Technagroup Inc.

Security News

1. Cisco Releases Security Advisories for Cisco Integrated Management Controller

   Cisco has released security advisories for vulnerabilities in the Cisco integrated management controller. A remote cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. 

   Users and administrators are encouraged to review the following advisories and apply the necessary updates: 

   • Cisco Integrated Management Controller CLI Command Injection Vulnerability
   • Cisco Integrated Management Controller Web-Based Management Interface Command Injection Vulnerability

2. Oracle Releases Critical Patch Update Advisory for April 2024

   Oracle released its quarterly Critical Patch Update Advisory for April 2024 to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. 

   Users and administrators are encouraged to review the following Critical Patch Update Advisory and apply the necessary updates:  

   • April 2024 Critical Patch Update Advisory

3. CISA and Partners Release Advisory on Akira Ransomware

   Today, CISA, the Federal Bureau of Investigation (FBI), Europol’s European Cybercrime Centre (EC3), and the Netherlands’ National Cyber Security Centre (NCSC-NL) released a joint Cybersecurity Advisory (CSA), #StopRansomware: Akira Ransomware, to disseminate known Akira ransomware tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) identified through FBI investigations as recently as February 2024.

   Evolving from an initial focus on Windows systems to a Linux variant targeting VMware ESXi virtual machines, Akira threat actors began deploying Megazord (a Rust-based code) and Akira (written in C++), including Akira_v2 (also Rust-based) in August 2023. Akira ransomware has impacted a wide range of businesses and critical infrastructure entities in North America, Europe, and Australia and claimed approximately $42 million (USD) in ransomware proceeds.

   CISA and partners encourage critical infrastructure organizations to review and implement the mitigations provided in the joint CSA to reduce the likelihood and impact of Akira and other ransomware incidents. For more information, see CISA’s #StopRansomware webpage and the updated #StopRansomware Guide.

4. CISA Releases Three Industrial Control Systems Advisories

   CISA released three Industrial Control Systems (ICS) advisories on April 18, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

   • ICSA-24-109-01 Unitronics Vision Series PLCs
   • ICSA-21-287-03 Mitsubishi Electric MELSEC iQ-R Series (Update B)
   • ICSA-21-250-01 Mitsubishi Electric MELSEC iQ-R Series (Update B)

   CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations.

5. CISA Releases Four Industrial Control Systems Advisories

   CISA released four Industrial Control Systems (ICS) advisories on April 16, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

   • ICSA-24-107-01 Measuresoft ScadaPro
   • ICSA-24-107-02 Electrolink FM/DAB/TV Transmitter
   • ICSA-24-107-03 Rockwell Automation ControlLogix and GuardLogix
   • ICSA-24-107-04 RoboDK RoboDK

   CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations.