CISA adds Critical CWP vulnerability to Known Exploited Vulnerabilities Catalog
The Cybersecurity and Infrastructure Security Agency (CISA) has added one Critical Control Web Panel (CWP) vulnerability to its Known Exploited Vulnerabilities Catalog.
Cybersecurity
Google releases Chrome 102 (102.0.5005.115) security updates with fixes for 4 High severity vulnerabilities
eleased Chrome version 102.0.5005.115 for Windows, Mac and Linux, with fixes for seven vulnerabilities (four rated High severity).
Microsoft releases emergency patches for Exchange Server RCE vulnerabilities exploited in the wild (Updated)
Microsoft has released emergency out-of-band security updates to fix multiple Critical vulnerabilities impacting Microsoft Exchange Server 2013, 2016 and 2019, collectively known as “ProxyLogon.” The tech giant also published interim mitigations if organizations can not patch immediately, as well as an IOC detection tool.
5 Good Cybersecurity Lessons Learned From FTC Law Enforcement Actions
Several years ago, the Federal Trade Commission (FTC) released a good video that is still highly relevent today. The video explains how companies can leverage NIST’s Cybersecurity Framework to greatly improve security in their organization. In this article, we highlight the five key tenants from the framework and how they could have possibly prevented FTC action and penalties.
DOJ Framework for vulnerability disclosure
The Department of Justice (DOJ) Criminal Division Cybersecurity Unit has developed a framework to assist organizations interested in creating a formal vulnerability disclosure program.