Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird Original release date: June 29, 2022
Original release date: June 29, 2022 Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Mozilla security advisories for Firefox 102, Firefox ESR 91.11, and Thunderbird […]
AA22-108A: TraderTraitor: North Korean State-Sponsored APT Targets Blockchain Companies
Original release date: April 18, 2022 | Last revised: April 20, 2022 Summary Actions to take today to mitigate cyber threats to cryptocurrency: • Patch all systems. • Prioritize patching known exploited vulnerabilities. • Train users to recognize and report phishing attempts. • Use multifactor authentication. The Federal Bureau of Investigation (FBI), the Cybersecurity and […]
AA22-110A: Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure
Original release date: April 20, 2022 | Last revised: May 9, 2022 Summary Actions critical infrastructure organizations should implement to immediately protect against Russian state-sponsored and criminal cyber threats: • Patch all systems. Prioritize patching known exploited vulnerabilities. • Enforce multifactor authentication. • Secure and monitor Remote Desktop Protocol and other risky services. • Provide […]
AA22-137A: Weak Security Controls and Practices Routinely Exploited for Initial Access
Original release date: May 17, 2022 Summary Best Practices to Protect Your Systems: • Control access. • Harden Credentials. • Establish centralized log management. • Use antivirus solutions. • Employ detection tools. • Operate services exposed on internet-accessible hosts with secure configurations. • Keep software updated. Cyber actors routinely exploit poor security configurations (either misconfigured […]
AA22-117A: 2021 Top Routinely Exploited Vulnerabilities
Original release date: April 27, 2022 | Last revised: April 28, 2022 Summary This joint Cybersecurity Advisory (CSA) was coauthored by cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom: the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), Australian Cyber Security Centre […]
AA22-131A: Protecting Against Cyber Threats to Managed Service Providers and their Customers
Original release date: May 11, 2022 Summary Tactical actions for MSPs and their customers to take today: • Identify and disable accounts that are no longer in use. • Enforce MFA on MSP accounts that access the customer environment and monitor for unexplained failed authentication. • Ensure MSP-customer contracts transparently identify ownership of ICT security […]