4188 matches found
MS-ISAC Releases Advisory on PHP Vulnerabilities
The Multi-State Information Sharing & Analysis Center MS-ISAC has released an advisory on multiple Hypertext Preprocessor PHP vulnerabilities. An attacker could exploit one of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review MS-ISAC...
Tax Guidance as Deadline Approaches
As this year's April 17 tax deadline approaches, NCCIC/US-CERT offers taxpayers guidance to help protect their personal, financial, and tax information. Hackers can take advantage of taxpayers by using social engineering scams to attempt to steal personally identifiable information. NCCIC...
Cisco Releases Security Updates
Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the...
VMware Releases Security Updates
VMware has released security updates to address vulnerabilities in VMware Workstation and Fusion. A remote attacker could exploit these vulnerabilities to cause a denial-of service condition. NCCIC/US-CERT encourages users and administrators to review the VMware Security Advisory VMSA-2018-0008 a...
Adobe Releases Security Updates for Flash Player
Adobe has released security updates to address vulnerabilities in Flash Player. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review Adobe Security Bulletin APSB18-03 and apply the necessary...
FTC Warns of Online Dating Scams
The Federal Trade Commission FTC has released an article addressing scams targeting online daters. In this type of fraud, cyber criminals target victims, gain their confidence, and trick them into sending money. To stay safer online, review the FTC article on Online Dating Scams and the...
Tax Identity Theft Awareness Week
Tax Identity Theft Awareness Week is January 29 to February 2, and many federal agencies are offering information and resources to help consumers learn to protect themselves from tax-related identity theft and Internal Revenue Service IRS imposter scams. NCCIC/US-CERT encourages consumers to revi...
VMware Releases Security Updates
VMware has released security updates to address vulnerabilities in vRealize Automation, vSphere Integrated Containers, and AirWatch Console. An attacker could exploit these vulnerabilities to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review the VMwar...
Mozilla Releases Security Update
Mozilla has released a security update to address a vulnerability in Firefox. An attacker could exploit this vulnerability to obtain access to sensitive information. NCCIC/US-CERT encourages users and administrators to review the Mozilla Security Advisory and update to Firefox 57.0.4. This produc...
North Korean Malicious Cyber Activity
The Department of Homeland Security DHS and the Federal Bureau of Investigation FBI have identified Trojan malware variants—referred to as BANKSHOT—used by the North Korean government. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA. US-CERT...
Securing Mobile Devices During Holiday Travel
As the holiday season begins, many people will travel with their mobile devices. Although these devices—such as smart phones, tablets, and laptops—offer a range of conveniences, users should be mindful of potential threats and vulnerabilities while traveling with them. US-CERT encourages users to...
Apache Software Foundation Releases Security Updates
The Apache Software Foundation has released security updates to address vulnerabilities in Apache Struts versions 2.5 to 2.5.14. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review Apache Securit...
National Tax Security Awareness Week: IRS Helps Taxpayers Protect Against Cyber Criminals
As part of National Tax Security Awareness Week—November 27 to December 1—the Internal Revenue Service IRS is releasing daily security tips to help taxpayers protect their data and identities against tax-related identity theft. US-CERT encourages taxpayers to visit the IRS National Tax Security...
Mozilla Releases Security Updates
Mozilla has released security updates to address multiple vulnerabilities in Firefox 57 and ESR 52.5. An attacker could exploit these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review the Mozilla Security Advisory for Firefox 57 and ESR...
Joomla! Releases Security Update
Joomla! has released version 3.8.2 of its Content Management System CMS software to address multiple vulnerabilities. A remote attacker could exploit one of these vulnerabilities to obtain sensitive information. US-CERT encourages users and administrators to review the Joomla! Security Release an...
Google Releases Security Update for Chrome
Google has released Chrome version 62.0.3202.89 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. US-CERT encourages users and administrators to review the Chrome Releases page and apply the necessary update...
Protecting Critical Infrastructure from Cyber Threats
October is National Cybersecurity Awareness Month, an annual campaign to raise awareness about cybersecurity. Building resilience in critical infrastructure is crucial to national security. The essential infrastructure systems that support our daily lives—such as electricity, financial...
The Internet Wants You: Consider a Career in Cybersecurity
October is National Cybersecurity Awareness Month, an annual campaign to raise awareness about cybersecurity. The month’s themes educate students and professionals about cybersecurity attack methods, best practices, and preventive measures and are geared toward informing the next generation of...
Apple Releases Security Update for iOS
Apple has released iOS 11.0.2 to address vulnerabilities in previous versions of iOS. Exploitation of some of these vulnerabilities could allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review the Apple security page for iOS 11.0.2 and...
Mozilla Releases Security Updates
Mozilla has released security updates to address multiple vulnerabilities in Firefox ESR 52.4 and Firefox 56. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review the Mozilla Security Advisories...
Cisco Releases Security Updates
Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the...
Apple Releases Security Updates
Apple has released security updates to address vulnerabilities in multiple products. A remote attacker may exploit some of these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review the following Apple security pages and apply the necessary...
Hurricane-Related Scams
As the peak of the 2017 hurricane season approaches, US-CERT warns users to be watchful for various malicious cyber activity targeting both disaster victims and potential donors. Users should exercise caution when handling emails that relate to recent hurricanes, even if those emails appear to...
Apache Software Foundation Releases Security Update
The Apache Software Foundation has released a security update to address a vulnerability in Struts 2. A remote attacker could exploit this vulnerability to take control of an affected system. US-CERT encourages users and administrators to review the Apache Security Bulletin and Vulnerability Note...
