WordPress Releases Security Update

WordPress 5.2.2 and prior versions are affected by multiple vulnerabilities. An attacker could exploit some of these vulnerabilities to take control of an affected website. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the WordPress Securi...

Microsoft Releases August 2019 Security Updates

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review...

IRS Reminds Tax Professionals: Beware Phishing Emails

The Internal Revenue Service IRS has issued a news release warning tax professionals of the continued threat of phishing emails. Phishing emails are one of the most common ways cyber criminals steal sensitive data. Educating personnel on the risks posed by phishing emails is part of the Taxes...

CIS Releases Newsletter on Cleaning Up Data and Devices

The Center for Internet Security CIS July Newsletter reminds users to properly dispose of old or unused data and devices. Without careful management of online accounts, cloud storage, physical storage, and electronic devices, users could inadvertently disclose sensitive information that can be...

CISA Releases Advisory on Wind River VxWorks Platform

The Cybersecurity and Infrastructure Security Agency CISA has released an Industrial Control Systems ICS Advisory on multiple vulnerabilities in the Wind River VxWorks Platform. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages...

Vulnerabilities in Multiple VPN Applications

The Cybersecurity and Infrastructure Security Agency CISA is aware of vulnerabilities affecting multiple Virtual Private Network VPN applications. A remote attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages administrators to review the following...

Microsoft Releases Security Updates for PowerShell Core

Microsoft has released updates to address a vulnerability in PowerShell Core versions 6.1 and 6.2. An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the...

IRS Releases Six Cybersecurity Safeguards

The Internal Revenue Service IRS has issued a news release outlining six cybersecurity safeguards to protect computers, email, and sensitive data. The recommendations are part of the Taxes. Security. Together. Checklist, which the IRS created to help tax professionals protect sensitive taxpayer...

VMware Releases Security Advisory for Multiple Products

VMware has released a security advisory to address vulnerabilities affecting multiple products. An attacker could exploit these vulnerabilities to cause a denial-of-service condition. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the VMwar...

Multiple Vulnerabilities Affecting Linux, FreeBSD Kernels

The CERT Coordination Center CERT/CC has released information on TCP networking vulnerabilities affecting Linux and FreeBSD kernels. A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition. The Cybersecurity and Infrastructure Security Agency CISA encourages...

Tips for a Cyber Safe Vacation

As summer nears, many people will soon be taking vacations. When planning vacations, users should be aware of potential rental scams and “free” vacation ploys. Travelers should also keep in mind risks related to travelling with mobile devices. The Cybersecurity and Infrastructure Security Agency...

Intel Releases Security Updates, Mitigations for Multiple Products

Intel has released security updates and recommendations to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to gain an escalation of privileges on a previously infected machine. The Cybersecurity and Infrastructure Security Agency CISA encourag...

VMware Releases Security Updates

VMware has released security updates to address vulnerabilities in vCenter Server, ESXi, Workstation, and Fusion. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and...

Apple Releases Multiple Security Updates

Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the App...

Google Releases Security Update for Chrome

Google has released Chrome version 74.0.3729.108 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that an attacker could exploit to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to revi...

Drupal Releases Security Updates

Drupal has released security updates to address multiple vulnerabilities in Drupal Core. A remote attacker could exploit some of these vulnerabilities to take control of an affected website. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review...

Oracle Releases April 2019 Security Bulletin

Oracle has released its Critical Patch Update for April 2019 to address 297 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and...

Intel Releases Security Updates, Mitigations for Multiple Products

Intel has released security updates and recommendations to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to...

Microsoft Ending Support for Windows 7

All software products have a life-cycle. After January 14, 2020, Microsoft will no longer provide security updates or support for PCs running the Windows 7 operating system. After this date, this product will no longer receive free: Technical support for any issues Software updates Security updat...

VMware Releases Security Updates

VMware has released security updates to address a vulnerability affecting multiple VMware products. An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review VMware...

