VMware Releases Security Updates

Original release date: March 24, 2022

VMware has released security updates to address multiple vulnerabilities in VMware Carbon Black App Control software. A remote attacker could exploit these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review VMware Security Advisory VMSA-2022-0008 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Drupal Releases Security Updates

Original release date: March 22, 2022

Drupal has released security updates to address a vulnerability affecting Drupal 9.2 and 9.3. An attacker could exploit this vulnerability to take control of an affected system.

CISA encourages users and administrators to review Drupal Security Advisory SA-CORE-006 and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.

FBI and FinCEN Release Advisory on AvosLocker Ransomware

Original release date: March 22, 2022

The Federal Bureau of Investigation (FBI) and the Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) have released a joint Cybersecurity Advisory identifying indicators of compromise associated with AvosLocker ransomware. AvosLocker is a ransomware-as-a-service affiliate-based group that has targeted victims across multiple critical infrastructure sectors in the United States including, but not limited to, the Financial Services, Critical Manufacturing, and Government Facilities sectors. 

CISA encourages organizations to review the joint Cybersecurity Advisory and apply the recommended mitigations.

This product is provided subject to this Notification and this Privacy & Use policy.

CRI-O Security Update for Kubernetes

Original release date: March 18, 2022

CRI-O has released a security update addressing a critical vulnerability—CVE-2022-0811—in CRI-O 1.19. A local attacker could exploit this vulnerability to take control of an affected Kubernetes environment as well as other software or platforms that use CRI-O runtime containers.

CISA encourages users and administrators to review the CRI-O Security Advisory and apply the necessary updates or workarounds.

This product is provided subject to this Notification and this Privacy & Use policy.

Strengthening Cybersecurity of SATCOM Network Providers and Customers

Original release date: March 17, 2022

CISA and the Federal Bureau of Investigation (FBI) are aware of possible threats to U.S. and international satellite communications (SATCOM) networks. Successful intrusions into SATCOM networks could create additional risk for SATCOM network customer environments.

In response, CISA and FBI have published joint Cybersecurity Advisory (CSA) Strengthening Cybersecurity of SATCOM Network Providers and Customers, which provides mitigations and resources to strengthen SATCOM provider and customer cybersecurity.

CISA and FBI strongly encourage critical infrastructure organizations and, specifically, organizations that are SATCOM network providers or customers to review the joint CSA and implement the mitigations. CISA and FBI will update the joint CSA as new information becomes available.

This product is provided subject to this Notification and this Privacy & Use policy.

ISC Releases Security Advisories for BIND

Original release date: March 17, 2022

The Internet Systems Consortium (ISC) has released security advisories that address vulnerabilities affecting multiple versions of ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition.

CISA encourages users and administrators to review the following ISC advisories and apply the necessary updates or workarounds.

This product is provided subject to this Notification and this Privacy & Use policy.

OpenSSL Releases Security Updates

Original release date: March 17, 2022

OpenSSL has released security updates addressing a vulnerability affecting multiple versions of OpenSSL. An attacker could exploit this vulnerability to cause a denial-of-service condition.

CISA encourages users and administrators to review the OpenSSL Advisory and upgrade to the appropriate version.

This product is provided subject to this Notification and this Privacy & Use policy.

Drupal Releases Security Updates

Original release date: March 17, 2022

Drupal has released security updates to address vulnerabilities affecting Drupal 9.2 and 9.3. An attacker could exploit one of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review Drupal Advisory SA-CORE-2022-05 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

WordPress Releases Security Update

Original release date: March 17, 2022

WordPress versions prior to 5.9.2 are affected by multiple vulnerabilities. Exploitation of some of these vulnerabilities could allow a remote attacker to take control of an affected website.

CISA encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 5.9.2.

This product is provided subject to this Notification and this Privacy & Use policy.

Apple Releases Security Updates for Multiple Products

Original release date: March 16, 2022

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. 

CISA encourages users and administrators to review the Apple security page and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.