4188 matches found
Google Releases Security Updates for Chrome
Google has released Chrome version 91.0.4472.77 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates. Thi...
Mozilla Releases Security Updates for Firefox
Mozilla has released security updates to address vulnerabilities in Firefox. An attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Mozilla Security Advisory for Firefox 88.0.1 and apply the necessary updates...
Verify Your Valentine
This Valentine’s Day, before you go looking for love in all the wrong chat rooms, CISA reminds users to be wary of internet romance scams. At first, cyber criminals promise the reward of romance after adopting an alias to appear as a potential partner. Once your heart is hooked on hope, they turn...
Heightened Awareness for Iranian Cyber Activity
Iranian cyber threat actors have been continuously improving their offensive cyber capabilities. They continue to engage in more conventional offensive cyber activities ranging from website defacement, distributed denial of service DDoS attacks, and theft of personally identifiable information PI...
Hurricane-Related Scams
June 1 marks the official start of the 2020 Atlantic hurricane season. The Cybersecurity and Infrastructure Security Agency CISA warns users to remain on alert for malicious cyber activity targeting potential disaster victims and charitable donors following a hurricane. Fraudulent emails—often...
ACSC Releases Securing Content Management Systems Guide
The Australian Cyber Security Centre ACSC has released a cybersecurity guide outlining strategies for identifying and minimizing risks to web servers from installed content management systems CMS. This guidance provides effective mitigation strategies organizations can use to better protect their...
CISA Launches “Cyber Essentials” for Small Businesses and Small SLTT Governments
The Cybersecurity and Infrastructure Security Agency CISA has launched Cyber Essentials, an effort to assist small organizations in understanding and addressing cybersecurity risks. Developed in partnership with small businesses and small state, local, tribal, and territorial SLTT governments,...
Microsoft Reports Global Cyberattacks on Sporting and Anti-Doping Organizations from Russian Espionage Actors
Microsoft publicly released information revealing an uptick in cyberattacks globally targeting anti-doping authorities and sporting organizations. The Microsoft Threat Intelligence Center MSTIC routinely tracks malicious activity originating from the Russian advanced persistent threat APT group 2...
FBI Expands Election Security Resources
The Federal Bureau of Investigation FBI has released additional election security resources as part of the Protected Voices initiative. Created in partnership with FBI, the Department of Homeland Security, and the Office of the Director of National Intelligence, Protected Voices is an effort to...
NSA Releases Advisory on Mitigating Recent VPN Vulnerabilities
The National Security Agency NSA has released an advisory on advanced persistent threat APT actors exploiting multiple vulnerabilities in Virtual Private Network VPN applications. A remote attacker could exploit these vulnerabilities to take control of an affected system. The Cybersecurity and...
Atlassian Releases Security Updates for Jira
Atlassian has released security updates to address a vulnerability affecting Jira Server and Jira Data Center. A remote attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to...
ICSJWG Spring Meeting April 23–25
The Industrial Control Systems Joint Working Group ICSJWG—a collaborative and coordinating body operating under the Critical Infrastructure Partnership Advisory Council framework—will hold the 2019 ICSJWG Spring Meeting in Kansas City, MO, April 23–25, 2019. ICSJWG facilitates information sharing...
Multiple Vulnerabilities in WPA3 Protocol
The CERT Coordination Center CERT/CC has released information on vulnerabilities—referred to as Dragonblood—in WPA3 protocol. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages...
Adobe Releases Security Updates for ColdFusion
Adobe has released security updates to address a vulnerability in ColdFusion. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild. The Cybersecurity and Infrastructure Security Agency CISA encourages users and...
Microsoft Releases November 2018 Security Updates
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review Microsoft’s November 2018 Security Update Summary and...
VMware Releases Security Advisory
VMware has released a security advisory to address a vulnerability in ESXi, Workstation, and Fusion. An attacker could exploit this vulnerability to cause a denial-of-service condition. NCCIC encourages users and administrators to review VMware Security Advisory VMSA-2018-0025 and apply the...
Google Releases Security Update for Chrome
Google has released Chrome version 67.0.3396.87 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take control of an affected system. NCCIC encourages users and administrators to review the Chrome Release page and apply the necessary update. Thi...
Intel Firmware Vulnerability
Intel has released recommendations to address vulnerabilities in the firmware of the following Intel products: Management Engine, Server Platform Services, and Trusted Execution Engine. An attacker could exploit some of these vulnerabilities to take control of an affected system. US-CERT encourag...
