4188 matches found
North Korean Malicious Cyber Activity
The Department of Homeland Security, the Department of the Treasury, and the Federal Bureau of Investigation have identified malware and other indicators of compromise used by the North Korean government in an ATM cash-out scheme—referred to by the U.S. Government as “FASTCash.” The U.S. Governme...
NCCIC Webinar Series on Protecting Enterprise Network Infrastructure Devices
NCCIC is conducting a series of webinars on protecting enterprise network infrastructure devices over the next two weeks. Each webinar will be held from 1-2:30 p.m. ET on the dates listed below: Monday, September 24 Thursday, September 27 Tuesday, October 2 Thursday, October 4 NCCIC encourages...
FTC Promotes Resources to Prevent Cyberbullying
The Federal Trade Commission FTC has released an announcement on the importance of addressing cyberbullying. As children return to school, FTC encourages parents and educators to monitor kids' online activity and engage in conversations about preventing cyberbullying. NCCIC encourages users to...
Adobe Releases Security Updates
Adobe has released security updates to address vulnerabilities in Adobe Photoshop CC. An attacker could exploit these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review Adobe Security Bulletin APSB18-28 and apply the necessary updates. This...
Cisco Releases Security Update
Cisco has released a security update to address a vulnerability in Cisco Prime Collaboration Provisioning. A remote attacker could exploit this vulnerability to cause a denial-of-service condition. NCCIC encourages users and administrators to review the Cisco Security Advisory and apply the...
Malicious Cyber Activity Targeting ERP Applications
Digital Shadows Ltd. and Onapsis Inc. have released a report describing an increase in the exploitation of vulnerabilities in Enterprise Resource Planning ERP applications. ERP applications help organizations manage critical business processes—such as product lifecycle management, customer...
Adobe Releases Security Updates for Flash Player
Adobe has released security updates to address vulnerabilities in Flash Player. A remote attacker could exploit these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review Adobe Security Bulletin APSB18-19 and apply the necessary updates. This...
ISC Releases Security Advisories for BIND
The Internet Systems Consortium ISC has released updates that address vulnerabilities in versions of ISC Berkeley Internet Name Domain BIND. A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition. NCCIC encourages users and administrators to review ISC...
Cisco Releases Security Updates for Multiple Products
Cisco has released several updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the following Cisco Security Advisories and apply the...
Apache Software Foundation Releases Security Update
The Apache Software Foundation has released a security update to address a vulnerability in Struts 2. A remote attacker could exploit this vulnerability to cause a denial-of-service condition. NCCIC/US-CERT encourages users and administrators to review the Apache Security Bulletin and make the...
FTC Releases Article on Choosing VPN Apps for Mobile Phones
The Federal Trade Commission FTC has issued guidance to consumers considering using a Virtual Private Network VPN for their mobile phones. Some mobile phone users choose to use VPNs to shield the information on their phones when using public Wi-Fi networks. NCCIC/US-CERT encourages consumers to...
Apple Releases Security Update for macOS High Sierra
Apple has released a supplemental security update to address a vulnerability in macOS High Sierra 10.13. An attacker could exploit this vulnerability to take control of an affected system. US-CERT encourages users and administrators to review CERT/CC Vulnerability Note VU113765 and the Apple...
Windows ASLR Vulnerability
The CERT Coordination Center CERT/CC has released information on a vulnerability in Windows Address Space Layout Randomization ASLR that affects Windows 8, Windows 8.1, and Windows 10. A remote attacker could exploit this vulnerability to take control of an affected system. US-CERT encourages use...
National Cybersecurity Awareness Month: Simple Steps to Online Safety
October is National Cybersecurity Awareness Month NCSAM, an annual campaign to raise awareness about cybersecurity. The National Cyber Security Alliance NCSA has published general tips to help you increase your cybersecurity awareness—including whom to contact if you are the victim of cyber...
VMware Releases Security Updates
VMware has released security updates to address vulnerabilities in ESXi, vCenter Server, Fusion, and Workstation. Exploitation of one of these vulnerabilities could allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review VMware Security...
