Guacamaya Hacks libera correos robados mediante vulnerabilidad en Exchange
Fueron 6 terabytes de información filtrada, que equivale a 36 millones de documentos PDF, 1.5 millones de fotos o 3 mil horas de video, según detalló el grupo de hackers “Guacamaya” en su cuenta de twitter. Sin precisar cuándo ocurrieron los ataques, López Obrador confirmó las versiones de prensa sobre el hackeo de los sistemas […]
Mozilla Releases Security Update for Thunderbird on 30/09/2022 at 4:06 pm
Original release date: September 30, 2022Mozilla has released a security update to address a vulnerability in Thunderbird. An attacker could exploit this vulnerability to take control of an affected system.
CISA encourages users and administrators to review the Mozilla security advisory for Thunderbird 102.3.1 and make the necessary update.
This product is provided subject to this Notification and this Privacy & Use policy.
Cisco Releases Security Updates for Multiple Products on 30/09/2022 at 4:17 pm
Original release date: September 30, 2022Cisco has released security updates for vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing high and low severity vulnerabilities, see the Cisco Security Advisories page.
CISA encourages users and administrators to review the advisories and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
Drupal Releases Security Update on 30/09/2022 at 5:01 pm
Original release date: September 30, 2022Drupal has released a security update to address a vulnerability affecting multiple versions of Drupal. An attacker could exploit this vulnerability to access sensitive information. For advisories addressing lower severity vulnerabilities, see Drupal’s Security advisories.
CISA encourages users and administrators to review Drupal’s security advisory SA-CORE-2022-016 and apply the necessary update.
This product is provided subject to this Notification and this Privacy & Use policy.
Hurricane-Related Scams on 30/09/2022 at 3:49 pm
Original release date: September 30, 2022CISA warns users to remain on alert for malicious cyber activity targeting potential disaster victims and charitable donors following a hurricane. Fraudulent emails—often containing malicious links or attachments—are common after major natural disasters. Exercise caution in handling emails with hurricane-related subject lines, attachments, or hyperlinks. In addition, be wary of social media pleas, texts, or door-to-door solicitations relating to severe weather events.
To avoid becoming victims of malicious activity, users and administrators should review the following resources and take preventative measures.
Staying Alert to Disaster-related Scams
Before Giving to a Charity
Staying Safe on Social Networking Sites
Avoiding Social Engineering and Phishing Attacks
Using Caution with Email Attachments
If you believe you have been a victim of cybercrime, file a complaint with Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3) at www.ic3.gov.
This product is provided subject to this Notification and this Privacy & Use policy.
Microsoft Releases Guidance on Zero-Day Vulnerabilities in Microsoft Exchange Server on 30/09/2022 at 4:25 pm
Original release date: September 30, 2022Microsoft has released Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server. According to the blog post, “Microsoft is aware of limited targeted attacks using the two vulnerabilities to get into users’ systems.” The two vulnerabilities are CVE-2022-41040 and CVE-2022-41082, affecting on-premises Microsoft Exchange Server 2013, 2016, and 2019. Note: Microsoft Exchange Online is not affected.
An attacker could exploit these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review Microsoft’s Security Advisory and apply the necessary mitigations until patches are made available.
This product is provided subject to this Notification and this Privacy & Use policy.