Security Advisories

Special Security Advisory: FBI and USSS Release Advisory on BlackByte Ransomware _______________________________ Situation The federal Bureau of Investigation and the United States Secret Service (USSS) have released a joint Cybersecurity Advisory (CSA) identifying indicators or compromise associated with Black Byte ransomware. Problem BlackByte is a Ransomware-as-a-service group that encrypts files on compromised Windows host systems, including the physical and virtual servers. Implication  Once they are in, threat actors can deploy tools… Read More

Please see Security Advisories for the week ending February 11, 2022 CISA Adds 15 Known Exploited Vulnerabilities to its Catalog Palo Alto Networks Security Advisories – February 2022 Citrix Releases Security Updates for Hypervisor Mozilla Releases Security Updates for Firefox and Firefox ESR Critical Vulnerabilities Affecting SAP Applications Employing Internet Communication Manager (ICM) Microsoft Releases February 2022 Security Updates FBI Releases Indicators of Compromise Associated with LockBit 2.0 Ransomware _______________________________ CISA Adds 15… Read More

Special Security Advisory: 2021 Trends Show Increased Globalized Threat of Ransomware _______________________________ Situation CISA, the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), the Australian Cyber Security Centre (ACSC), and the United Kingdom’s National Cyber Security Centre (NCSC-UK) have released a joint Cybersecurity Advisory (CSA) highlighting a global increase in sophisticated, high-impact, ransomware incidents against critical infrastructure organizations in 2021. Problem Cybersecurity authorities in the United States, Australia, and the… Read More

Please see Security Advisories for the week ending February 4, 2022 Major vulnerability found in open-source dev tool for Kubernetes CISA Releases Security Advisory for Airspan Networks Mimosa Google Releases Security Updates for Chrome Cisco Releases Security Updates for RV Series Routers Samba Releases Security Updates _______________________________ Major vulnerability found in open-source dev tool for Kubernetes Situation Researchers today disclosed a zero-day vulnerability in Argo CD, an open source developer tool… Read More

Please see Security Advisories for the week ending January 28, 2022 McAfee Releases Security Update for McAfee Agent for Windows FBI Releases PIN on Iranian Cyber Group Emennet Pasargad CISA Publishes Infographic on Network Security Through Segmentation _______________________________ McAfee Releases Security Update for McAfee Agent for Windows Situation McAfee has released McAfee Agent for Windows version 5.7.5, which addresses vulnerabilities CVE-2021-31854 and CVE-2022-0166. Problem Vulnerabilities were found in McAfee Agent that… Read More

CRITICAL Security Advisory: Apple released security updates for all of its hardware products, including Apple TV, Apple Watch, and Mac Situation The Cybersecurity and Infrastructure Security Agency (CISA) has issued a new security notice that Apple has released security updates for multiple products, including MacOS, iOS, iPad OS, tvOS, and WatchOS Problem Threat Actors are exploiting unpatched systems to: Execute arbitrary code Gain root-level privileges Access restricted files on the vulnerable… Read More

Please see Security Advisories for the week ending January 21, 2022 Mitigating Log4Shell and Other Log4j-Related Vulnerabilities Cisco Releases Security Updates for Multiple Products F5 Releases January 2022 Quarterly Security Notification Zoho Releases Security Advisory for ManageEngine Desktop Central and Desktop Central MSP CISA Urges Organizations to Implement Immediate Cybersecurity Measures to Protect Against Potential Threats Microsoft Warns of Destructive Malware Targeting Ukrainian Organizations Oracle Releases January 2022 Critical Patch Update _______________________________… Read More

Citrix Releases Security Updates for Hypervisor Apple Releases Security Updates for iOS and iPadOS CNMF Identifies and Discloses Malware used by Iranian APT MuddyWater Cisco Releases Security Updates for Multiple Products New Palo Alto Networks Security Advisories Microsoft Releases January 2022 Security Updates Adobe Releases Security Updates for Multiple Products Citrix Releases Security Update for Workspace App for Linux Samba Releases Security Update CISA, FBI, and NSA Release Cybersecurity Advisory… Read More

Please see Security Advisories for the week ending January 7, 2022 Google Releases Security Updates for Chrome VMware Releases Security Updates for multiple products Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird CISA Adds 15 Known Exploited Vulnerabilities to Catalog WordPress Releases Security Update _______________________________ Google Releases Security Updates for Chrome Situation Google has released Chrome version 97.0.4692.71 for Windows, Mac, and Linux Problem This update addresses a number of… Read More

Please see Security Advisories for the week ending December 31, 2021 LastPass users are skeptical after company insists it wasn’t hacked _______________________________ LastPass users are skeptical after company insists it wasn’t hacked Situation Online forums are abuzz with reports that LastPass sent emails to users describing unauthorized login attempts with their master passwords, after one user posted about the issue on Hacker News. Problem This is considered particularly concerning because the password was… Read More