Please see Security Advisories for the week ending April 29, 2022
- Google Releases Security Updates for Chrome Browser
- Cisco Releases Security Updates for Multiple Products
- CISA and FBI Update Advisory on Destructive Malware Targeting Organizations in Ukraine
________________________________
Google Releases Security Updates for Chrome Browser
Situation
Google has released a new Chrome browser version 101.0.4951.41 for Windows, Mac, and Linux operating systems.
Problem
Google has patched 30 security vulnerabilities ranging from Low to High severity. These vulnerabilities include use-after-free, buffer overflow, out of bounds memory access, insufficient data validation.
Implication
An attacker who is able to successfully exploit some of these vulnerabilities could take control of the affected device.
Need
Google recommends users update their Chrome browser to version 101.0.4951.41 or newer.
Additional information can be found in the link below.
Google Release Notes:
https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_26.html
________________________________
Cisco Releases Security Updates for Multiple Products
Situation
Cisco has released security updates to address vulnerabilities in multiple Cisco products.
Problem
The vulnerabilities reside in Cisco products from:
Cisco Firepower Management Center File Upload Security Bypass Vulnerability
Cisco Firepower Management Center Software Cross-Site Scripting Vulnerability
Cisco Firepower Threat Defense Software TCP Proxy Denial of Service Vulnerability
Cisco Firepower Threat Defense Software Snort Out of Memory Denial of Service Vulnerability
Cisco Firepower Threat Defense Software Denial of Service Vulnerability
The Cisco vulnerabilities listed above range from an impact scope of medium to high.
Implication
An attacker could exploit some of these vulnerabilities to take control or damage an affected system.
Need
CISA encourages users and administrators to review the Cisco Security Advisories page and apply the necessary updates.
Important Links:
https://tools.cisco.com/security/center/publicationListing.x
________________________________
CISA and FBI Update Advisory on Destructive Malware Targeting Organizations in Ukraine
Situation
CISA and the Federal Bureau of Investigation (FBI) have updated joint Cybersecurity Advisory AA22-057A: Destructive Malware Targeting Organizations in Ukraine.
Problem
threat actors deployed destructive malware against organizations in Ukraine to destroy computer systems and render them inoperable.
Implication
Destructive malware can present a direct threat to an organization’s daily operations, impacting the availability of critical assets and data. Further disruptive cyberattacks against organizations in Ukraine are likely to occur and may unintentionally spill over to organizations in other countries.
Need
CISA and the FBI encourage organizations to review the update to AA22-057A as well as the Shields Up Technical Guidance webpage for ways to identify, respond to, and mitigate disruptive cyber activity.
Link to CISA Notice:
https://www.cisa.gov/uscert/ncas/current-activity/2022/04/28/cisa-and-fbi-update-advisory-destructive-malware-targeting
For a more technical overview:
https://www.cisa.gov/uscert/ncas/current-activity/2022/04/28/cisa-and-fbi-update-advisory-destructive-malware-targeting
Shields Up Technical Guidance:
https://www.cisa.gov/uscert/shields-technical-guidance