Telecrane F25 Series

1. EXECUTIVE SUMMARY CVSS v3 7.6 ATTENTION: Low skill level to exploit Vendor: Telecrane Equipment: F25 Series Vulnerability: Authentication Bypass by Capture-Replay 2. RISK EVALUATION Successful exploitation of this vulnerability could allow unauthorized users to view commands, replay commands,...

Advantech WebAccess

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Advantech Equipment: WebAccess Vulnerabilities: Stack-based Buffer Overflow, External Control of File Name or Path, Improper Privilege Management, Path Traversal 2. RISK EVALUATION Successful...

GAIN Electronic Co. Ltd SAGA1-L Series

1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION: Exploitable from an adjacent network/low skill level to exploit Vendor: GAIN Electronic Co. Ltd Equipment: SAGA1-L series Vulnerabilities: Authentication Bypass by Capture-replay, Improper Access Control, Improper Authentication 2. RISK EVALUATION...

FTC Promotes International Charity Fraud Awareness Week

The Federal Trade Commission FTC has released an announcement promoting the first International Charity Fraud Awareness Week ICFAW. FTC, the National Association of State Charities Officials, and state and international partners coordinated this effort to raise awareness about donating wisely to...

Microsoft Releases Security Update for Yammer

Microsoft has released a security update to address a vulnerability in the Yammer desktop application. A remote attacker could exploit this vulnerability to take control of an affected system. NCCIC encourages users and administrators to review the Microsoft Security Advisory and apply the...

NCSC Releases 2018 Annual Review

The United Kingdom's UK National Cyber Security Centre NCSC has released its Annual Review for 2018, which provides a snapshot of their work from September 1, 2017, to August 31, 2018. NCSC provides enhanced services to protect the UK against cybersecurity threats. NCCIC encourages users and...

libssh Releases Security Updates

libssh has released security updates addressing a vulnerability affecting libssh versions 0.6 and above. A remote attacker could exploit this vulnerability to take control of an affected system. NCCIC encourages users and administrators to review the libssh Security Release for additional...

Drupal Releases Security Updates

Drupal has released security updates addressing multiple vulnerabilities in Drupal 7.x and 8.x. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review Drupal's Security Advisory and apply the necessa...

Cisco Releases Security Updates

Cisco has released security updates to address multiple vulnerabilities affecting Cisco products. An attacker could exploit one of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the Cisco Security Advisories and Alerts webpage and...

Omron CX-Supervisor (Update A)

1. EXECUTIVE SUMMARY CVSS v3 7.0 Vendor: Omron Equipment: CX-Supervisor Vulnerabilities: Improper Restriction of Operations within the Bounds of a Memory Buffer, Out-Of-Bounds Read, Use-After-Free, Incorrect Type Conversion or Cast 2. UPDATE INFORMATION This updated advisory is a follow-up to the...

Oracle Releases October 2018 Security Bulletin

Oracle has released its Critical Patch Update for October 2018 to address 301 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the Oracle October 2018...

FBI Releases Article on Defending Against Payroll Phishing Scams

The Federal Bureau of Investigation FBI has released an article on building a digital defense against phishing scams targeting electronically deposited paychecks. In these schemes, scammers use phishing emails to direct employees to fraudulent websites and collect their work credentials. Scammers...

LCDS - Leão Consultoria e Desenvolvimento de Sistemas Ltda ME LAquis SCADA

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: LCDS – Leão Consultoria e Desenvolvimento de Sistemas LTDA ME Equipment: LAquis SCADA Vulnerabilities: Untrusted Pointer Dereference, Out-of-Bounds Read, Integer Overflow to Buffer Overflow, Path...

National Cybersecurity Awareness Month: Workplace Cybersecurity

October is National Cybersecurity Awareness Month, an annual campaign to raise awareness about cybersecurity. Creating a culture of cybersecurity is critical for all organizations—large and small businesses, academic institutions, non-profits, and government agencies—and is a responsibility share...

Google Releases Security Update for Chrome

Google has released Chrome version 70.0.3538.67 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. NCCIC encourages users and administrators to review the Chrome Releases page and apply the necessary update. Th...

VMware Releases Security Updates

VMware has released security updates to address a vulnerability in ESXi, Workstation, and Fusion. An attacker could exploit this vulnerability to take control of an affected system. NCCIC encourages users and administrators to review VMware Security Advisory VMSA-2018-0026 and apply the necessary...

MS-ISAC Releases Advisory on PHP Vulnerabilities

The Multi-State Information Sharing & Analysis Center MS-ISAC has released an advisory on multiple Hypertext Preprocessor PHP vulnerabilities. An attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review MS-ISAC...

Delta Industrial Automation TPEditor

1. EXECUTIVE SUMMARY CVSS v3 6.6 ATTENTION: Low skill level to exploit Vendor: Delta Electronics Equipment: Delta Industrial Automation TPEditor Vulnerabilities: Out-of-bounds Write, Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could crash the...

NCCIC Releases Joint Alert on Worldwide Malicious Activity Using Publicly Available Tools

NCCIC, in collaboration with the Australian Cyber Security Centre, the Canadian Centre for Cyber Security, the New Zealand National Cyber Security Centre, and the United Kingdom National Cyber Security Centre, has released a joint Activity Alert that highlights five publicly available tools...

NUUO NVRmini2 and NVRsolo

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available Vendor: NUUO Equipment: NVRmini2, NVRsolo Vulnerabilities: Stack-based Buffer Overflow, Leftover Debug Code 2. RISK EVALUATION Successful exploitation of these...