4188 matches found
Microsoft Releases Security Updates for Windows
Microsoft has released security updates to address a vulnerability in Windows 10 version 1903. An attacker could exploit this vulnerability to overwrite or modify a protected file and gain elevated privileges. The Cybersecurity and Infrastructure Security Agency CISA encourages users and...
CISA, IRS, USSS, and Treasury Release Joint Alert on Scams Related to Coronavirus Economic Impact Payments
The Cybersecurity and Infrastructure Security Agency CISA, U.S. Department of the Treasury, Internal Revenue Service IRS, and United States Secret Service USSS have released a Joint Alert with mitigations to help Americans avoid scams related to coronavirus economic impact payments—particularly...
Steps to Safeguard Against Ransomware Attacks
The Cybersecurity and Infrastructure Security Agency CISA, Multi-State Information Sharing & Analysis Center MS-ISAC, National Governors Association NGA, and the National Association of State Chief Information Officers NASCIO have released a Joint Ransomware Statement with recommendations for sta...
Save the Date: 2019 CISA Cybersecurity Summit
The Cybersecurity and Infrastructure Security Agency CISA will be hosting the 2019 CISA Cybersecurity Summit from September 18-20, 2019, at National Harbor, MD. This summit will provide a forum for critical infrastructure stakeholders to discuss current cybersecurity topics, including emerging...
FBI Releases Article on Securing the Internet of Things
The Federal Bureau of Investigation FBI has released an article on the risks associated with internet-connected devices, commonly referred to as the Internet of Things IoT. FBI warns that cyber threat actors can use unsecured IoT devices as proxies to anonymously pursue malicious cyber activities...
Bluetooth Vulnerability
NCCIC is aware of a vulnerability affecting Bluetooth firmware and operating system software drivers. A remote attacker could exploit this vulnerability to obtain sensitive information. NCCIC encourages users and administrators to review Vulnerability Note VU 304725 for more information and refer...
Global Threats to Information Systems
The advanced capabilities of organized hacker groups and cyber threat actors are an increasing global threat to information systems. Rising threat levels place more demands on cybersecurity personnel and network administrators to protect information systems. Protecting network infrastructure is...
IC3 Issues Alert on Tech Support Fraud
The Internet Crime Complaint Center IC3 has released an alert on tech support fraud. Tech support fraud involves criminals claiming to provide technical support to fix problems that don't exist. Their methods include placing calls, sending pop-ups, engaging misleading lock screens, and sending...
IC3 Warns of Impersonation Scams
The Internet Crime Complaint Center IC3 has released an alert on impersonation scams. In these schemes, scammers send emails impersonating IC3 to trick recipients into providing personally identifiable information or downloading malicious files. Users should use caution when reviewing unsolicited...
Potential Hurricane Harvey Phishing Scams
US-CERT warns users to remain vigilant for malicious cyber activity seeking to capitalize on interest in Hurricane Harvey. Users are advised to exercise caution in handling any email with subject line, attachments, or hyperlinks related to Hurricane Harvey, even if it appears to originate from a...
Joomla! Releases Security Update for CMS
Joomla! has released version 3.6.5 of its Content Management System CMS software to address multiple vulnerabilities. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected website. US-CERT encourages users and administrators to review the Joomla!...
Google Releases Security Updates for Chrome
Google has released Chrome version 54.0.2840.99 for Windows and version 54.0.2840.98 for Linux. These new versions address multiple vulnerabilities that, if exploited, may allow an attacker to take control of an affected system. US-CERT encourages users and administrators to review the Chrome...
Adobe Releases Security Updates
Adobe has released security updates to address vulnerabilities in DNG Software Development Kit SDK, Brackets, Creative Cloud Desktop Application, and Cold Fusion. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Users and...
Drupal Releases Security Updates
Drupal has released updates to address multiple vulnerabilities. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected website. Available updates include: Drupal core 6.38 for 6.x users Drupal core 7.43 for 7.x users Drupal core 8.0.4 for 8.0.x...
US Tax Season Phishing Scams and Malware Campaigns
In the past, US-CERT has received reports of an increased number of phishing scams and malware campaigns that seek to take advantage of the United States tax season. The Internal Revenue Service has issued an advisory on its website warning consumers about potential scams. Tax season phishing...
Scams Exploiting Boston Marathon Explosion
Malicious actors are exploiting the April 15 explosions at the Boston Marathon in attempts to collect money intended for charities and to spread malicious code. Fake websites and social networking accounts have been set up to take advantage of those interested in learning more details about the...
