Mozilla Releases Security Updates for Thunderbird and Firefox
Original release date: December 13, 2022Mozilla has released security updates to address vulnerabilities in Thunderbird, Firefox ESR, and Firefox. An attacker could exploit these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review Mozilla’s security advisories for Thunderbird 102.6, Firefox ESR 102.6, and Firefox 108 for more information and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
Microsoft Releases December 2022 Security Updates
Original release date: December 13, 2022Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review Microsoft’s December 2022 Security Update Guide and Deployment Information and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
NSA, CISA, and ODNI Release Guidance on Potential Threats to 5G Network Slicing
Original release date: December 13, 2022Today, the National Security Agency (NSA), CISA, and the Office of the Director of National Intelligence (ODNI), published Potential Threats to 5G Network Slicing. This guidance—created by the Enduring Security Framework (ESF), a public-private cross-sector working group led by the NSA and CISA—presents both the benefits and risks associated with 5G network slicing. It also provides mitigation strategies that address potential threats to 5G network slicing. The guidance builds upon ESF’s Potential Threat Vectors to 5G Infrastructure, published in 2021.
CISA encourages 5G providers, integrators, and network operators to review this guidance and implement the recommended mitigations. For additional 5G guidance, visit CISA.gov/5G-library.
This product is provided subject to this Notification and this Privacy & Use policy.
CISA Updates Advisory on #StopRansomware: Cuba Ransomware
Original release date: December 13, 2022The Federal Bureau of Investigation (FBI) and CISA have updated joint Cybersecurity Advisory AA22-335A: #StopRansomware: Cuba Ransomware, originally released on December 01, 2022. The advisory has been updated to include additional indicators of compromise (IOCs).
CISA encourages organizations to review the latest update to AA22-335A and apply the recommended mitigations.
This product is provided subject to this Notification and this Privacy & Use policy.
Citrix Releases Security Updates for Citrix ADC, Citrix Gateway
Original release date: December 13, 2022Citrix has released security updates to address a critical vulnerability (CVE-2022-27518) in Citrix ADC and Citrix Gateway. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability has been exploited in the wild.
CISA encourages users and administrators to review Citrix security bulletin CTX457836 and Citrix’s blog post for more information and to apply the necessary updates. Additionally, CISA urges organizations to review NSA’s advisory APT5: Citrix ADC Threat Hunting Guidance for detection and mitigation guidance against tools employed by a malicious actor targeting vulnerable Citrix ADC systems.
This product is provided subject to this Notification and this Privacy & Use policy.
Cisco advierte sobre una falla sin parchear de alta gravedad que afecta el firmware de los teléfonos IP
Cisco ha publicado un nuevo aviso de seguridad que advierte de una falla de alta gravedad que afecta al firmware de las series IP Phone 7800 y 8800 que podría ser potencialmente explotada por un atacante no autenticado para causar la ejecución remota de código o una condición de denegación de servicio (DoS). El especialista […]