Cisco Releases Security Update for Multiple Products

08/11/2022 12:03 PM EDT

Original release date: August 11, 2022

Cisco has released a security update to address a vulnerability affecting Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software. This vulnerability could allow a remote attacker to obtain sensitive information. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

CISA encourages users and administrators to review the following Cisco advisory and apply the necessary updates:
•    Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software RSA Private Key Leak Vulnerability cisco-sa-asaftd-rsa-key-leak-Ms7UEfZz

This product is provided subject to this Notification and this Privacy & Use policy.

Palo Alto Networks Releases Security Update for PAN-OS

08/05/2022 02:05 PM EDT

Original release date: August 5, 2022 | Last revised: August 10, 2022

Palo Alto Networks has released a security update to address a vulnerability in PAN-OS firewall configurations. A remote attacker could exploit this vulnerability to conduct a reflected denial-of service.

CISA encourages users and administrators to review the Palo Alto Networks Security Advisory CVE-2022-0028 and apply the necessary updates or workarounds. 

 

 

 

This product is provided subject to this Notification and this Privacy & Use policy.

Oracle Releases July 2022 Critical Patch Update

07/20/2022 02:57 PM EDT

Original release date: July 20, 2022 | Last revised: July 21, 2022

Oracle has released its Critical Patch Update for July 2022 to address 349 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.  

CISA encourages users and administrators to review the Oracle July 2022 Critical Patch Update and apply the necessary updates.  

 

This product is provided subject to this Notification and this Privacy & Use policy.

OpenSSL Releases Security Update

07/06/2022 11:00 AM EDT

Original release date: July 6, 2022

OpenSSL has released a security update to address a vulnerability affecting OpenSSL 3.0.4. An attacker could exploit this vulnerability to take control of an affected system. 

CISA encourages users and administrators to review the OpenSSL advisory and upgrade to the appropriate version. 

This product is provided subject to this Notification and this Privacy & Use policy.

Google Releases Security Update for Chrome

07/05/2022 11:00 AM EDT

Original release date: July 5, 2022

Google has released Chrome version 103.0.5060.114 for Windows. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. 

CISA encourages users and administrators to review the Chrome Release Note and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.

Atlassian Releases Security Updates for Confluence Server and Data Center, CVE26134

06/02/2022 07:00 PM EDT

Original release date: June 2, 2022

Atlassian has released a security advisory to address a remote code execution vulnerability (CVE-2022-26134) affecting Confluence Server and Data Center products. An unauthenticated remote attacker could exploit this vulnerability to execute code remotely. Atlassian reports that there is known exploitation of this vulnerability.

There are currently no updates available. Atlassian is working to issue an update. CISA strongly recommends that organizations review Confluence Security Advisory 2022-06-02 for more information. CISA urges organizations with affected Atlassian’s Confluence Server and Data Center products to block all internet traffic to and from those devices until an update is available and successfully applied.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA and FBI Update Advisory on Destructive Malware Targeting Organizations in Ukraine

04/28/2022 10:00 AM EDT

Original release date: April 28, 2022

CISA and the Federal Bureau of Investigation (FBI) have updated joint Cybersecurity Advisory AA22-057A: Destructive Malware Targeting Organizations in Ukraine, originally released February 26, 2022. The advisory has been updated to include additional indicators of compromise for WhisperGate and technical details for HermeticWiper, IsaacWiper, HermeticWizard, and CaddyWiper destructive malware.

CISA and the FBI encourage organizations to review the update to AA22-057A as well as the Shields Up Technical Guidance webpage for ways to identify, respond to, and mitigate disruptive cyber activity. 

This product is provided subject to this Notification and this Privacy & Use policy.

Oracle Releases April 2022 Critical Patch Update

04/19/2022 06:20 PM EDT

Original release date: April 19, 2022

Oracle has released its Critical Patch Update for April 2022 to address 520 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. 

CISA encourages users and administrators to review the Oracle April 2022 Critical Patch Update and apply the necessary updates. 

This product is provided subject to this Notification and this Privacy & Use policy.

CRI-O Security Update for Kubernetes

03/18/2022 07:08 AM EDT

Original release date: March 18, 2022

CRI-O has released a security update addressing a critical vulnerability—CVE-2022-0811—in CRI-O 1.19. A local attacker could exploit this vulnerability to take control of an affected Kubernetes environment as well as other software or platforms that use CRI-O runtime containers.

CISA encourages users and administrators to review the CRI-O Security Advisory and apply the necessary updates or workarounds.

This product is provided subject to this Notification and this Privacy & Use policy.

Mozilla Releases Security Update for Mozilla VPN

02/25/2022 06:59 AM EST

Original release date: February 25, 2022

Mozilla has released a security update to address a vulnerability in Mozilla VPN. An attacker could exploit this vulnerability to take control of an affected system.  

CISA encourages users and administrators to review Mozilla Foundation Security Advisory 2022-08 and make the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.