11 matches found
Critical ForgeRock Access Management Vulnerability
Malicious cyber actors are actively exploiting a pre-authorization remote code execution vulnerability CVE-2021-35464 in ForgeRock Access Management—a commercial open access management solution that is based on OpenAM, an open-source access management solution. An attacker exploiting this...
Drupal Releases Security Updates
Drupal has released security updates to address a vulnerability affecting Drupal. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review Drupal Advisory SA-CORE-2021-001 and apply the necessary updates or mitigations...
Malicious Activity Targeting COVID-19 Research, Vaccine Development
In response to malicious activity targeting COVID-19 research and vaccine development in the United States, United Kingdom UK, and Canada, the Cybersecurity and Infrastructure Security Agency CISA, UK’s National Cyber Security Centre NCSC, Canada’s Communications Security Establishment CSE, and t...
Caller Poses as CISA Rep in Extortion Scam
The Cybersecurity and Infrastructure Security Agency CISA is aware of a phone scam where a caller pretends to be a CISA representative. The scammer claims to have knowledge of the potential victim’s questionable behavior and attempts to extort money. If you receive a threatening call from someone...
Multiple Vulnerabilities in Pulse Secure VPN
The CERT Coordination Center CERT/CC has released information on multiple vulnerabilities affecting Pulse Secure Virtual Private Network VPN. An attacker could exploit these vulnerabilities to take control of an affected system. These vulnerabilities have been targeted by advanced persistent thre...
Vulnerability in Multiple VPN Applications
The CERT Coordination Center CERT/CC has released information on a vulnerability affecting multiple Virtual Private Network VPN applications. An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages...
VK.com: Злом (virus).. Смотрим кто голосовал в анонимном опросе!!
Просмотр участников в некоторых анонимных опросах...
Symantec Releases Security Update
Symantec has released an update to address vulnerabilities in the Symantec Messaging Gateway. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review the Symantec Security Advisory and...
Microsoft Addresses Shadow Brokers Exploits
The Microsoft Security Response Center MSRC has published information on several recently publicized exploit tools which affect various Microsoft products. Users and administrators are reminded that software no longer supported by Microsoft also known as end-of-life EOL software is particularly a...
Certain TLS Implementations Vulnerable to POODLE Attacks
A new variant of the POODLE attack may affect some TLS implementations on account of an issue similar to one present in SSL 3.0. Successful exploitation may enable actors to derive plaintext from encrypted communications. US-CERT encourages users and administrators to review TA14-290A for...
WordPress Releases Version 3.1.1
WordPress has released WordPress 3.1.1 to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to conduct cross-site request forgery attacks, conduct cross-site scripting attacks, or cause a denial-of-service condition. US-CERT encourages users and...