4188 matches found
Adobe Releases Security Updates for Multiple Products
Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary...
CISA Releases Advisory on Destructive Malware Targeting Organizations in Ukraine
CISA and the Federal Bureau of Investigation have released an advisory on destructive malware targeting organizations in Ukraine. The advisory also provides recommendations and strategies to prepare for and respond to destructive malware. Additionally, CISA has created a new Shields Up Technical...
Cisco Releases Security Updates for Multiple Products
Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit one of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. CISA encourages...
Cisco Releases Security Updates for RV Series Routers
Cisco has released security updates to address vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the...
Citrix Releases Security Updates for Hypervisor
Citrix has released security updates to address vulnerabilities in Hypervisor. An attacker could exploit these vulnerabilities to cause a denial-of-service condition. CISA encourages users and administrators to review Citrix Security Update CTX335432 and apply the necessary updates. This product ...
SAP Releases January 2022 Security Updates
SAP has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the SAP Security Notes for January 2022 and apply the necessa...
VMware Releases Security Updates
VMware has released a security advisory to address a vulnerability in Workstation, Fusion, and ESXi. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory VMSA-2022-0001 and apply the necessa...
NSA and CISA Release Final Part IV of Guidance on Securing 5G Cloud Infrastructures
CISA has announced the joint National Security Agency NSA and CISA publication of the final of a four-part series, Security Guidance for 5G Cloud Infrastructures. Part IV: Ensure Integrity of Cloud Infrastructure focuses on platform integrity, microservices infrastructure integrity, launch time...
Adobe Releases Security Updates for Multiple Products
Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Adobe’s Security Bulletins and apply the necessary updates...
Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird
Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Mozilla security advisories for Firefox...
SonicWall Releases Security Advisory for SMA 100 Series Appliances
SonicWall has released a security advisory to address vulnerabilities affecting SonicWall Secure Mobile Access SMA 100 series appliances. A remote attacker could exploit these vulnerabilities to take control of an affected system. SMA 100 series appliances provide an organization’s employees with...
2021 CWE Most Important Hardware Weaknesses
The Homeland Security Systems Engineering and Development Institute, sponsored by the Department of Homeland Security and operated by MITRE, has released the 2021 Common Weakness Enumeration CWE Most Important Hardware Weaknesses List. The 2021 Hardware List is a compilation of the most frequent...
Malware Discovered in Popular NPM Package, ua-parser-js
Versions of a popular NPM package named ua-parser-js was found to contain malicious code. ua-parser-js is used in apps and websites to discover the type of device or browser a person is using from User-Agent data. A computer or device with the affected software installed or running could allow a...
CISA Releases Guidance: IPv6 Considerations for TIC 3.0
The federal government has prioritized the transition of federal networks to Internet Protocol version 6 IPv6 since the release of Office of Management and Budget OMB Memorandum 05-22 in 2005. In 2020, OMB renewed its focus on IPv6 through the publication of OMB Memorandum 21-07. That memorandum...
Google Releases Security Updates for Chrome
Google has released Chrome version 93.0.4577.82 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates. Thi...
Cisco Releases Security Updates for Cisco Enterprise NFVIS
Cisco has released security updates to address a critical vulnerability affecting Cisco Enterprise Network Function Virtualization Infrastructure Software NFVIS Release 4.5.1. A remote attacker could exploit this vulnerability to take control of an affected system. For updates addressing lower...
Google Releases Security Updates for Chrome
Google has released Chrome version 93.0.4577.63 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates. Thi...
CISA’s CSET Tool Sets Sights on Ransomware Threat
CISA has released a new module in its Cyber Security Evaluation Tool CSET: the Ransomware Readiness Assessment RRA. CSET is a desktop software tool that guides network defenders through a step-by-step process to evaluate their cybersecurity practices on their networks. CSET—applicable to both...
Cisco Releases Security Updates for Multiple Products
Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. CISA...
VMware Releases Security Update
VMware has released a security update to address a vulnerability affecting NSX-T. An attacker can exploit this vulnerability to take control of an affected system CISA encourages users and administrators to review VMSA-2021-0006 and apply the necessary update and workaround. This product is...
SAP Releases April 2021 Security Updates
SAP has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the SAP Security Notes for April 2021 and apply the necessary...
SAP Releases March 2021 Security Updates
SAP has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the SAP Security Notes for March 2021 and apply the necessary...
Microsoft Releases Alternative Mitigations for Exchange Server Vulnerabilities
Microsoft has released alternative mitigation techniques for Exchange Server customers who are not able to immediately apply updates that address vulnerabilities disclosed on March 2, 2021. CISA and Microsoft encourages organizations to upgrade their on-premises Exchange environments to the lates...
