CISA Adds 15 Known Exploited Vulnerability to Catalog https://ift.tt/BsKupCq Original release date: March 15, 2022 | Last revised: March 16, 2022 CISA has added 15 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent […]

Updated: Kubernetes Hardening Guide https://ift.tt/2KrcxLg Original release date: March 15, 2022 The National Security Agency (NSA) and CISA have updated their joint Cybersecurity Technical Report (CTR): Kubernetes Hardening Guide, originally released in August 2021, based on valuable feedback and inputs from the cybersecurity community.  Kubernetes is an open-source system that automates deployment, scaling, and management […]

Stolen Nvidia certificates used to sign malware—here’s what to do https://ift.tt/rifB6Ny As we wrote on March 3, 2022 Nvidia, was recently attacked by the LAPSUS$ ransomware group. The ensuing data leak included two of NVIDIA’s code signing certificates. Those certificates are now being used to sign malware. Leaked signing certificates from major vendors like Nvidia […]

CaddyWiper: New wiper malware discovered in Ukraine https://ift.tt/zFySCr4 This is the third time in as many weeks that ESET researchers have spotted previously unknown data wiping malware taking aim at Ukrainian organizations ESET researchers have uncovered yet another destructive data wiper that was used in attacks against organizations in Ukraine. Dubbed CaddyWiper by ESET analysts, […]

‘Dirty Pipe’ Linux Flaw Affects a Wide Range of QNAP NAS Devices https://ift.tt/FalWtG9 Network-attached storage (NAS) appliance maker QNAP on Monday warned of a recently disclosed Linux vulnerability affecting its devices that could be abused to elevate privileges and gain control of affected systems. “A local privilege escalation vulnerability, also known as ‘Dirty Pipe,’ has […]