Adobe Releases Security Updates

Adobe has released security updates to address vulnerabilities affecting Adobe Flash Player, Acrobat and Reader, ColdFusion, and Creative Cloud Desktop Application. An attacker could exploit some of these vulnerabilities to take control of an affected system. The National Cybersecurity and...

Cisco Releases Security Update

Cisco has released a security update to address a vulnerability in Network Assurance Engine. An attacker could exploit this vulnerability to obtain sensitive information. The National Cybersecurity and Communications Integration Center NCCIC, part of the Cybersecurity and Infrastructure Security...

Mozilla Releases Security Update for Thunderbird

Mozilla has released a security update to address vulnerabilities in Thunderbird. An attacker could exploit one of these vulnerabilities to take control of an affected system. The National Cybersecurity and Communications Integration Center NCCIC, part of the Cybersecurity and Infrastructure...

CISA Awareness Briefing on Chinese Malicious Cyber Activity

The Cybersecurity and Infrastructure Security Agency CISA will conduct a series of virtual awareness briefings on Chinese malicious cyber activity targeting managed service providers MSPs. Briefings will be held from 1–2 p.m. ET on the dates listed below: Wednesday, February 6 Friday, February 22...

CERT/CC Reports Microsoft Exchange 2013 and Newer are Vulnerable to NTLM Relay Attacks

The CERT Coordination Center CERT/CC has released information to address NTLM relay attacks affecting Microsoft Exchange 2013 and newer versions. A remote attacker could exploit this vulnerability to take control of an affected system. The National Cybersecurity and Communications Integration...

Microsoft Releases January 2019 Security Updates

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. The National Cybersecurity and Communications Integration Center NCCIC, part of the Cybersecurity and...

Adobe Releases Security Updates

Adobe has released security updates to address vulnerabilities in Adobe Flash Player and Adobe Flash Player installer. An attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review Adobe Security Bulletin APSB18-...

SamSam Ransomware

The Department of Homeland Security and the Federal Bureau of Investigation have identified cyber threat actors using SamSam ransomware—also known as MSIL/SAMAS.A—to target industries in the United States and worldwide. NCCIC encourages users and administrators to review Alert AA18-337A: SamSam...

Cisco Releases Security Advisory

Cisco has released a security advisory to address a vulnerability affecting Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software. A remote attacker could exploit this vulnerability to cause a denial-of-service condition. NCCIC encourages users and administrators ...

FTC Releases Alert with Cybersecurity Resources for Non-Profits and Small Businesses

The Federal Trade Commission FTC has released an alert with new cybersecurity resources for non-profits and small businesses. These resources, which cover topics such as ransomware, phishing, and email authentication, aim to help organizations protect their network and information. NCCIC encourag...

Cisco Releases Security Updates

Cisco has released security updates to address a vulnerability in Cisco Webex Productivity Tools and the Cisco Webex Meetings Desktop App. An attacker could exploit this vulnerability to take control of an affected system. NCCIC encourages users and administrators to review the Cisco Security...

VMware Releases Security Updates

VMware has released security updates to address a vulnerability in ESXi, Workstation, and Fusion. An attacker could exploit this vulnerability to take control of an affected system. NCCIC encourages users and administrators to review VMware Security Advisory VMSA-2018-0026 and apply the necessary...

FBI Releases Article on Defending Against Payroll Phishing Scams

The Federal Bureau of Investigation FBI has released an article on building a digital defense against phishing scams targeting electronically deposited paychecks. In these schemes, scammers use phishing emails to direct employees to fraudulent websites and collect their work credentials. Scammers...

Adobe Releases Security Updates

Adobe has released security updates to address vulnerabilities in Adobe Digital Editions, Framemaker, and Technical Communications Suite. An attacker could exploit these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review Adobe Security...

APTs Targeting IT Service Provider Customers

The National Cybersecurity and Communications Integration Center NCCIC has received multiple reports of advanced persistent threat APT actors actively exploiting trust relationships in information technology IT service provider networks around the world. NCCIC encourages users and administrators ...

