CYNET – Page 70 – CYNET-CSIRT

AA21-336A: APT Actors Exploiting CVE-2021-44077 in Zoho ManageEngine ServiceDesk Plus

Original release date: December 2, 2021SummaryThis joint Cybersecurity Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9. See the ATT&CK for Enterprise framework for referenced…

Comments Off

December 3, 2021

Current Activity

NSA and CISA Release Part III of Guidance on Securing 5G Cloud Infrastructures

Original release date: December 2, 2021CISA has announced the joint National Security Agency (NSA) and CISA publication of the third of a four-part series, Security Guidance for 5G Cloud Infrastructures. Part…

Comments Off

December 3, 2021

Current Activity

Mozilla Releases Security Updates for Network Security Services

Original release date: December 2, 2021Mozilla has released security updates to address a vulnerability in Network Security Services (NSS). An attacker could exploit this vulnerability to take control of an…

Comments Off

December 3, 2021

Current Activity

CISA Adds Five Known Exploited Vulnerabilities to Catalog

Original release date: December 1, 2021CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the…

Comments Off

December 1, 2021

Bulletins

Vulnerability Summary for the Week of November 22, 2021

Original release date: November 29, 2021 High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info 4mosan -- gcb_doctor 4MOSAn GCB Doctor’s login page has improper…

Comments Off

November 29, 2021

Current Activity

CISA Releases Capacity Enhancement Guides to Enhance Mobile Device Cybersecurity for Consumers and Organizations

Original release date: November 24, 2021CISA has released actionable Capacity Enhancement Guides (CEGs) to help users and organizations improve mobile device cybersecurity. The CEG: Mobile Device Cybersecurity Checklist for Consumers…

Comments Off

November 24, 2021

Current Activity

Reminder for Critical Infrastructure to Stay Vigilant Against Threats During Holidays and Weekends

Original release date: November 22, 2021As Americans prepare to hit the highways and airports this Thanksgiving holiday, CISA and the Federal Bureau of Investigation (FBI) are reminding critical infrastructure partners…

Comments Off

November 22, 2021

Bulletins

Vulnerability Summary for the Week of November 15, 2021

Original release date: November 22, 2021 High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info adobe -- after_effects Adobe After Effects version 18.4.1 (and earlier)…

Comments Off

November 22, 2021

Current Activity

Updated: APT Exploitation of ManageEngine ADSelfService Plus Vulnerability

Original release date: November 19, 2021The Federal Bureau of Investigation (FBI), CISA, and Coast Guard Cyber Command (CGCYBER) have updated the Joint Cybersecurity Advisory (CSA) published on September 16, 2021,…

Comments Off

November 20, 2021

Current Activity

NSA and CISA Release Guidance on Securing 5G Cloud Infrastructures

Original release date: November 19, 2021CISA has announced the joint National Security Agency (NSA) and CISA publication of the second of a four-part series, Security Guidance for 5G Cloud Infrastructures.…

Comments Off

November 19, 2021