4188 matches found
Intel Releases Security Updates
Intel has released security updates to address vulnerabilities in multiple products. An attacker could exploit these vulnerabilities to gain escalation of privileges. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the following Intel...
Intel Releases Security Updates
Intel has released security updates to address vulnerabilities in multiple products. An authenticated attacker with local access could exploit some of these vulnerabilities to gain escalation of privileges. The Cybersecurity and Infrastructure Security Agency CISA encourages users and...
CISA Releases Emergency Directive and Activity Alert on Critical Microsoft Vulnerabilities
The Cybersecurity and Infrastructure Security Agency CISA has released an Emergency Directive and Activity Alert addressing critical vulnerabilities affecting Windows CryptoAPI, Windows Remote Desktop Gateway RD Gateway, and Windows Remote Desktop Client. A remote attacker could exploit these...
WordPress Releases Security and Maintenance Updates
WordPress 5.3 and prior versions are affected by multiple vulnerabilities. An attacker could exploit some of these vulnerabilities to take control of an affected website. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the WordPress Security...
VMware Releases Security Updates
VMware has released security updates to address vulnerabilities in ESXi, Workstation, and Fusion. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review...
Apple Releases Security Updates
Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the Apple...
Google Releases Security Updates for Chrome
Google has released Chrome version 78.0.3904.70 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the...
Multiple Vulnerabilities in Pulse Secure VPN
The CERT Coordination Center CERT/CC has released information on multiple vulnerabilities affecting Pulse Secure Virtual Private Network VPN. An attacker could exploit these vulnerabilities to take control of an affected system. These vulnerabilities have been targeted by advanced persistent thre...
iTerm2 Vulnerability
The CERT Coordination Center CERT/CC has released information on a vulnerability CVE-2019-9535 affecting iTerm2, a macOS terminal emulator. An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages user...
Prepare for National Cybersecurity Awareness Month
October is National Cybersecurity Awareness Month NCSAM, which is a collaborative effort between the Cybersecurity and Infrastructure Security Agency CISA and its public and private partners—including the National Cyber Security Alliance NCSA—to ensure every American has the resources they need t...
VMware Releases Security Updates for Multiple Products
VMware has released security updates to address vulnerabilities in ESXi and vCenter. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review VMware Securi...
2019 CWE Top 25 Most Dangerous Software Errors
MITRE has released the 2019 Common Weakness Enumeration CWE Top 25 Most Dangerous Software Errors list. The Top 25 is a compilation of the most frequent and critical errors that can lead to serious vulnerabilities in software. An attacker can often exploit these vulnerabilities to take control of...
North Korean Malicious Cyber Activity
The Cybersecurity and Infrastructure Security Agency CISA and the Federal Bureau of Investigation FBI have identified two malware variants—referred to as ELECTRICFISH and BADCALL—used by the North Korean government. The U.S. Government refers to malicious cyber activity by the North Korean...
NCSC Releases UK Cyber Incident Trends Report
The United Kingdom UK National Cyber Security Centre NCSC has released a report detailing cyber incident trends in the UK from October 2018 to April 2019. The report provides technical guidance on how to defend against, and recover from, the following cyber threats: ransomware, phishing,...
Potential Hurricane Dorian Cyber Scams
The Cybersecurity and Infrastructure Security Agency CISA warns users to remain vigilant for malicious cyber activity targeting Hurricane Dorian disaster victims and potential donors. Fraudulent emails commonly appear after major natural disasters and often contain links or attachments that direc...
Cisco Releases Security Updates for Multiple Products
Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review t...
Google Releases Security Updates for Chrome
Google has released Chrome version 76.0.3809.132 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the...
Adobe Releases Security Updates for Multiple Products
Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the following...
FTC Releases Alert on the Capital One Data Breach
The Federal Trade Commission FTC has released an alert on the Capital One data breach that exposed the personal information of 106 million Capital One credit card customers and applicants. FTC reminds users to check and monitor their credit report to protect against identify theft and to be aware...
ACSC Releases Updated Essential Eight Maturity Model
The Australian Cyber Security Centre ACSC has released updates to its Essential Eight Maturity Model. The model assists organizations in determining the maturity of their implementation of the Essential Eight—ACSC’s list of the top mitigation strategies to help organizations protect their systems...
Cisco Releases Security Updates for Multiple Products
Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the...
Dell Releases Security Advisory for Dell SupportAssist
Dell has released a security advisory to address a vulnerability in Dell SupportAssist software. An attacker could exploit this vulnerability to access sensitive information. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review Dell Security...
FTC Releases Alert on Updating Software
The Federal Trade Commission FTC has released an alert on keeping software up to date to help protect sensitive information such as financial and tax information. The Cybersecurity and Infrastructure Security Agency CISA encourages consumers to review the FTC article and FTC’s OnGuardOnline for...
IC3 Issues Alert on HTTPS Phishing
The Internet Crime Complaint Center IC3 has released an alert on Hypertext Transfer Protocol Secure HTTPS phishing—a scheme which lures email recipients into visiting malicious websites that look legitimate and secure. The Cybersecurity and Infrastructure Security Agency CISA encourages users and...
Google Releases Security Update for Chrome
Google has released Chrome version 75.0.3770.80 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that an attacker could exploit to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to revie...
Mozilla Releases Security Updates for Firefox, Thunderbird
Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators t...
