4188 matches found
Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird
Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators t...
NSA Releases Guidance on Limiting Location Data Exposure
The National Security Agency NSA has released an information sheet with guidance on how to limit location data exposure for National Security System NSS / Department of Defense DoD system users, as well as the general public. NSA outlines mobile device geolocation services and provides...
Cisco Releases Security Updates for Multiple Products
Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit one of these vulnerabilities to take obtain sensitive information. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the...
Adobe Releases Security Updates
Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the...
VMware Releases Security Updates for Multiple Products
VMware has released security updates to address a vulnerability in VMware Fusion, Remote Console, and Horizon Client. An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators t...
Cisco Releases Multiple Security Updates
Cisco has released security updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. The...
North Korean Malicious Cyber Activity
The Cybersecurity and Infrastructure Security Agency CISA, the Federal Bureau of Investigation FBI, and the Department of Defense DoD have identified three malware variants—COPPERHEDGE, TAINTEDSCRIBE, and PEBBLEDASH—used by the North Korean government. In addition, U.S. Cyber Command has released...
Apple Releases Security Update for Xcode
Apple has released a security update to address vulnerabilities in Xcode. A remote attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the Apple security page for...
Juniper Networks Releases Security Updates
Juniper Networks has released security updates to address multiple vulnerabilities in various Juniper products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and...
Point-to-Point Protocol Daemon Vulnerability
The CERT Coordination Center CERT/CC has released information on a vulnerability affecting Point-to-Point Protocol Daemon versions 2.4.2 through 2.4.8. A remote attacker can exploit this vulnerability to take control of an affected system. Point-to-Point Protocol Daemon is used to establish...
OpenSMTPD Releases Version 6.6.4p1 to Address a Critical Vulnerability
OpenSMTPD has released version 6.6.4p1 to address a critical vulnerability. A remote attacker could exploit this vulnerability to take control of an affected server. OpenSMTPD is an open-source server-side implementation of the Simple Mail Transfer Protocol SMTP that is part of the OpenBSD Projec...
Adobe Releases Security Updates for After Effects and Media Encoder
Adobe has released security updates to address vulnerabilities in After Effects and Media Encoder. An attacker could exploit these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review Adobe...
FBI Releases IC3 2019 Internet Crime Report
The Federal Bureau of Investigation FBI Internet Crime Complaint Center IC3 has released the 2019 Internet Crime Report, which includes statistics based on data reported by the public through the IC3 website. The top three crimes types reported by victims in 2019 were...
Increased Emotet Malware Activity
The Cybersecurity and Infrastructure Security Agency CISA is aware of a recent increase in targeted Emotet malware attacks. Emotet is a sophisticated Trojan that commonly functions as a downloader or dropper of other malware. Emotet primarily spreads via malicious email attachments and attempts t...
Reminder: Safeguard Websites from Cyberattacks
Protect personal and organizational public-facing websites from defacement, data breaches, and other types of cyberattacks by following cybersecurity best practices. The Cybersecurity and Information Security Agency CISA encourages users and administrators to review CISA’s updated Tip on Website...
Citrix Application Delivery Controller and Citrix Gateway Vulnerability
The CERT Coordination Center CERT/CC has released information on a vulnerability affecting Citrix Application Delivery Controller and Citrix Gateway. A remote attacker could exploit this vulnerability to run arbitrary code on a targeted system. This vulnerability was detected in exploits in the...
Google Releases Security Updates for Chrome
Google has released Chrome 78.0.3904.108 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the Chrome...
NSA and NCSC Release Joint Advisory on Turla Group Activity
The National Security Agency NSA and the United Kingdom National Cyber Security Centre NCSC have released a joint advisory on advanced persistent threat APT group Turla—widely reported to be Russian and also known as Snake, Uroburos, VENEMOUS BEAR, or Waterbug. The advisory provides an update to...
Juniper Networks Releases Security Updates
Juniper Networks has released security updates to address multiple vulnerabilities in various Juniper products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and...
iTerm2 Vulnerability
The CERT Coordination Center CERT/CC has released information on a vulnerability CVE-2019-9535 affecting iTerm2, a macOS terminal emulator. An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages user...
MS-ISAC Releases Advisory on PHP Vulnerability
The Multi-State Information Sharing & Analysis Center MS-ISAC has released an advisory on a vulnerability in Hypertext Preprocessor PHP. An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users a...
FBI Safe Online Surfing Challenge
The Federal Bureau of Investigation FBI has launched the Safe Online Surfing SOS Challenge, encouraging educators to promote web literacy and safety for students during the 2019-20 school year. FBI developed the program to educate children on how to navigate the web securely using activities that...
MS-ISAC Releases Advisory on PHP Vulnerabilities
The Multi-State Information Sharing & Analysis Center MS-ISAC has released an advisory on multiple Hypertext Preprocessor PHP vulnerabilities. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA...
Apple Releases Multiple Security Updates
Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the App...
IRS Security Summit Series for Tax Professionals: Create a Data Theft Recovery Plan
The fifth and final step in the Internal Revenue Service IRS Security Summit series for tax professionals is creating a data theft recovery plan. IRS issued a news release highlighting the importance of understanding the risks posed by national and international cybersecurity criminal syndicates,...
Intel Releases Security Updates
Intel has released security updates to address vulnerabilities in Intel Solid State Drives for Data Centers and Intel Processor Diagnostic Tool. An attacker could exploit these vulnerabilities to gain an escalation of privileges on a previously infected machine. The Cybersecurity and Infrastructu...
