Bulletins and apply the …
Continue reading “Adobe Releases Security Updates for Multiple Products”
SAP Releases December 2021 Security Updates 12/14/2021 02:48 PM EST Original release date: December 14, 2021 SAP has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the SAP Security Notes for December …
Continue reading “SAP Releases December 2021 Security Updates”
Microsoft Releases December 2021 Security Updates 12/14/2021 01:17 PM EST Original release date: December 14, 2021 Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s December 2021 Security Update …
Continue reading “Microsoft Releases December 2021 Security Updates”