Adobe Releases Security Updates
Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review Adobe Securit...
North Korean Malicious Cyber Activity
The Department of Homeland Security DHS and the Federal Bureau of Investigation FBI have identified a malware variant—referred to as ELECTRICFISH—used by the North Korean government. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA. The...
Cisco Releases Security Updates
Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review t...
Google Releases Security Updates for Chrome
Google has released Chrome version 74.0.3729.131 for Windows, Mac, and Linux. This version addresses two vulnerabilities, one of which an attacker could exploit to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to...
Supply Chain Integrity Month
April is Supply Chain Integrity Month. The Cybersecurity and Infrastructure Security Agency CISA, the Office of the Director of National Intelligence ODNI, and the Department of Defense DOD are partnering to promote the importance of supply chain security and risk management. Breaches in the supp...
ASUS Releases Security Update for Live Update Software
ASUS has released Live Update version 3.6.8. This version addresses vulnerabilities that a remote attacker could exploit to take control of an affected system. These vulnerabilities were detected in exploits in the wild. The Cybersecurity and Infrastructure Security Agency CISA encourages users a...
Intel Releases Security Advisories on Multiple Products
Intel has released security updates and recommendations to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to...
Google Releases Security Updates for Chrome
Google has released Chrome version 72.0.3626.121 for Windows, Mac, and Linux. This version addresses a vulnerability that a remote attacker could exploit to take control of an affected system. This vulnerability was detected in exploits in the wild. The Cybersecurity and Infrastructure Security...
IRS Launches ‘Dirty Dozen’ Campaign on Tax Scams
The Internal Revenue Service IRS has launched its annual awareness campaign on the 12 most prevalent tax scams, known as the “Dirty Dozen.” As part of the campaign, IRS will highlight one scam each weekday. The first topic in the campaign focuses on internet phishing scams that lead to tax fraud...
Cisco Releases Security Updates
Cisco has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the Cis...
Mozilla Releases Security Update for Thunderbird
Mozilla has released a security update to address vulnerabilities in Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the Mozilla...
Microsoft Releases February 2019 Security Updates
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The National Cybersecurity and Communications Integration Center NCCIC, part of the Cybersecurity and...
New Session Added: CISA Awareness Briefing on Chinese Malicious Cyber Activity
The Cybersecurity and Infrastructure Security Agency CISA has added an additional session to the virtual awareness briefing on Chinese malicious cyber activity targeting managed service providers. The briefing will be held on Thursday, February 14, 2019, from 1-2 p.m. ET. The briefing will provid...
runc Open-Source Container Vulnerability
The National Cybersecurity and Communications Integration Center NCCIC, part of the Cybersecurity and Infrastructure Security Agency CISA, is aware of a vulnerability affecting several open-source container management systems that leverage runc. NCCIC encourages users and administrators to review...
NSA Releases Updated Guidance on Side-Channel Vulnerabilities
The National Security Agency NSA has released updated information on a set of side-channel vulnerabilities affecting modern computer processors. An attacker can exploit these vulnerabilities to obtain sensitive information. The National Cybersecurity and Communications Integration Center NCCIC,...
CISA Emergency Directive on DNS Infrastructure Tampering
The U.S. Department of Homeland Security DHS Cybersecurity and Infrastructure Security Agency CISA issued an emergency directive to address ongoing incidents associated with global Domain Name System DNS infrastructure tampering. CISA is aware of multiple executive branch agency domains that were...
Cisco Releases Security Update
Cisco has released a security update to address a vulnerability in Cisco Prime License Manager. A remote attacker could exploit this vulnerability to obtain sensitive information. NCCIC encourages users and administrators to review the Cisco Security Advisory and apply the necessary update. This...
Holiday Scams and Malware Campaigns
As the holidays approach, the Cybersecurity and Infrastructure Security Agency CISA reminds users to be aware of seasonal scams and malware campaigns. Users should be cautious of unsolicited emails that contain malicious links or attachments with malware, advertisements infected with malware, and...
Mozilla Releases Security Updates for Firefox
Mozilla has released security updates to address multiple vulnerabilities in Firefox and Firefox ESR. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the Mozilla Security Advisories for Firefo...
Microsoft Releases Security Update for Yammer
Microsoft has released a security update to address a vulnerability in the Yammer desktop application. A remote attacker could exploit this vulnerability to take control of an affected system. NCCIC encourages users and administrators to review the Microsoft Security Advisory and apply the...
Apple Releases Security Updates for iCloud, iOS
Apple has released security updates to address vulnerabilities in iCloud for Windows and iOS. An attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the Apple security pages for iCloud for Windows 7.7 and...
North Korean Malicious Cyber Activity
The Department of Homeland Security, the Department of the Treasury, and the Federal Bureau of Investigation have identified malware and other indicators of compromise used by the North Korean government in an ATM cash-out scheme—referred to by the U.S. Government as “FASTCash.” The U.S. Governme...
NCCIC Webinar Series on Protecting Enterprise Network Infrastructure Devices
NCCIC will conduct a series of webinars on Protecting Enterprise Network Infrastructure Devices over the next two weeks. Each webinar will be held from 1-2:30 p.m. ET on the dates listed below: Monday, September 24 Thursday, September 27 Tuesday, October 2 Thursday, October 4 NCCIC encourages...
Microsoft Releases September 2018 Security Updates
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review Microsoft's September 2018 Security Update Summary and...