Microsoft Releases September 2017 Security Updates
Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of a system. US-CERT encourages users and administrators to review Microsoft's September 2017 Security Update Summary and Deployment...
Juniper Networks Releases Multiple Security Updates
Juniper Networks has released security updates to address multiple vulnerabilities in Junos OS and ScreenOS. A remote attacker could exploit several of these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review the Juniper Security Advisorie...
Joomla! Releases Security Update
Joomla! has released version 3.7.3 of its Content Management System CMS software to address several vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website. US-CERT encourages users and administrators to review the Joomla! Security...
Mozilla Releases Security Updates
Mozilla has released security updates to address multiple vulnerabilities in Firefox and Firefox ESR. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review the Mozilla Security Advisory for Firefo...
Apple Releases Security Updates
Apple has released security updates to address vulnerabilities in multiple products. A remote attacker may exploit some of these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review Apple security pages for the following products and apply t...
Intel Firmware Vulnerability
Intel has released recommendations to address a vulnerability in the firmware of the following Intel products: Active Management Technology, Standard Manageability, and Small Business Technology firmware versions 6.x, 7.x, 8.x, 9.x, 10.x, 11.0, 11.5, and 11.6. This vulnerability does not affect...
Microsoft Ending Security Updates for Windows 10 version 1507
After May 9, 2017, devices running Windows 10 version 1507 will no longer receive security updates. US-CERT encourages users and administrators to review Microsoft's Windows 10 version 1507 post for more information and to apply necessary updates. This product is provided subject to this...
IC3 Warns of Increase in BEC/EAC Schemes
The Internet Crime Complaint Center IC3 has issued an alert describing a growing number of scams targeting businesses working with foreign suppliers or businesses that regularly perform wire transfer payments. These sophisticated scams are classified as business email compromise BEC or email...
Apple Releases Security Update
Apple has released a security update to address a vulnerability in Logic Pro X. Exploitation of this vulnerability may allow an attacker to take control of an affected system. US-CERT encourages users and administrators to review the Apple security page for Logic Pro X and apply the necessary...
WordPress Releases Security Update
WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website. On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2. US-CERT encourages user...
Oracle Releases Security Bulletin
Oracle has released its Critical Patch Update for January 2017 to address 270 vulnerabilities across multiple products. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review the Oracle...
Cisco Releases Security Updates
Cisco has released security updates to address a vulnerability in its Cisco CloudCenter Orchestrator. Exploitation of this vulnerability could allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review the Cisco Security Advisory and apply the...
Cisco Releases Security Updates
Cisco has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the...
Cisco Releases Security Updates
Cisco has released security updates to address vulnerabilities in multiple products. Exploitation of one of these vulnerabilities could allow a remote attacker to take over an affected system. Users and administrators are encouraged to review the following Cisco Security Advisories and apply the...
Cisco Releases Security Updates
Cisco has released security updates to address vulnerabilities in several products. Exploitation of some of these vulnerabilities could allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review the following Cisco Security Advisories and appl...
Cisco Releases Security Updates
Cisco has released security updates to address vulnerabilities in several products. Exploitation of some of these vulnerabilities could allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review the following Cisco Security Advisories and...
Cisco Releases Security Update
Cisco has released a security update to address a vulnerability in its IOS XR Software for ASR 9001 Aggregation Services Routers. Exploitation of this vulnerability could allow an remote attacker to cause a denial-of-service condition. US-CERT encourages users and administrators to review the Cis...
Oracle Releases Security Bulletin
Oracle has released its Critical Patch Update for July 2016 to address 276 vulnerabilities across multiple products. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review the Oracle Ju...
Vulnerabilities Identified in Network Time Protocol Daemon (ntpd)
The Network Time Foundation's NTP Project has released version ntp-4.2.8p8 to address multiple vulnerabilities in ntpd. Exploitation of one of these vulnerabilities may allow a remote attacker to cause a denial-of-service condition. Users and administrators are encouraged to review Vulnerability...
