Google Releases Security Updates for Chrome

07/21/2022 12:52 PM EDT

Original release date: July 21, 2022

Google has released Chrome version 103.0.5060.134  for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.  

CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates. 

This product is provided subject to this Notification and this Privacy & Use policy.

CISA Updates Advisory on Cyber Actors Continued Exploitation of Log4Shell in VMware Horizon Systems

07/18/2022 12:07 PM EDT

Original release date: July 18, 2022

CISA has updated the joint CISA-United States Coast Guard Cyber Command (CGCYBER) Cybersecurity Advisory AA22-174A: Malicious Cyber Actors Continue to Exploit Log4Shell in VMware Horizon, originally released June 23, 2022. The advisory now includes IOCs provided in Malware Analysis Report (MAR)-10382580-2.

CISA and CGCYBER encourage users and administrators to update all affected VMware Horizon and Unified Access Gateway (UAG) systems to the latest versions. If updates or workarounds were not promptly applied following VMware’s release of updates for Log4Shell, treat all affected VMware systems as compromised. See the joint advisory for more information and additional recommendations.

This product is provided subject to this Notification and this Privacy & Use policy.

Google Releases Security Update for Chrome

07/05/2022 11:00 AM EDT

Original release date: July 5, 2022

Google has released Chrome version 103.0.5060.114 for Windows. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. 

CISA encourages users and administrators to review the Chrome Release Note and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.

Google Releases Security Updates for Chrome

06/22/2022 11:00 AM EDT

Original release date: June 22, 2022

Google has released Chrome version 103.0.5060.53 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. 

CISA encourages users and administrators to review the Chrome Release Note and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.

Google Releases Security Updates for Chrome

06/10/2022 11:00 AM EDT

Original release date: June 10, 2022

Google has released Chrome version 102.0.5005.115 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. 

CISA encourages users and administrators to review the Chrome Release Note and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.

Karakurt Data Extortion Group

06/01/2022 10:00 AM EDT

Original release date: June 1, 2022

CISA, the Federal Bureau of Investigation (FBI), the Department of Treasury, and the Financial Crimes Enforcement Network (FinCEN) have released a joint Cybersecurity Advisory (CSA) to provide information on the Karakurt data extortion group. Karakurt actors steal data and threaten to auction it off or release it to the public unless they receive payment of the demanded ransom.

CISA, the FBI, Treasury, and FinCEN encourage organizations to review Karakurt Data Extortion Group to learn about Karakurt’s tactics, techniques, and procedures and to apply the recommended mitigations. 

This product is provided subject to this Notification and this Privacy & Use policy.

CISA and DoD Release 5G Security Evaluation Process Investigation Study

05/26/2022 09:00 AM EDT

Original release date: May 26, 2022

CISA and the Department of Defense (DoD) have released their 5G Security Evaluation Process Investigation Study for federal agencies. The new features, capabilities, and services offered by fifth-generation (5G) cellular network technology can transform mission and business operations; and federal agencies will eventually be applying different 5G usage scenarios: low-, mid-, and high-band spectrum. 

The study provides an overview of the proposed 5G Security Evaluation Process and applies the process to a private 5G network use case to demonstrate considerations for each step within the overarching process. The study is a joint effort among CISA, the Department of Homeland Security’s Science and Technology Directorate, and DoD’s Under Secretary of Defense for Research and Engineering.

The proposed process detailed in the study can support government agency activities during the Risk Management Framework system-level “Prepare” step for 5G-enabled systems; and federal program and project managers should use the study’s repeatable methodology in their required evaluations. CISA encourages federal program and project managers involved in 5G implementation to review the blog post by CISA Executive Assistant Director Eric Goldstein, CISA, DHS S&T, DOD Introduce Results of an Assessment into the 5G Security Evaluation Process, which links to the study.

This product is provided subject to this Notification and this Privacy & Use policy.

Google Releases Security Updates for Chrome

05/25/2022 11:30 AM EDT

Original release date: May 25, 2022

Google has released Chrome version 102.0.5005.61 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. 

CISA encourages users and administrators to review the Chrome Release Note and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.

Google Releases Security Updates for Chrome

05/11/2022 12:00 PM EDT

Original release date: May 11, 2022

Google has released Chrome version 101.0.4951.64 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. 

CISA encourages users and administrators to review the Chrome Release Note and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.

F5 Releases Security Advisories Addressing Multiple Vulnerabilities

05/04/2022 01:02 PM EDT

Original release date: May 4, 2022

F5 has released security advisories on vulnerabilities affecting multiple products, including various versions of BIG-IP. Included in the release is an advisory for CVE-2022-1388, which allows undisclosed requests to bypass the iControl REST authentication in BIG-IP. An attacker could exploit CVE-2022-1388 to take control of an affected system.

CISA encourages users and administrators to review the F5 webpage, Overview of F5 vulnerabilities (May 2022), and apply the necessary updates or workarounds.

This product is provided subject to this Notification and this Privacy & Use policy.