Oracle Releases Critical Patch Update for January 2012
Oracle has released its Critical Patch Update for January 2012 to address 78 vulnerabilities across multiple products. This update contains the following security fixes: 2 for Oracle Database Server 1 for Oracle Fusion Middleware 3 for Oracle E-Business Suite 1 for Oracle Supply Chain Products...
Internet System Consortium Releases BIND Advisory
The Internet System Consortium has released an advisory to address a vulnerability affecting BIND versions 9.7.1 through 9.7.2-P3. This vulnerability may allow an attacker to cause a denial-of-service condition. US-CERT encourages users and administrators using the affected versions of BIND to...
Apple Releases QuickTime 7.6.8
Apple has released QuickTime 7.6.8 to address two vulnerabilities affecting earlier versions of QuickTime for Windows. The first vulnerability is due to improper input validation in the QuickTime ActiveX control. Exploitation of this vulnerability may allow an attacker to execute arbitrary code...
Adobe Releases Security Update for Adobe Reader and Acrobat
Adobe has released an update for Reader and Acrobat to address multiple vulnerabilities. These vulnerabilities affect the following versions: Adobe Reader 9.3.3 and earlier versions for Windows, Macintosh, and UNIX Adobe Acrobat 9.3.3 and earlier versions for Windows and Macintosh Exploitation of...
Microsoft Releases Out-of-Band Security Bulletin Update
Microsoft has released an update to its Security Bulletin Summary for March 2010 and has included the out-of-band bulletin MS10-018. This bulletin addresses ten vulnerabilities in Internet Explorer, including one previously announced in Microsoft Security Advisory 981374. The most severe of these...
Google Releases Chrome 4.0.249.78
Google has released Chrome 4.0.249.78 for Windows to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, obtain sensitive information, bypass security restrictions, or cause a denial-of-service condition. US-CERT encourages users and...
Fortinet Releases Guidance to Address Ongoing Exploitation of Authentication Bypass Vulnerability CVE-2026-24858
Newly disclosed vulnerability Common Vulnerabilities and Exposures CVE-2026-24858link is external Common Weakness Enumeration CWE-288: Authentication Bypass Using an Alternate Path or Channellink is external allows malicious actors with a FortiCloud account and a registered device to log in to...
CISA Adds Five Known Exploited Vulnerabilities to Catalog
CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2021-21311link is external Adminer Server-Side Request Forgery Vulnerability CVE-2025-20352link is external Cisco IOS and IOS XE Software SNMP Denial of Servic...
CISA and FBI Release Secure by Design Alert on Eliminating OS Command Injection Vulnerabilities
Today, CISA and FBI are releasing their newest Secure by Design Alert in the series, Eliminating OS Command Injection Vulnerabilities, in response to recent well-publicized threat actor campaigns that exploited OS command injection defects in network edge devices CVE-2024-20399link is external,...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-3400 Palo Alto Networks PAN-OS Command Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose...
Atlassian Releases Security Advisory for Confluence Data Center and Server
Atlassian released a security advisory to address a vulnerability CVE-2023-22518 affecting Confluence Data Center and Server. A cyber actor could exploit this vulnerability to obtain sensitive information. CISA encourages users and administrators to review CVE-2023-22518 - Improper Authorization...
CISA Releases Guidance for Addressing Cisco IOS XE Web UI Vulnerabilities
Today, CISA, in response to active, widespread exploitation, released guidance addressing two vulnerabilities, CVE-2023-20198 and CVE-2023-20273, affecting Cisco’s Internetworking Operating System IOS XE Software Web User Interface UI. An unauthenticated remote actor could exploit these...
CISA Adds Three Known Exploited Vulnerabilities to Catalog
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation: CVE-2023-40044 Progress WSFTP Server Deserialization of Untrusted Data Vulnerability CVE-2023-42824 Apple iOS and iPadOS Kernel Privilege Escalation Vulnerability...
CISA Releases Eight Industrial Control Systems Advisories
CISA released eight Industrial Control Systems ICS advisories on January 26, 2023.These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for...
CISA Releases Four Industrial Control Systems Advisories
CISA released four Industrial Control Systems ICS advisories on January 17, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for...
Juniper Networks Releases Security Updates for Multiple Products
Juniper Networks has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Juniper Networks’ security advisories page and...