Mozilla Releases Security Updates for Firefox

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. A remote attacker could exploit these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the Mozilla Security Advisory for Firefox 62.0.3 and Firefo...

October is National Cybersecurity Awareness Month

October is National Cybersecurity Awareness Month NCSAM. NCSAM is a collaborative effort between DHS and its public and private partners—including the National Cyber Security Alliance NCSA—to raise awareness about the vital role cybersecurity plays in the lives of U.S. citizens. NCCIC will be...

DNSSEC Key Signing Key Rollover

On October 11, 2018, the Internet Corporation for Assigned Names and Numbers ICANN will be changing the Root Zone Key Signing Key KSK used in the Domain Name System DNS Security Extensions DNSSEC protocol. DNSSEC is a set of protocol extensions used to digitally sign DNS information, an important...

Apple Releases Security Update for macOS Mojave

Apple has released a security update to address multiple vulnerabilities in macOS Mojave 10.14. An attacker could exploit one of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review Apple's security page for macOS Mojave 10.14 and apply...

MS-ISAC Releases Advisory on PHP Vulnerabilities

The Multi-State Information Sharing & Analysis Center MS-ISAC has released an advisory on multiple Hypertext Preprocessor PHP vulnerabilities. An attacker could exploit one of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review MS-ISAC...

VMware Releases Security Updates

VMware has released security updates to address vulnerabilities in VMware AirWatch Agent and Content Locker. An attacker could exploit these vulnerabilities to obtain access to sensitive information. NCCIC encourages users and administrators to review the VMware Security Advisory VMSA-2018-0023 a...

VMware Releases Security Updates

VMware has released security updates to address a vulnerability in Horizon 6, 7, and Horizon Client for Windows. An attacker could exploit this vulnerability to obtain sensitive information. NCCIC encourages users and administrators to review the VMware Security Advisory VMSA-2018-0019 and apply...

NCCIC Webinar Series on Russian Government Cyber Activity

NCCIC is holding a webinar on Russian government cyber activity against critical infrastructure as detailed in NCCIC Alert TA18-074A today from 1–2:30 p.m. ET. The webinar will feature NCCIC subject matter experts discussing recent cybersecurity incidents, mitigation techniques, and resources tha...

Apple Releases Multiple Security Updates

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review Apple security pages for the following products and apply the...

Mozilla Releases Security Update for Thunderbird

Mozilla has released a security update to address multiple vulnerabilities in Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the Mozilla Security Advisory for Thunderbird 52.9 and appl...

Mozilla Releases Security Updates for Firefox

Mozilla has released security updates to address multiple vulnerabilities in Firefox ESR and Firefox. A remote attacker could exploit some of these vulnerabilities to cause a denial-of-service condition. NCCIC encourages users and administrators to review the Mozilla Security Advisories for Firef...

Mozilla Releases Security Update

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. A remote attacker could exploit these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the Mozilla Security Advisory for Firefox 60.0.2 and Firefo...

Red Hat Addresses DHCP Client Vulnerability

Red Hat has released security updates to address a vulnerability in its Dynamic Host Configuration Protocol DHCP client packages for Red Hat Enterprise Linux 6 and 7. An attacker could exploit this vulnerability to take control of an affected system. NCCIC encourages users and administrators to...

FTC Promotes Privacy Awareness Week

The Federal Trade Commission FTC has released an announcement promoting Privacy Awareness Week PAW May 14–18, 2018. PAW is an annual event fostering awareness of privacy issues and the importance of protecting personal information. This year’s theme, “From Principles to Practice,” focuses on...

MS-ISAC Releases Advisory on PHP Vulnerabilities

The Multi-State Information Sharing & Analysis Center MS-ISAC has released an advisory on multiple Hypertext Preprocessor PHP vulnerabilities. An attacker could exploit one of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review MS-ISAC...