7x Second Security [28-March-2022]
Do this: Patch immediately.
Why: On Friday, Google dispatched an out-of-band security update to address a high severity vulnerability in its Chrome browser that is being actively exploited in the wild.
Additional Info: https://thehackernews.com/2022/03/google-issues-urgent-chrome-update-to.html
Using HP printers?
Do this: Patch immediately and follow the company provided mitigation instructions.
Why: HP has published security advisories for three critical-severity vulnerabilities affecting its LaserJet Pro, Pagewide Pro, OfficeJet, Enterprise, Large Format, and DeskJet printer models that could be exploited for information disclosure, remote code execution, and denial of service.
Additional Info: https://www.bleepingcomputer.com/news/security/hundreds-of-hp-printer-models-vulnerable-to-remote-code-execution/
Do this: Mandate multi-factor authentication (but not SMS-based), make use of modern authentication options such as OAuth or SAML, review individual sign-ins for signs of anomalous activity, and monitor incident response communications for unauthorized attendees.
Why: Okta has been compromised by theLAPSUS$ hackers resulting in targeted SSO supply chain attacks. They also have access to customers downstream and have the ability to carry out malicious actions in their apps.
Additional Info: https://thehackernews.com/2022/03/microsoft-and-okta-confirm-breach-by.html