CISA Releases Six Industrial Control Systems Advisories
CISA released six Industrial Control Systems ICS advisories on December 20, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for...
CISA and ACSC Release Top 2021 Malware Strains
CISA and the Australian Cyber Security Centre ACSC have published a joint Cybersecurity Advisory on the top malware strains observed in 2021. Malicious cyber actors often use malware to covertly compromise and then gain access to a computer or mobile device. As malicious cyber actors have been...
CISA Updates Advisory on Cyber Actors Continued Exploitation of Log4Shell in VMware Horizon Systems
CISA has updated the joint CISA-United States Coast Guard Cyber Command CGCYBER Cybersecurity Advisory AA22-174A: Malicious Cyber Actors Continue to Exploit Log4Shell in VMware Horizon, originally released June 23, 2022. The advisory now includes IOCs provided in Malware Analysis Report...
FBI and FinCEN Release Advisory on AvosLocker Ransomware
The Federal Bureau of Investigation FBI and the Department of the Treasury’s Financial Crimes Enforcement Network FinCEN have released a joint Cybersecurity Advisory identifying indicators of compromise associated with AvosLocker ransomware. AvosLocker is a ransomware-as-a-service affiliate-based...
Juniper Networks Releases Security Updates for Multiple Products
Juniper Networks has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Juniper Networks security advisories page an...
NCSC Releases 2021 Annual Review
The United Kingdom UK National Cyber Security Centre NCSC has released its Annual Review 2021, which focuses on its response to evolving and challenging cyber threats. The publication contains highlights of NCSC’s collaboration with trusted cybersecurity partners, including CISA. Examples include...
Citrix Releases Security Updates
Citrix has released security updates to address vulnerabilities affecting multiple versions of Citrix Application Delivery Controller ADC, Gateway, and SD-WAN WANOP. An attacker could exploit these vulnerabilities to cause a denial-of-service condition. CISA encourages users and administrators to...
BrakTooth Proof of Concept Tool Demonstrates Bluetooth Vulnerabilities
On November 1, 2021, researchers publicly released a BrakTooth proof-of-concept PoC tool to test Bluetooth-enabled devices against potential Bluetooth exploits using the researcher’s software tools. BrakTooth—originally disclosed in August 2021—is a family of security vulnerabilities in commercia...
CISA, FBI, and NSA Release Joint Cybersecurity Advisory on BlackMatter Ransomware
CISA, the Federal Bureau of Investigation FBI, and the National Security Agency NSA have released joint Cybersecurity Advisory CSA: BlackMatter Ransomware. Since July 2021, malicious cyber actors have used BlackMatter ransomware to target multiple U.S. critical infrastructure entities, including ...
NSA Releases Guidance on Avoiding the Dangers of Wildcard TLS Certificates and ALPACA Techniques
The National Security Agency NSA has released a Cybersecurity Information CSI sheet with guidance to help secure the Department of Defense, National Security Systems, and Defense Industrial Base organizations from poorly implemented wildcard Transport Layer Security TLS certificates and the...
Drupal Releases Security Updates
Drupal has released security updates to address a critical third-party-library vulnerability that could affect Drupal 7, 8.9, 9.1, and 9.2. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review the Drupal security...
Apache Releases Security Advisory for Tomcat
The Apache Software Foundation has released a security advisory to address a vulnerability in multiple versions of Tomcat. An attacker could exploit this vulnerability to obtain sensitive information. CISA encourages users and administrators to review Apache’s security advisory and apply the...
Cisco Releases Security Updates for Multiple Products
Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. CISA encourages...
Drupal Releases Security Updates
Drupal has released security updates to address a vulnerability affecting Drupal 8.9, 9.0, and 9.1. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review Drupal Advisory SA-CORE-2021-003 and apply the necessary updat...
Cisco Releases Security Updates for Multiple Products
Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. CISA...
Update to CISA-FBI Joint Cybersecurity Advisory on DarkSide Ransomware
CISA and the Federal Bureau of Investigation FBI have updated Joint Cybersecurity Advisory AA21-131A: DarkSide Ransomware: Best Practices for Preventing Disruption from Ransomware Attacks, originally released May 11, 2021. This update provides a downloadable STIX file of indicators of compromise...
Exim Releases Security Update
Exim has released a security update to address multiple vulnerabilities in Exim versions prior to 4.94.2. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Exim 4.94.2 update page and apply t...
Apple Releases Security Updates
Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Apple security pages for the following products and apply the...