Contact

DataEndure | Managed Cybersecurity. It's about time.

Under Attack?
Home > Security Advisories > Security Advisories for the week ending May 13, 2022

Security Advisories for the week ending May 13, 2022

Please see Security Advisories for the week ending May 13, 2022

  • CISA Releases Joint Cybersecurity Advisory on Protecting MSPs and their Customers
  • Google Releases Security Updates for Chrome
  • Adobe Releases Security Updates for Multiple Products
  • Palo Alto Networks Security Advisories – May 2022
  • Microsoft Releases May 2022 Security Updates
  • U.S. Government Attributes Cyberattacks on SATCOM Networks to Russian State-Sponsored Malicious Cyber Actors

_______________________________

CISA Releases Joint Cybersecurity Advisory on Protecting MSPs and their Customers

Situation
The CISA has released a joint Cybersecurity Advisory (CSA) Protecting Against Cyber Threats to Managed Service Providers and their Customers, to provide guidance on how to protect against malicious cyber activity targeting managed service providers (MSPs) and their customers.

Problem
This joint Cybersecurity Advisory (CSA) provides actions for MSPs and their customers can take to reduce their risk of falling victim to a cyber attacks. This advisory describes some cybersecurity best practices for information and communications technology (ICT) services and functions, focusing on guidance that enables transparent discussions between MSPs and their customers on securing sensitive data, this includes:

  • Identify and disable accounts that are no longer in use.
  • Enforce MFA on MSP accounts that access the customer environment and monitor for unexplained failed authentication.
  • Ensure MSP-customer contracts transparently identify ownership of information and communications technology (ICT) security roles and responsibilities.

Implication
Not having proper security measures in place, outlined in this advisory, could leave an organization vulnerable to a cyber intrusion.

Need
The CISA urges organizations to review the joint CSA and take actions to strengthen their defenses against malicious cyber activity.

Additional Resources:
https://www.cisa.gov/uscert/ncas/alerts/aa22-131a

________________________________

Google Releases Security Updates for Chrome

Situation
Google has released Chrome version 101.0.4951.64 for Windows, Mac, and Linux

Problem
This version includes 13 new security fixes.

Implication
An attacker could exploit the vulnerabilities to take control of an affected system.

Need
CISA encourages users and administrators to review the Chrome Release Note and apply the necessary update.

Additional Resources
https://www.cisa.gov/uscert/ncas/current-activity/2022/05/11/google-releases-security-updates-chrome

https://chromereleases.googleblog.com/2022/05/stable-channel-update-for-desktop_10.html

________________________________

Adobe Releases Security Updates for Multiple Products

Situation
Adobe has released security updates for multiple products.

Problem
Current versions of Adobe’s products contain vulnerabilities.

Implication 
An attacker could exploit some of these vulnerabilities to take control of an affected system.

Need
CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates.

CISA Bulletin:
https://www.cisa.gov/uscert/ncas/current-activity/2022/05/12/adobe-releases-security-updates-multiple-products

________________________________

Palo Alto Networks Security Advisories – May 2022

Situation
Palo Alto Networks has published 4 new Security Advisories.

Problem
Multiple vulnerabilities have been found in the following Palo Alto Networks’ softwares:

Implication 
An attacker can exploit some of these vulnerabilities to take control of an affected system.

Need
Review each of the Advisories and perform the necessary Solution Steps. If that isn’t possible, please review and perform the Workarounds/Mitigation steps.

Additional Resources
All Current Palo Alto Networks Security Advisories:
https://security.paloaltonetworks.com/

________________________________

Microsoft Releases May 2022 Security Updates

Situation
Microsoft has released software security updates.

Problem
Multiple vulnerabilities have been found in Microsoft software.

Implication 
An attacker can exploit some of these vulnerabilities to take control of an affected system.

Need
CISA encourages users and administrators to review Microsoft’s May 2022 Security Update
Summary and Deployment Information and apply the necessary updates.

Additional Resources
CISA Announcement:
https://www.cisa.gov/uscert/ncas/current-activity/2022/05/11/microsoft-releases-may-2022-security-updates

Microsoft May 2022 Security Update Summary:
https://msrc.microsoft.com/update-guide/releaseNote/2022-May

Microsoft Deployment Information:
https://msrc.microsoft.com/update-guide/deployments

________________________________

U.S. Government Attributes Cyberattacks on SATCOM Networks to Russian State-Sponsored Malicious Cyber Actors

Situation
CISA and FBI have updated the joint advisory regarding Russian activity in late February against commercial satellite communications networks to disrupt Ukrainian command and control during the Russia invasion.

Problem
Russian activity targeting SATCOM networks pose a threat to SATCOM network providers’ customer environments.

Implication 
Disruption on SATCOM networks could cause unexpected damage to infrastructure.

Need
Follow the recommendations outlined by the advisory on improving and securing SATCOM network equipment.

Additional Resources:
Joint Advisory:

https://www.cisa.gov/uscert/ncas/alerts/aa22-076a

NEW BLOG:Seeing the Bigger Picture: Achieving Digital Resilience
+ +