Attackers Exploit Poor Cyber Hygiene to Compromise Cloud Security Environments
CISA is aware of several recent successful cyberattacks against various organizations’ cloud services. Threat actors used a variety of tactics and techniques, including phishing and brute force logins, to attempt to exploit weaknesses in cloud security practices. In response, CISA has released...
Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird
Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Mozilla Security Advisories for Firefox...
Apple Releases Security Updates for Multiple Products
Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Apple security pages for the following products and apply the...
National Cyber Security Centre Cyber Awareness Campaign
The United Kingdom UK National Cyber Security Centre NCSC has launched a new cyber security campaign encouraging the public to adopt six behaviors to stay safe online. The six Cyber Aware behaviors recommended by the NSCS are: 1. Use a separate password for your email 2. Create strong passwords...
Adobe Releases Security Updates for Multiple Products
Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the Adobe...
Adobe Releases Security Updates for Magento
Adobe has released security updates to address vulnerabilities affecting Magento Commerce and Magento Open Source. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and...
CISA and MS-ISAC Release Ransomware Guide
The Cybersecurity and Infrastructure Security Agency CISA and the Multi-State Information Sharing & Analysis Center MS-ISAC have released a joint Ransomware Guide that details practices that organizations should continuously engage in to help manage the risk posed by ransomware and other cyber...
Mozilla Releases Security Updates for Firefox and Firefox ESR
Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the...
ACSC Releases Annual Cyber Threat Report for 2019–2020
The Australian Cyber Security Centre ACSC has released its annual report on key cyber threats and statistics from 2019–2020. The report highlights that phishing and spearphishing are still the most common cyberattacks, and ransomware has become a significant threat to operations across multiple...
Cisco Releases Security Updates
Cisco has released security updates to address vulnerabilities in Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities see the Cisco Security Advisories page. The Cybersecurity an...
North Korean Malicious Cyber Activity
The Cybersecurity and Infrastructure Security Agency CISA and the Federal Bureau of Investigation FBI have identified a malware variant—referred to as BLINDINGCAN—used by North Korean actors. CISA encourages users and administrators to review Malware Analysis Report MAR-10295134-1.v1 and CISA’s...
Malicious Cyber Actors Continue to Target SBA with Fraudulent Schemes
The U.S. Small Business Administration SBA is aware of fraudulent schemes and scams targeting its ongoing economic relief efforts. The SBA requests that suspected SBA-related spoofing or phishing fraud be reported to the SBA Office of the Inspector General OIG Hotline at 800-767-0385 or online at...
Adobe Releases Security Updates
Adobe has released security updates to address vulnerabilities affecting Adobe Acrobat, Reader, and Lightroom. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrato...
Adobe Releases Security Updates for Magento
Adobe has released security updates to address vulnerabilities in Magento Commerce 2 formerly known as Magento Enterprise Edition and Magento Open Source 2 formerly known as Magento Community Edition. An attacker could exploit some of these vulnerabilities to take control of an affected system. T...
Mozilla Releases Security Updates for Firefox and Firefox ESR
Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators t...
Adobe Releases Security Updates for Multiple Products
Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the following...
Google Releases Security Updates for Chrome
Google has released Chrome version 83.0.4103.106 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the...
VMware Releases Security Update for Horizon Client for Windows
VMware has released a security update to address a vulnerability in Horizon Client for Windows. An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review VMware Securi...
Microsoft Releases June 2020 Security Updates
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review...
Adobe Releases Security Updates
Adobe has released security updates to address vulnerabilities in Flash Player, Experience Manager, and Framemaker. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and...
Mozilla Releases Security Updates for Firefox and Firefox ESR
Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators t...
Apple Releases Security Update for Xcode
Apple has released a security update to address a vulnerability in Xcode. A remote attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the Apple security page for...
Adobe Releases Security Updates
Adobe has released security updates to address vulnerabilities affecting Adobe DNG Software Development Kit, Acrobat, and Reader. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourag...
VMware Publishes Workarounds for Vulnerabilities in vRealize Operations Manager
VMware has published workarounds to address unpatched vulnerabilities in vRealize Operations Manager vROps. A remote attacker could exploit these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to...
WordPress Releases Security Update
WordPress 5.4 and prior versions are affected by multiple vulnerabilities. An attacker could exploit some of these vulnerabilities to take control of an affected website. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the WordPress Security...
IC3 Releases Alert on Extortion Email Scams
The Internet Crime Complaint Center IC3 has released an alert warning of a recent increase in extortion email scams. Cyber criminals threaten to release sexually explicit photos or videos of victims unless they agree to send payment. The Cybersecurity and Infrastructure Security Agency CISA...
Google Releases Security Updates
Google has released Chrome version 81.0.4044.92 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the...