by Scott Muniz | Jan 21, 2022 | Security, Technology
This article is contributed. See the original author and article here.
CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise.
| CVE Number |
CVE Title |
Required Action Due Date |
| CVE-2006-1547 |
Apache Struts 1 ActionForm Denial of Service Vulnerability |
07/21/2022 |
| CVE-2012-0391 |
Apache Struts 2 Improper Input Validation Vulnerability |
07/21/2022 |
| CVE-2018-8453 |
Microsoft Windows Win32k Privilege Escalation Vulnerability |
07/21/2022 |
| CVE-2021-35247 |
SolarWinds Serv-U Improper Input Validation Vulnerability |
02/04/2022 |
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise. BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the meet the specified criteria.
by Scott Muniz | Jan 20, 2022 | Security, Technology
This article is contributed. See the original author and article here.
F5 has released its January 2022 Quarterly Security Notification addressing vulnerabilities affecting multiple versions of BIG-IP, BIG-IQ, and NGINX Controller API Management. A remote attacker could exploit these vulnerabilities to either deny service to, or take control of, an affected system.
CISA encourages users and administrators to review the F5 security advisory and install updated software or apply the necessary mitigations as soon as possible.
by Contributed | Jan 20, 2022 | Technology
This article is contributed. See the original author and article here.
We have published a few Microsoft Defender for Office 365 resources over the past few months, and these are now included in the Ninja Training. If you want to refresh your knowledge and get updated, here is what has been added since the last release in September 2021.
Legend:
Module (ordered by Competency Level)
|
What’s new
|
Email Security – Fundamentals:
Module 3. Configuration (Part 1)
|
|
Email Security – Fundamentals:
Module 5. General Awareness
|
|
Email Security – Intermediate:
Module 11. Reports/Custom Reporting
|
|
Security Operations – Advanced:
Module 4. Migration
|
|
Security Operations – Advanced:
Module 6. Attack Simulation Training
|
|
Security Operations – Advanced:
Module 7. General Awareness
|
|
by Scott Muniz | Jan 20, 2022 | Security, Technology
This article is contributed. See the original author and article here.
Drupal has released security updates to address vulnerabilities affecting Drupal 7, 9.2, and 9.3. An attacker could exploit these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review the following Drupal security advisories and apply the necessary updates.
by Scott Muniz | Jan 20, 2022 | Security, Technology
This article is contributed. See the original author and article here.
Google has released Chrome version 97.0.4692.99 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.
CISA encourages users and administrators to review the Chrome Release Note and apply the necessary update as soon as possible.
Recent Comments