Cyber Security Information Portal
Vulnerability Summary for the Week of April 18, 2022 04/25/2022 06:37 AM EDT Original release date: April 25, 2022 | Last revised: April 26, 2022 High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info microsoft — windows_10 Remote Procedure Call Runtime Remote Code Execution Vulnerability. This CVE ID is unique …
Continue reading “Vulnerability Summary for the Week of April 18, 2022”
Mitigating Attacks Against Uninterruptable Power Supply Devices 03/29/2022 10:45 AM EDT Original release date: March 29, 2022 CISA and the Department of Energy (DOE) are aware of threat actors gaining access to a variety of internet-connected uninterruptable power supply (UPS) devices, often through unchanged default usernames and passwords. Organizations can mitigate attacks against their UPS …
Continue reading “Mitigating Attacks Against Uninterruptable Power Supply Devices”
Vulnerability Summary for the Week of January 17, 2022 01/24/2022 08:41 AM EST Original release date: January 24, 2022 High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info adobe — acrobat_dc Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free …
Continue reading “Vulnerability Summary for the Week of January 17, 2022”
NOBELIUM Attacks on Cloud Services and other Technologies 10/25/2021 02:44 PM EDT Original release date: October 25, 2021 Microsoft has released a blog on NOBELIUM attacks on cloud services and other technologies. CISA urges users and administrators to review [NOBELIUM targeting delegated administrative privileges to facilitate broader attacks] and apply the necessary mitigations. This product …
Continue reading “NOBELIUM Attacks on Cloud Services and other Technologies”
Vulnerability Summary for the Week of October 18, 2021 10/25/2021 07:07 AM EDT Original release date: October 25, 2021 High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info adobe — ops-cli Ops CLI version 2.0.4 (and earlier) is affected by a Deserialization of Untrusted Data vulnerability to achieve arbitrary code …
Continue reading “Vulnerability Summary for the Week of October 18, 2021”