Month: June 2022

Original release date: June 14, 2022 Citrix has released security updates to address vulnerabilities in Application Delivery Management. An attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Citrix Security Update CTX460016 and apply the necessary updates. This product is provided subject to this Notification and… Read more

Original release date: June 14, 2022 Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s June 2022 Security Update Summary and Deployment Information and apply the necessary updates. This product is provided… Read more

Original release date: June 13, 2022   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info demokratian — demokratian A vulnerability was found in Demokratian. It has been rated as critical. Affected by this issue is some unknown functionality of the file basicos_php/genera_select.php. The manipulation of the argument id_provincia with… Read more

Original release date: June 8, 2022 CISA has added 36 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog,… Read more

Original release date: June 7, 2022 Summary Best Practices • Apply patches as soon as possible • Disable unnecessary ports and protocols • Replace end-of-life infrastructure • Implement a centralized patch management system This joint Cybersecurity Advisory describes the ways in which People’s Republic of China (PRC) state-sponsored cyber actors continue to exploit publicly known… Read more

Original release date: June 7, 2022 CISA, the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) have released a joint Cybersecurity Advisory (CSA) to provide information on ways in which People’s Republic of China (PRC) state-sponsored cyber actors continue to exploit publicly known vulnerabilities in order to establish a broad network of… Read more

Original release date: June 7, 2022 Owl Labs has released security updates to address a vulnerability (CVE-2022-31460) in Meeting Owl Pro and Whiteboard Owl. An attacker could exploit this vulnerability to obtain sensitive information.  CISA encourages users and administrators to review the Owl Labs security advisories for Meeting Owl Pro and Whiteboard Owl and update to Version 5.4.1.4. … Read more

The vulnerability remains unpatched on many versions of the collaboration tool and has potential to create a SolarWinds-type scenario. Read more

A government-aligned attacker tried using a Microsoft vulnerability to attack U.S. and E.U. government targets. Read more

Original release date: June 6, 2022   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info microsoft — windows_server_2012 Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability. 2022-06-01 9.3 CVE-2022-30190 N/A Back to top   Medium Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch… Read more