Every week, we catalog the major industrial cybersecurity vulnerabilities and updates you should know about. Here are the notable threats from the week of May 15 - 21. Sign up to get these updates right to your inbox!
May 19, 2022
Berkeley Internet Name Domain (BIND)
The Internet Systems Consortium (ISC) released a security advisory for a vulnerability found in BIND that could allow an attacker to cause a denial-of-service condition.
Sources:ISC,
CISA
Mitsubishi Electric
The Mitsubishi Electric MELSEC iQ-F Series contains an improper input validation vulnerability.
Sources:Mitsubishi Electric,
CISA
CISA
CISA released an analysis of FY21 risk and vulnerability assessments explaining successive tactics an attacker could take to compromise an organization through exploiting vulnerabilities.
Sources:CISA Analysis,
CISA
May 18, 2022
F5 Networks
CISA and Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint CSA due to the active exploitation of a vulnerability that affects F5 Networks BIG-IP devices.
Sources:CISA,
CISA
VMware
CISA issued an Emergency Directive and released a CSA due to the active exploitation of multiple vulnerabilities in VMware products.
Sources:CISA Emergency Directives,
CISA,
CISA CSA
May 17, 2022
Joint Cybersecurity Advisory
Cybersecurity authorities of the U.S., Canada, New Zealand, the Netherlands and the U.K. released a joint CSA on 10 routinely exploited vulnerabilities and how to mitigate them.
Sources:Joint CSA,
CISA
Apple
Apple released security updates for multiple products due to vulnerabilities that could lead an attacker to gain control of affected systems.
Sources:Apple,
CISA
May 16, 2022
Apache
Apache released a security advisory for Tomcat due to a vulnerability that could lead to an attacker obtaining sensitive information.
Sources:Apache,
CISA
CISA
CISA added two vulnerabilities to its Known Exploited Vulnerabilities Catalog.
Sources: