Monthly Archives: May 2022

Microsoft Releases Workaround Guidance for MSDT "Follina" Vulnerability

Microsoft Releases Workaround Guidance for MSDT "Follina" Vulnerability 05/31/2022 11:11 AM EDT Original release date: May 31, 2022 Microsoft has released workaround guidance to address a remote code execution (RCE) vulnerability—CVE-2022-30190, known as “Follina”—affecting the Microsoft Support Diagnostic Tool (MSDT) in Windows. A remote, unauthenticated attacker could exploit this vulnerability to take control of an …

Continue reading “Microsoft Releases Workaround Guidance for MSDT "Follina" Vulnerability”

Vulnerability Summary for the Week of May 23, 2022

Vulnerability Summary for the Week of May 23, 2022 05/30/2022 01:15 PM EDT Original release date: May 30, 2022   High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info badminton_center_management_system_project — badminton_center_management_system Badminton Center Management System 1.0 is vulnerable to SQL Injection via /bcms/classes/Master.php?f=delete_court_rental, id. 2022-05-24 7.5 CVE-2022-30455MISC battleye — battleye …

Continue reading “Vulnerability Summary for the Week of May 23, 2022”

CISA and DoD Release 5G Security Evaluation Process Investigation Study

CISA and DoD Release 5G Security Evaluation Process Investigation Study 05/26/2022 09:00 AM EDT Original release date: May 26, 2022 CISA and the Department of Defense (DoD) have released their 5G Security Evaluation Process Investigation Study for federal agencies. The new features, capabilities, and services offered by fifth-generation (5G) cellular network technology can transform mission …

Continue reading “CISA and DoD Release 5G Security Evaluation Process Investigation Study”

Citrix Releases Security Updates for ADC and Gateway

Citrix Releases Security Updates for ADC and Gateway 05/26/2022 11:00 AM EDT Original release date: May 26, 2022 Citrix has released security updates to address vulnerabilities in ADC and Gateway. An attacker could exploit these vulnerabilities to cause a denial-of-service condition. CISA encourages users and administrators to review Citrix Security Update CTX457048 and apply the necessary …

Continue reading “Citrix Releases Security Updates for ADC and Gateway”

Drupal Releases Security Updates

Drupal Releases Security Updates 05/26/2022 11:30 AM EDT Original release date: May 26, 2022 Drupal has released security updates to address a vulnerability that does not affect Drupal core but may affect some contributed projects or custom code on Drupal sites. Exploitation of this vulnerability could allow a remote attacker to take control of an …

Continue reading “Drupal Releases Security Updates”

CISA Adds 34 Known Exploited Vulnerabilities to Catalog

CISA Adds 34 Known Exploited Vulnerabilities to Catalog 05/25/2022 11:00 AM EDT Original release date: May 25, 2022 CISA has added 34 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal …

Continue reading “CISA Adds 34 Known Exploited Vulnerabilities to Catalog”

Google Releases Security Updates for Chrome

Google Releases Security Updates for Chrome 05/25/2022 11:30 AM EDT Original release date: May 25, 2022 Google has released Chrome version 102.0.5005.61 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.  CISA encourages users and administrators to review the Chrome Release Note and apply …

Continue reading “Google Releases Security Updates for Chrome”