Internet Romance Scams

The Federal Trade Commission FTC has released an article addressing a rise in reports of internet romance scams. In this type of fraud, cyber criminals gain the confidence of their victims and trick them into sending money. Use caution when online dating, and never send money or gifts to someone...

WIBU SYSTEMS AG WibuKey Digital Rights Management (Update D)

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits available Vendor: WIBU-SYSTEMS AG Equipment: WibuKey Digital Rights Management DRM Vulnerabilities: Information Exposure, Out-of-bounds Write, Heap-based Buffer Overflow 2. UPDATE...

Marvell Avastar Wi-Fi Vulnerability

The CERT Coordination Center CERT/CC has released information on a vulnerability affecting Marvell Avastar wireless system on chip SoC models. An attacker could exploit this vulnerability to take control of an affected system. The National Cybersecurity and Communications Integration Center NCCIC...

AVEVA InduSoft Web Studio and InTouch Edge HMI

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low skill level to exploit Vendor : AVEVA Software, LLC AVEVA Equipment : InduSoft Web Studio and InTouch Edge HMI formerly InTouch Machine Edition Vulnerabilities : Missing Authentication for Critical Function, Resource Injection...

Microsoft Releases Security Advisory for Exchange Server

Microsoft has released an advisory to address an elevation of privilege vulnerability in Microsoft Exchange Server. An attacker could exploit this vulnerability to take control of an affected system. The National Cybersecurity and Communications Integration Center NCCIC, part of the Cybersecurity...

Rockwell Automation EtherNet/IP Web Server Modules

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Rockwell Automation Equipment: EtherNet/IP Web Server Modules Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker...

IDenticard PremiSys (Update A)

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit/vulnerability details have been publicly disclosed Vendor: IDenticard Equipment: PremiSys Vulnerabilities: Use of Hard-coded Credentials, Use of Hard-coded Password, Inadequate Encryption Strength 2...

Mozilla Releases Security Update for Thunderbird

Mozilla has released a security update to address vulnerabilities in Thunderbird. An attacker could exploit one of these vulnerabilities to take control of an affected system. The National Cybersecurity and Communications Integration Center NCCIC, part of the Cybersecurity and Infrastructure...

MS-ISAC Releases Advisory on DNS Flag Day

The Multi-State Information Sharing & Analysis Center MS-ISAC has released an alert on Domain Name System DNS Flag Day, which is Friday, February 1, 2019. On DNS Flag Day, DNS software and service providers will roll out updates to remove workarounds that allow users to bypass the Extension...

Google Releases Security Updates for Chrome

Google has released Chrome version 72.0.3626.81 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that an attacker could exploit to take control of an affected system. The National Cybersecurity and Communications Integration Center NCCIC, part of the Cybersecurity and...

Mozilla Releases Security Updates for Firefox

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. The National Cybersecurity and Communications Integration Center NCCIC, part of the Cybersecurity and...

Yokogawa License Manager Service

1. EXECUTIVE SUMMARY CVSS v8.1 ATTENTION : Exploitable remotely Vendor : Yokogawa Equipment : License Manager Service Vulnerability : Unrestricted Upload of Files with Dangerous Type 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to remotely upload files,...

BD FACSLyric (Update A)

1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Low skill level to exploit Vendor: Becton, Dickinson and Company BD Equipment: FACSLyric Vulnerability: Improper Access Control 2. UPDATE INFORMATION This updated medical device advisory is a follow-up to the original advisory titled ICSMA-19-029-02 BD...

CERT/CC Reports Microsoft Exchange 2013 and Newer are Vulnerable to NTLM Relay Attacks

The CERT Coordination Center CERT/CC has released information to address NTLM relay attacks affecting Microsoft Exchange 2013 and newer versions. A remote attacker could exploit this vulnerability to take control of an affected system. The National Cybersecurity and Communications Integration...

CISA Releases Blog on Emergency Directive

The U.S. Department of Homeland Security DHS Cybersecurity and Infrastructure Security Agency CISA Director Christopher Krebs, has released a blog, titled “Why CISA Issued Our First Emergency Directive,” to explain considerations in issuing Emergency Directive 19-01 on January 22, 2019. The...

Cisco Releases Security Updates

Cisco has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The National Cybersecurity and Communications Integration Center NCCIC, part of the Cybersecurity and Infrastructure...

Johnson Controls Facility Explorer

1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION: Exploitable remotely Vendor: Johnson Controls Equipment: Facility Explorer Vulnerabilities: Path Traversal, Improper Authentication 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to read, write, and delete...

Adobe Releases Security Updates

Adobe has released security updates to address vulnerabilities in Adobe Experience Manager. An attacker could exploit these vulnerabilities to obtain sensitive information. The National Cybersecurity and Communications Integration Center NCCIC, part of the Cybersecurity and Infrastructure Securit...

Drupal Releases Security Updates

Drupal has released security updates addressing vulnerabilities in Drupal 7.x, 8.5.x, and 8.6.x. A remote attacker could exploit these vulnerabilities to take control of an affected system. The National Cybersecurity and Communications Integration Center NCCIC, part of the Cybersecurity and...

Oracle Releases January 2019 Security Bulletin

Oracle has released its Critical Patch Update for January 2019 to address 284 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The National Cybersecurity and Communications Integration Center NCCIC, part...