Month: June 2022

Original release date: June 30, 2022 Summary Actions to take today to mitigate cyber threats from ransomware: • Prioritize remediating known exploited vulnerabilities. • Train users to recognize and report phishing attempts. • Enable and enforce multifactor authentication. Note: this joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for… Read more

Devices from Cisco, Netgear and others at risk from the multi-stage malware, which has been active since April 2020 and shows the work of a sophisticated threat actor. Read more

Original release date: June 30, 2022 CISA, the Federal Bureau of Investigation (FBI), the Department of the Treasury (Treasury), and the Financial Crimes Enforcement Network (FinCEN) have released a joint Cybersecurity Advisory (CSA), #StopRansomware: MedusaLocker, to provide information on MedusaLocker ransomware. MedusaLocker actors target vulnerabilities in Remote Desktop Protocol (RDP) to access victims’ networks. Note:… Read more

LIVE EVENT, MONDAY JULY 11: Join Threatpost and Intel Security’s Tom Garrison in a live conversation about innovation enabling stakeholders to stay ahead of a dynamic threat landscape and what Intel learned from their latest study in partnership with Ponemon Institue. Read more

Attacks against U.S. companies spike in Q1 2022 with patchable and preventable external vulnerabilities responsible for bulk of attacks. Read more

Original release date: June 28, 2022  CISA has released guidance on switching from Basic Authentication (“Basic Auth”) in Microsoft Exchange Online to Modern Authentication (“Modern Auth”) before Microsoft begins permanently disabling Basic Auth on October 1, 2022. Basic Auth is a legacy authentication method that does not support multifactor authentication (MFA), which is a requirement… Read more

Original release date: June 28, 2022 The Homeland Security Systems Engineering and Development Institute, sponsored by CISA and operated by MITRE, has released the 2022 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses list. The list uses data from the National Vulnerability Database to compile the most frequent and critical errors that can lead… Read more

CISA warns that threat actors are ramping up attacks against unpatched Log4Shell vulnerability in VMware servers. Read more

Researchers warn threat actors are using a novel remote code execution exploit to gain initial access to victim’s environments. Read more

Original release date: June 27, 2022   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info There were no high vulnerabilities recorded this week. Back to top   Medium Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info There were no medium vulnerabilities recorded this week.… Read more