Cisco Releases Security Update
Cisco has released a security update to address a vulnerability in its Voice Operating System software platform. Exploitation of this vulnerability could allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review the Cisco Security Advisor...
Cisco Releases Security Updates
Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the...
Joomla! Releases Security Update for CMS
Joomla! has released version 3.7.1 of its Content Management System CMS software to address a vulnerability. Exploitation of this vulnerability may allow a remote attacker to take control of an affected website. Users and administrators are encouraged to review the Joomla! Security Release and...
Intel Firmware Vulnerability
Intel has released recommendations to address a vulnerability in the firmware of the following Intel products: Active Management Technology, Standard Manageability, and Small Business Technology, firmware versions 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6. This vulnerability does not affect...
Google Releases Security Update for Chrome
Google has released Chrome version 57.0.2987.98 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that, if exploited, may allow an attacker to take control of an affected system. US-CERT encourages users and administrators to review the Chrome Releases page and apply th...
SMB Security Best Practices
In response to public reporting of a potential Server Message Block SMB vulnerability, US-CERT is providing known best practices related to SMB. This service is universally available for Windows systems, and legacy versions of SMB protocols could allow a remote attacker to obtain sensitive...
Adobe Releases Security Update for Adobe Connect
Adobe has released a security update to address a vulnerability in Adobe Connect for Windows. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review the Adobe Security Bulletin APSB16-17 and apply the...
Mozilla Releases Security Updates
Mozilla has released security updates to address multiple vulnerabilities in Firefox and Firefox ESR. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Available updates include: Firefox 46 Firefox ESR 38.8 Firefox ESR 45.1 Users and...
Cisco Releases Security Updates
Cisco has released security updates to address vulnerabilities in multiple products. Exploitation of these vulnerabilities could allow a remote attacker to cause a denial-of-service condition on an affected system. US-CERT encourages users and administrators to review the following Cisco Security...
Apple Releases Multiple Security Updates
Apple has released security updates for iOS, watchOS, tvOS, Xcode, OS X El Capitan, OS X Server 5.1, and Safari to address multiple vulnerabilities. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Available updates include: iOS 9.3...
Mozilla Releases Security Updates
Mozilla has released security updates to address multiple vulnerabilities in Firefox and Firefox ESR. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Available updates include: Firefox 45 Firefox ESR 38.7 Users and administrators ar...
OpenSSL Releases Security Advisory
OpenSSL versions 1.0.2f and 1.0.1r have been released to address vulnerabilities in prior versions. Exploitation of these vulnerabilities may allow a remote attacker to obtain sensitive information. US-CERT encourages users and administrators to review the OpenSSL Security Advisory and apply the...
IC3 Warns of Cyber Attacks Focused on Law Enforcement and Public Officials
The Internet Crime Complaint Center IC3 has issued an alert warning that law enforcement personnel and public officials may be at an increased risk of cyber attacks. In addition to doxing the act of gathering and publishing individuals' personal information without permission, threat actors have...
Apache Commons Collections Java Library Vulnerability
US-CERT is aware of a deserialization vulnerability in the Apache Commons Collections ACC Java library. Java applications that either directly use ACC, or contain ACC in their classpath, may be vulnerable to arbitrary code execution. US-CERT encourages users and administrators to review...
VMware Releases Security Advisory
VMware has released security updates to address security vulnerabilities in vCenter and ESXi. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review VMware Security Advisory VMSA-2015-0007 a...
Required Group Policy Preference Actions for Microsoft Security Bulletin MS14-025
US-CERT is aware of continued exploitation of insecurely stored passwords in Group Policy Preferences, due to incomplete implementations of Microsoft Security Bulletin MS14-025. Systems may still be vulnerable to exploitation if administrators have not cleared all previously stored passwords from...
IC3 Issues Alert on Gift Card Scams
The Internet Crime Complaint Center IC3 has released an alert warning consumers of fraud around the resale of gift cards. The secondary gift card market has grown in recent years, and criminal activity has been identified on sites facilitating such exchanges. When purchasing gift cards, look for...
Microsoft Releases June 2015 Security Bulletin
Microsoft has released eight updates to address vulnerabilities in Microsoft Windows. Exploitation of some of these vulnerabilities could allow remote code execution or elevation of privileges. US-CERT encourages users and administrators to review Microsoft Security Bulletins MS15-056 through...
