Contact

DataEndure | Managed Cybersecurity. It's about time.

Under Attack?
Home > Security Advisories > Security Advisory Roll Up: Week Ending April 8, 2022

Security Advisory Roll Up: Week Ending April 8, 2022

Please see Security Advisories for the week ending April 8, 2022

  • Guidance on Sharing Cyber Incident Information
  • Mozilla Releases Security Updates for Firefox and Firefox ESR
  • Google Releases Security Updates for Chrome

________________________________

Guidance on Sharing Cyber Incident Information

Situation
CISA’s Sharing Cyber Event Information Fact Sheet provides federal or critical infrastructure partners with clear guidance and information about what to share, who should share, and how to share information about unusual cyber incidents or activity.

Problem
When there is lack of information shared to CISA, CISA can’t use the information to render the appropriate assistance to provide warning and prevention for other organizations and entities from falling victim to similar attacks.

Implication 
This information fills critical information gaps and allows CISA to rapidly deploy resources to assist victims suffering attacks, analyze incoming reporting across sectors, and quickly share that information with network defenders to warn other potential victims.
Need

  • Observe the activity.
  • Act by taking local steps to mitigate the threat.
  • Report the event.

For further information regarding the Guidance on Sharing Cyber Incident Information please follow the given links:

Link to the main page:

https://www.cisa.gov/uscert/ncas/current-activity/2022/04/07/guidance-sharing-cyber-incident-information

Link to the PDF:
https://www.cisa.gov/sites/default/files/publications/Sharing_Cyber_Event_Information_Fact_Sheet_FINAL_v4.pdf

________________________________

Mozilla Releases Security Updates for Firefox and Firefox ESR

Situation

Mozilla has released new security updates.

Problem
Current versions of Firefox and Firefox ESR contain vulnerabilities.

Implication 
An attacker could exploit some of these vulnerabilities to take control of an affected system.

Need
CISA encourages users and administrators to review the Mozilla security advisories for Firefox 99 and Firefox ESR 91.8 and apply the necessary updates.

Link to CISA advisory:

us-cert.cisa.gov/ncas/current-activity/2022/04/06/mozilla-releases-security-updates-firefox-and-firefox-esr

Link to Mozilla Firefox 99 Advisory:

https://www.mozilla.org/en-US/security/advisories/mfsa2022-13/

Link to Mozilla Firefox ESR 91.8 Advisory:

https://www.mozilla.org/en-US/security/advisories/mfsa2022-14/

________________________________

Google Releases Security Updates for Chrome

Situation
Google has released Chrome version 100.0.4896.75 for Windows, Mac, and Linux.

Problem
Google is aware that an exploit for CVE-2022-1232 exists in the wild.

Implication 
an attacker could exploit the vulnerability to take control of an affected system.

Need
Review the catalog by CISA and apply the necessary updates

Google Releases Security Updates for Chrome:

Google Releases Security Updates for Chrome

Chrome Release Notes:

https://chromereleases.googleblog.com/search/label/Stable%20updates

_____________________________

NEW BLOG:Seeing the Bigger Picture: Achieving Digital Resilience
+ +