This article is contributed. See the original author and article here.
Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review the Mozilla security advisories for Firefox 97 and Firefox ESR 91.6 and apply the necessary updates.
This article is contributed. See the original author and article here.
The Federal Bureau of Investigation (FBI) has released a Flash report detailing indicators of compromise (IOCs) associated with attacks, using LockBit 2.0, a Ransomware-as-a-Service that employs a wide variety of tactics, techniques, and procedures, creating significant challenges for defense and mitigation.
CISA encourages users and administrators to review the IOCs and technical details in FBI Flash CU-000162-MW and apply the recommend mitigations.
This article was originally posted by the FTC. See the original article here.
When identity theft happens, it’s hard to know where to begin. That’s why the FTC created IdentityTheft.gov, a one-stop resource for people to report identity theft to law enforcement and to get step-by-step instructions on how to recover from any type of identity theft.
The first step in avoiding identity theft, or stopping the damage, is placing a fraud alert on your credit report. This makes it harder for a thief to open new credit in your name, and lets you get free copies of your credit report from each of the three credit bureaus. Next, read through your reports and note any accounts or transactions that don’t belong. Then, go to IdentityTheft.gov.
When you report at IdentityTheft.gov, you’ll answer questions and give details about what happened. Include information about any problems you spotted on your credit reports. IdentityTheft.gov will use that information to create your personalized:
Your Identity Theft Report, recovery plan, and sample letters from IdentityTheft.gov will help you repair problems caused by identity theft. Your recovery plan may tell you to:
Learn more about protecting your identity and recovering from identity theft at ftc.gov/idtheft.
Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.
This article was originally posted by the FTC. See the original article here.
Lots of people recently got an email or letter about free credit monitoring through the Equifax settlement. That’s because the settlement with Equifax was just approved by a court. So now, if you signed up for credit monitoring as part of that settlement, you can take a few steps to switch it on. The email or letter tells you how. Learn more at the FTC’s official site for information: ftc.gov/Equifax.
Remember that you don’t have to pay for credit monitoring as part of this settlement, and nobody will call, text, or email out of the blue to ask you for your credit card or bank account numbers, or to “help” you get your free credit monitoring. Anyone who does is a scammer, so please tell the FTC at ReportFraud.ftc.gov.
Learn more about the settlement and free credit monitoring at ftc.gov/Equifax.
Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.
This article is contributed. See the original author and article here.
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise.
| CVE Number | CVE Title | Required Action Due Date |
| CVE-2022-21882 | Microsoft Win32k Privilege Escalation Vulnerability | 02/18/2022 |
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise. BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the meet the specified criteria.
Recent Comments