Cisco Releases Semiannual IOS Software Security Advisory Bundled Publication
Cisco has released its semiannual Cisco IOS Software Security Advisory Bundled Publication. This publication includes seven Security Advisories that address vulnerabilities in Cisco IOS Software. Exploits of these vulnerabilities could result in a denial of service DoS condition, interface queue...
"Misfortune Cookie" Broadband Router Vulnerability
Broadband routers employing the Allegro RomPager firmware prior to versions 4.34 contain a vulnerability in HTTP cookie processing code. Exploitation of this vulnerability could allow a remote attacker to take control of an affected device. Users and administrators are encouraged to review...
Apple Releases Security Updates for iOS and Apple TV
Apple has released security updates for iOS devices and Apple TV to address multiple vulnerabilities, one of which could allow an attacker to decrypt data protected by SSL. Updates available include: iOS 8.1 for iPhone 4s and later, iPod touch 5th generation and later, and iPad 2 and later Apple ...
Google Releases Security Updates for Chrome and Chrome OS
Google has released security updates to address multiple vulnerabilities in Chrome and Chrome OS, one of which could potentially allow an attacker to take control of the affected system. Updates available include: Chrome 38.0.2125.104 for Windows, Mac and Linux Chrome OS 38.0.2125.108 for all...
Apple Releases OS X bash Update 1.0
Apple has released OS X bash Update 1.0 to address vulnerabilities found in the Bourne-again Shell bash which could allow a remote attacker to execute arbitrary shell commands. US-CERT recommends users and administrators review Apple Security Update HT6495, TA14-268A, Vulnerability Note VU252743...
CPNI Releases Paper on Improving Defenses Against Targeted Attack
The United Kingdom's Centre for the Protection of National Infrastructure CPNI has released a report on its “Improving Defenses Against Targeted Attack" iDATA cyber research program. The report contains descriptions and outcomes from a number of projects aimed at addressing threats posed by natio...
Microsoft Releases Security Advisory for Improperly Issued Digital Certificates
Microsoft has released a security advisory to address improperly issued SSL certificates that could be used in attempts to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. This issue affects all supported releases of Microsoft Windows. Users and administrators are...
Adobe Releases Security Updates for Flash Player and Air
Adobe has released security updates to address multiple vulnerabilities in Flash Player and Air. Exploitation of these vulnerabilities could potentially allow an attacker to take control of the affected system. The following updates are available: Adobe Flash Player 14.0.0.145 for Windows,...
OpenSSL Releases Security Advisory
OpenSSL has released updates patching 6 vulnerabilities, which may allow an attacker to decrypt or modify traffic between a vulnerable client and server, cause a denial of service condition, or remotely execute arbitrary code. The following updates are available: OpenSSL 0.9.8 SSL/TLS users shoul...
Mozilla Releases Security Updates for Firefox, Thunderbird, and Seamonkey
The Mozilla Foundation has released security updates to address multiple vulnerabilities in Firefox, Thunderbird, and Seamonkey. Exploitation of these vulnerabilities may allow an attacker to obtain sensitive information, cause a denial-of-service condition, execute arbitrary code, conduct phishi...
Apple Releases Security Updates for iOS devices and Apple TV
Apple has released updates for iOS and Apple TV devices to address a vulnerability that allows an attacker with a privileged network position to capture or modify data in protected SSL/TLS sessions. Updates are available: iOS 6.1.6 for iPhone 3GS and iPod touch 4th generation. iOS 7.0.6 for iPhon...
Security Updates Available for Adobe Flash Player
Adobe has released security updates to address a vulnerability in Adobe Flash Player 12.0.0.44 or earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.336 or earlier versions for Linux. Exploitation of this vulnerability could allow an attacker to take control of an affected...
Reports of D-Link Router Backdoor
US-CERT is aware of reports that the firmware for various D-Link routers contains a backdoor that allows unauthenticated remote users to bypass the routers' password authentication mechanism. An unauthenticated remote attacker can take any action as an administrator using the remote management we...
Microsoft Releases Advance Notification for October Security Bulletin
Microsoft has issued a Security Bulletin Advance Notification indicating that its October release will contain eight bulletins. These bulletins will have the severity rating of critical and important and will be for Microsoft Windows, Internet Explorer, .NET Framework, Office, Server Software, an...