Microsoft Releases July 2019 Security Updates
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review...
Cisco Releases Security Updates for Data Center Network Manager
Cisco has released security updates to address vulnerabilities in Cisco Data Center Network Manager DCNM. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and...
VMware Releases Security Updates for Tools and Workstation
VMware has released security updates to address vulnerabilities affecting Tools 10 and Workstation 15. An attacker could exploit one of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to...
Cisco Releases Security Updates for Multiple Products
Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review t...
PrinterLogic Print Management Software Vulnerabilities
The CERT Coordination Center CERT/CC has released information on vulnerabilities affecting PrinterLogic Print Management Software. A remote attacker could exploit these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages user...
Dutch NCSC Releases Updated TLS Guidelines
The Dutch National Cyber Security Centre NCSC has published an update to their Transport Layer Security TLS protocol guidelines, which aim to improve TLS configuration security. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the Dutch NCSC ...
North Korean Malicious Cyber Activity
The Department of Homeland Security DHS and the Federal Bureau of Investigation FBI have identified a Trojan malware variant—referred to as HOPLIGHT—used by the North Korean government. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA. The...
Mozilla Releases Security Updates for Firefox
Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the...
Cisco Releases Security Updates
Cisco has released multiple security updates to address vulnerabilities in various Cisco products. An attacker could exploit some of those vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review...
IRS Launches ‘Dirty Dozen’ Campaign on Tax Scams
The Internal Revenue Service IRS has launched its annual awareness campaign on the 12 most prevalent tax scams, known as the “Dirty Dozen.” As part of the campaign, IRS will highlight one scam each weekday. The first topic in the campaign focuses on internet phishing scams that lead to tax fraud...
Microsoft Releases Security Advisory for Exchange Server
Microsoft has released an advisory to address an elevation of privilege vulnerability in Microsoft Exchange Server. An attacker could exploit this vulnerability to take control of an affected system. The National Cybersecurity and Communications Integration Center NCCIC, part of the Cybersecurity...
Google Releases Security Updates for Chrome
Google has released Chrome version 72.0.3626.81 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that an attacker could exploit to take control of an affected system. The National Cybersecurity and Communications Integration Center NCCIC, part of the Cybersecurity and...
Data Privacy Day
January 28 is Data Privacy Day DPD, an annual effort to promote data privacy awareness and education. This year’s DPD events, sponsored by the National Cyber Security Alliance NCSA, focus around the theme, A New Era in Privacy. The NCSA Stay Safe Online website will feature a live stream of the...
CISA Emergency Directive on DNS Infrastructure Tampering
The U.S. Department of Homeland Security DHS Cybersecurity and Infrastructure Security Agency CISA issued an emergency directive to address ongoing incidents associated with global Domain Name System DNS infrastructure tampering. CISA is aware of multiple executive branch agency domains that were...
Adobe Releases Security Updates
Adobe has released security updates to address vulnerabilities in Adobe Experience Manager. An attacker could exploit these vulnerabilities to obtain sensitive information. The National Cybersecurity and Communications Integration Center NCCIC, part of the Cybersecurity and Infrastructure Securit...
Oracle Releases October 2018 Security Bulletin
Oracle has released its Critical Patch Update for October 2018 to address 301 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the Oracle October 2018...
Juniper Networks Releases Security Updates
Juniper Networks has released security updates to address vulnerabilities affecting multiple Junos OS versions. An attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the Juniper Security Advisories websit...
Microsoft Releases October 2018 Security Updates
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review Microsoft’s October 2018 Security Update Summary and...
North Korean Malicious Cyber Activity
The Department of Homeland Security, the Department of the Treasury, and the Federal Bureau of Investigation have identified malware and other indicators of compromise used by the North Korean government in an ATM cash-out scheme—referred to by the U.S. Government as “FASTCash.” The U.S. Governme...
NCCIC Webinar Series on Protecting Enterprise Network Infrastructure Devices
NCCIC is conducting a series of webinars on protecting enterprise network infrastructure devices over the next two weeks. Each webinar will be held from 1-2:30 p.m. ET on the dates listed below: Monday, September 24 Thursday, September 27 Tuesday, October 2 Thursday, October 4 NCCIC encourages...
September is National Preparedness Month
National Preparedness Month is a good opportunity to assess your emergency preparedness. While general preparedness is essential to getting through an emergency related to a natural disaster, the same is true of preparing for a cyber-related event, such as identity theft or a ransomware infection...
FTC Promotes Resources to Prevent Cyberbullying
The Federal Trade Commission FTC has released an announcement on the importance of addressing cyberbullying. As children return to school, FTC encourages parents and educators to monitor kids' online activity and engage in conversations about preventing cyberbullying. NCCIC encourages users to...
Adobe Releases Security Updates
Adobe has released security updates to address vulnerabilities in Adobe Photoshop CC. An attacker could exploit these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review Adobe Security Bulletin APSB18-28 and apply the necessary updates. This...
Linux Kernel Vulnerability
NCCIC is aware of a Linux kernel vulnerability affecting Linux versions 4.9 and greater. An attacker could exploit this vulnerability to cause a denial-of-service condition. NCCIC encourages users and administrators to review the Vulnerability Note VU 962459 and apply the necessary updates. This...