Security

HPE security advisory (AV22-449) – Canadian Centre for Cyber Security

Number: AV22-449Date: 10 August 2022 On 9 August 2022, HPE published Security Bulletins to address vulnerabilities in the following products: HPE ProLiant – multiple versions and platforms HPE Synergy 480 Gen10 Plus Compute Module – versions prior to 1.62_07-14-2022 The Cyber Centre encourages users and administrators to review the provided web link and apply the […]

read more

Artificial Intelligence – ITSAP.00.040 – Canadian Centre for Cyber Security

August 2022 | Awareness series The world we live in is being transformed by Artificial Intelligence (AI). This developing technology uses intelligent computer programs (i.e. learning algorithms) to find complex patterns in data to make predictions or classifications. AI is used today to perform specific tasks, such as to use facial recognition to access your mobile device […]

read more

Don’t take the bait: Recognize and avoid phishing attacks – ITSAP.00.101

Step 1: The bait The scammer tailors a message to look like a legitimate one from a major bank or service. Using spoofing techniques the message is sent to numerous recipients in the hope that some will take the bait and fall for the scam. In phishing and whaling attacks, the scammer first gathers details […]

read more

Microsoft security advisory – August 2022 monthly rollup (AV22-448)

Number: AV22-448Date: 9 August 2022 On 9 August 2022, Microsoft published Security Updates to address vulnerabilities in multiple products. Included were critical updates for the following: Azure Batch – versions prior to 1.9.27 Microsoft Exchange Server – multiple versions Windows 11 Windows 10 – multiple versions Windows 8.1 – multiple versions Windows 7 Windows Server […]

read more

Citrix security advisory (AV22-447) – Canadian Centre for Cyber Security

Number: AV22-447Date: 9 August 2022 On 9 August 2022, Citrix published a Security Bulletin to address a vulnerability in the following product: Citrix Hypervisor 7.1 LTSR CU2 The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates. Source link

read more

IBM security advisory (AV22-438) – Canadian Centre for Cyber Security

Number: AV22-438Date: 8 August 2022 Between 1 and 7 August 2022 IBM published Security Bulletins to address vulnerabilities in multiple products. Included were critical updates for the following: IBM DRM – version 2.0.6.13 IBM Sterling B2B Integrator – version 6.0.0.0 to 6.0.3.6, 6.1.0.0 to 6.1.0.5 and 6.1.1.1 IBM Sterling File Gateway – version 6.0.0.0 to […]

read more

Microsoft Edge security advisory (AV22-437)

Number: AV22-437Date: 8 August 2022 On 5 August 2022 Microsoft published a Security Update to address vulnerabilities in the following product: Microsoft Edge – versions prior to 104.0.1293.47 The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary update. Source link

read more

Domain Name Service (DNS) Tampering – ITSAP.40.021

DNS security (DNSSEC) DNSSEC is a method of improving data integrity and authentication security. DNSSEC secures data exchanged in DNS and helps protect sensitive information stored in your DNS records. It provides cryptographic authentication of DNS data. It also provides authenticated denial of existence by allowing a DNSSEC-enabled resolver to confirm that a particular domain […]

read more

Top 10 IT security action items: No.2 patch operating systems and applications – ITSM.10.096

August 2022 | Management series Foreword This document is an unclassified publication that is part of a suite of documents that focus on each of the top 10 IT security actions recommended in ITSM.10.089 Top 10 Information Technology Security Actions to Protect Internet Connected Networks and InformationFootnote 1. Effective date This publication takes effect on August 5, […]

read more

Containers Vulnerability Scanner: Trivy – Hacking Articles

This article talks about Trivy, which is a simple and comprehensive vulnerability scanner for containers and other artifacts, suitable for Continuous Integration and Testing. Table of Contents Introduction Installation Scanning Git Repository Scanning Container Image Scanning Filesystem Scanning the running Containers Embed Trivy in Dockerfile Introduction Trivy is an open-source tool by aqua security to […]

read more

[Control systems] Digi International security advisory (AV22-435)

Number: AV22-435Date: 4 August 2022 On 4 August 2022 ICS-CERT published an ICS Advisory to highlight a vulnerability in the following product: Digi ConnectPort X2D Gateway – all firmware versions manufactured prior to January 2020 Exploitation of this vulnerability could lead to arbitrary code execution. The Cyber Centre encourages users and administrators to review the […]

read more

Cisco security advisory (AV22-434) – Canadian Centre for Cyber Security

Number: AV22-434Date: 3 August 2022 On 3 August 2022 Cisco published Security Advisories to address vulnerabilities in multiple products. Included were critical updates for the following: Cisco Small Business RV Series Routers – multiple versions and platforms Exploitation of these vulnerabilities could lead to arbitrary code execution or cause a denial of service. The Cyber […]

read more