July, 2022 | Cystel

CISA released Security Advisory on MiCODUS MV720 Global Positioning System (GPS) Tracker

19 July 2022/in Archives, News

Original release date: July 19, 2022

CISA has released an Industrial Controls Systems Advisory (ICSA) detailing six vulnerabilities that were discovered in MiCODUS MV720 Global Positioning System Tracker. Successful exploitation of these vulnerabilities may allow a remote actor to exploit access and gain control the global positioning system tracker. These vulnerabilities could impact access to a vehicle fuel supply, vehicle control, or allow locational surveillance of vehicles in which the device is installed.

CISA encourages users and technicians to review ICS Advisory ICSA-22-200-01: MiCODUS MV720 GPS Tracker for technical details and mitigations and the Bitsight Report: Critical Vulnerabilities in Widely Used Vehicle GPS Tracker for additional information.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA Updates Advisory on Cyber Actors Continued Exploitation of Log4Shell in VMware Horizon Systems

18 July 2022/in Archives, News

Original release date: July 18, 2022

CISA has updated the joint CISA-United States Coast Guard Cyber Command (CGCYBER) Cybersecurity Advisory AA22-174A: Malicious Cyber Actors Continue to Exploit Log4Shell in VMware Horizon, originally released June 23, 2022. The advisory now includes IOCs provided in Malware Analysis Report (MAR)-10382580-2.

CISA and CGCYBER encourage users and administrators to update all affected VMware Horizon and Unified Access Gateway (UAG) systems to the latest versions. If updates or workarounds were not promptly applied following VMware’s release of updates for Log4Shell, treat all affected VMware systems as compromised. See the joint advisory for more information and additional recommendations.

This product is provided subject to this Notification and this Privacy & Use policy.

Juniper Networks Releases Security Updates for Multiple Products

14 July 2022/in Archives, News

Original release date: July 14, 2022

Juniper Networks has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the Juniper Networks security advisories page and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Citrix Releases Security Updates for Hypervisor

12 July 2022/in Archives, News

Original release date: July 12, 2022

Citrix has released security updates to address vulnerabilities in Hypervisor. An attacker could exploit these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review Citrix Security Updates CTX461397 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

SAP Releases July 2022 Security Updates

12 July 2022/in Archives, News

Original release date: July 12, 2022

SAP has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review SAP Security Patch Day – July 2022 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Microsoft Releases July 2022 Security Updates

12 July 2022/in Archives, News

Original release date: July 12, 2022

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review Microsoft’s July 2022 Security Update and Deployment Information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Adobe Releases Security Updates for Multiple Products

12 July 2022/in Archives, News

Original release date: July 12, 2022

Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates.

RoboHelp APSB22-10
Acrobat and Reader APSB22-32
Character and Animator APSB22-34
Photoshop APSB22-35

This product is provided subject to this Notification and this Privacy & Use policy.

CISA Adds One Known Exploited Vulnerability to Catalog 

12 July 2022/in Archives, News

Original release date: July 12, 2022

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow in the “Date Added to Catalog” column, which will sort by descending dates.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise. BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the specified criteria.   

This product is provided subject to this Notification and this Privacy & Use policy.

Cisco Releases Security Updates for Multiple Products

7 July 2022/in Archives, News

Original release date: July 7, 2022

Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

CISA encourages users and administrators to review the following Cisco advisories and apply the necessary updates:

Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities cisco-sa-expressway-overwrite-3buqW8LH
Cisco Smart Software Manager On-Prem Denial of Service Vulnerability cisco-sa-onprem-privesc-tP6uNZOS

This product is provided subject to this Notification and this Privacy & Use policy.

OpenSSL Releases Security Update

6 July 2022/in Archives, News

Original release date: July 6, 2022

OpenSSL has released a security update to address a vulnerability affecting OpenSSL 3.0.4. An attacker could exploit this vulnerability to take control of an affected system.

CISA encourages users and administrators to review the OpenSSL advisory and upgrade to the appropriate version.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA released Security Advisory on MiCODUS MV720 Global Positioning System (GPS) Tracker

CISA Updates Advisory on Cyber Actors Continued Exploitation of Log4Shell in VMware Horizon Systems

Juniper Networks Releases Security Updates for Multiple Products

Citrix Releases Security Updates for Hypervisor

SAP Releases July 2022 Security Updates

Microsoft Releases July 2022 Security Updates

Adobe Releases Security Updates for Multiple Products

CISA Adds One Known Exploited Vulnerability to Catalog

Cisco Releases Security Updates for Multiple Products

OpenSSL Releases Security Update

CONTACT INFORMATION

WHERE TO FIND US

CYBER SECURITY EMERGENCY SUPPORT