ImageMagick Vulnerability
ImageMagick, an open-source image processing software suite, has released versions 7.0.1-1 and 6.9.3-10 to address a vulnerability in previous software versions. Exploitation of this vulnerability may allow an attacker to take control of an affected system. Users and administrators are encouraged...
Google Releases Security Update for Chrome
Google has released Chrome version 50.0.2661.94 to address multiple vulnerabilities for Windows, Mac, and Linux. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review the Chrome Releas...
Cisco Releases Security Updates
Cisco has released security updates to address vulnerabilities in multiple products. Exploitation of these vulnerabilities could allow a remote attacker to create a denial-of-service condition. US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply...
Symantec Releases Security Update
Symantec has released an update to address vulnerabilities in Symantec Endpoint Protection version 12.1. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review the Security Advisory from...
ISC Releases Security Updates for BIND
The Internet Systems Consortium ISC has released updates that address three vulnerabilities in BIND. Exploitation of these vulnerabilities may allow a remote attacker to cause a denial-of-service condition. Available updates include: BIND 9 version 9.9.8-P4 BIND 9 version 9.10.3-P4 BIND 9 version...
Google Releases Security Update for Chrome
Google has released Chrome version 48.0.2564.109 to address multiple vulnerabilities for Windows, Mac, and Linux. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review the Chrome...
ISC Releases Security Updates for BIND
The Internet Systems Consortium ISC has released security updates to address vulnerabilities in BIND. Exploitation of these vulnerabilities may allow a remote attacker to cause a denial-of-service condition. Available updates include: BIND 9 version 9.9.8-P3 BIND 9 version 9.10.3-P3 BIND 9 versio...
Microsoft Releases January 2016 Security Bulletin
Microsoft has released nine updates to address vulnerabilities in Microsoft software. Exploitation of some of these vulnerabilities could allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review Microsoft Security Bulletins MS16-001...
Mozilla Releases Security Updates
Mozilla has released security updates to address a vulnerability in Firefox. Exploitation of this vulnerability may allow a remote attacker to obtain sensitive information from an affected system. Available updates include: Firefox 43.0.2 Firefox ESR 38.5.2 US-CERT encourages users and...
Internet Systems Consortium (ISC) Releases Security Updates for BIND
ISC has released security updates to address vulnerabilities in BIND. Exploitation of these vulnerabilities may allow a remote attacker to cause a denial-of-service condition. Available updates include: BIND 9 version 9.9.8-P2 BIND 9 version 9.10.3-P2 BIND 9 version 9.9.8-S3 Users and...
IRS Releases Second Tax Security Tip
The Internal Revenue Service IRS has released the second in a series of tips intended to increase public awareness of how to protect personal and financial data online and at home. A new tip will be available each Monday through the start of the tax season in January. US-CERT and IRS recommend...
OpenSSL Patches Multiple Vulnerabilities
OpenSSL has released updates patching four vulnerabilities. Exploitation of one of these vulnerabilities could allow an attacker to cause a denial-of-service condition. Updates available include: OpenSSL 1.0.2e for 1.0.2 users OpenSSL 1.0.1q for 1.0.1 users OpenSSL 1.0.0t for 1.0.0 users OpenSSL...
Symantec Releases Security Update
Symantec has released an update to address vulnerabilities in Symantec Endpoint Protection version 12.1. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review the Security Advisory from...
Vulnerabilities Identified in Network Time Protocol Daemon (ntpd)
The Network Time Foundation's NTP Project has released an update addressing multiple vulnerabilities in ntpd. Exploitation of some of these vulnerabilities may allow an attacker to cause a denial-of-service DoS condition. Users and administrators are encouraged to review the NTP Security Notice...
Apple Releases Security Updates for OS X Server, iTunes, Xcode, and iOS
Apple has released security updates for OS X Server, iTunes, Xcode, and iOS to address multiple vulnerabilities. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Available updates include: OS X Server v5.0.3 for OS X Yosemite v10.10....
Mozilla Releases Security Updates for Firefox
The Mozilla Foundation has released security updates to address a critical vulnerability in Firefox and Firefox ESR. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system. Available updates include: Firefox 40.0.3 Firefox ESR 38.2.1 US-CERT encourage...