Symantec Releases Security Update
Symantec has released an update to address vulnerabilities in the Symantec Messaging Gateway. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review the Symantec Security Advisory and...
FTC Releases Alert on Government Grant Scams
The Federal Trade Commission FTC has released an alert on government grant scams. In these schemes, scammers pose as government officials to get consumers to send them money. Anytime someone asks you to pay money to get money, stop and think twice. US-CERT encourages consumers to refer to the FTC...
IC3 Releases Alert on Gift Card Scams
The Internet Crime Complaint Center IC3 has released an alert warning consumers of music gift card scams. This type of scam targets victims, gains their confidence, and tricks them into providing gift card information. To stay safer online, review the IC3 alert on Online Scammers Require Payment...
McAfee Releases Security Bulletin for Web Gateway
McAfee has released a security bulletin to address multiple vulnerabilities in Web Gateway. Some of these vulnerabilities could allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review McAfee Security Bulletin SB10205 and apply the necessary...
Cisco Releases Security Updates
Cisco has released updates to address several vulnerabilities affecting multiple products. Exploitation of one of these vulnerabilities may allow a remote attacker to cause a denial-of-service condition. US-CERT encourages users and administrators to review the following Cisco Security Advisories...
Cisco Releases Security Updates
Cisco has released security updates to address several Simple Network Management Protocol SNMP vulnerabilities in its IOS and IOS XE software. A remote attacker could exploit these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review the Cis...
Microsoft Releases July 2017 Security Updates
Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of a system. US-CERT encourages users and administrators to review Microsoft's July 2017 Security Update Summary and Deployment Informatio...
Drupal Releases Security Updates
Drupal has released an advisory to address several vulnerabilities in Drupal versions 7.x and 8.x. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review Drupal's Security Advisory and upgrade to...
Mozilla Releases Security Update
Mozilla has released a security update to address multiple vulnerabilities in Thunderbird. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review the Mozilla Security Advisory for Thunderbird 52.2...
Google Releases Security Updates for Chrome
Google has released Chrome version 59.0.3071.104 for Windows, Mac, and Linux. This version addresses several vulnerabilities, including one that an attacker could exploit to cause a denial-of-service condition. US-CERT encourages users and administrators to review the Chrome Releases page and app...
Cisco Releases Security Updates
Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the...
Google Releases Security Updates for Chrome
Google has released Chrome version 58.0.3029.96 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to cause a denial-of-service condition. US-CERT encourages users and administrators to review the Chrome page and apply the necessary updates. This...
FTC Releases Announcement on Identity Theft
The Federal Trade Commission FTC recommends that consumers who are affected by identity theft file a report at IdentityTheft.gov—a one-stop resource to help you report and recover from identity theft. Information provided there includes checklists, sample letters, and links to other resources...
Adobe Releases Security Updates for ColdFusion
Adobe has released security updates to address a vulnerability in ColdFusion. Exploitation of this vulnerability may allow a remote attacker to take control of an affected website. Users and administrators are encouraged to review Adobe Security Bulletin APSB17-14 and apply the necessary updates...
Cisco Releases Security Updates
Cisco has released updates to address several high-impact vulnerabilities affecting multiple products. These and other lower-impact vulnerabilities are listed at Cisco Security Advisories and Alerts. A remote attacker could exploit one of the high-impact vulnerabilities to cause a denial-of-servi...
Microsoft Addresses Shadow Brokers Exploits
The Microsoft Security Response Center MSRC has published information on several recently publicized exploit tools which affect various Microsoft products. Users and administrators are reminded that software no longer supported by Microsoft also known as end-of-life EOL software is particularly a...
VMware Releases Security Updates
VMware has released security updates to address a vulnerability in vCenter Server. Exploitation of this vulnerability could allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review VMware Security Advisory VMSA-2017-0007 and apply the...
Cisco Releases Security Updates
Cisco has released security updates to address vulnerabilities in its IOS and IOS XE Software. Exploitation of one of these vulnerabilities could allow a remote attacker to cause a denial of service condition. Users and administrators are encouraged to review the following Cisco Security Advisori...
WordPress Releases Security Update
WordPress 4.7.2 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website. US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.3...
OpenSSL Releases Security Update
OpenSSL version 1.1.0e has been released to address a vulnerability for users of version 1.1.0. Exploitation of this vulnerability may allow a remote attacker to cause a denial-of-service condition. Users and administrators are encouraged to review the OpenSSL Security Advisory and apply the...
FBI Releases Article on Romance Scams
The Federal Bureau of Investigation FBI has released an article addressing the rise of Internet romance scams. In this common type of fraud, cyber criminals target victims, gain their confidence, and trick them into sending money. To stay safer online, review the FBI article on Romance Scams and...
Cisco Releases Security Updates
Cisco has released several updates to address vulnerabilities affecting multiple products. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply th...
Data Privacy Day Events
As Data Privacy Day DPD approaches, US-CERT recommends that users and businesses learn more about how to protect their privacy and personal information. DPD is celebrated every January 28 and is an international effort to promote the importance of data privacy. DPD is sponsored by the National...
Adobe Releases Security Updates
Adobe has released security updates to address vulnerabilities in Adobe Acrobat, Reader, and Flash Player. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review Adobe Security Bulletin...
Microsoft Releases December 2016 Security Bulletin
Microsoft has released 12 updates to address vulnerabilities in Microsoft software. Exploitation of some of these vulnerabilities could allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review the following Microsoft Security Bulletins...
McAfee Releases Security Bulletin for Virus Scan Enterprise
McAfee has released a security bulletin to address multiple vulnerabilities in Virus Scan Enterprise software versions 2.0.3 and earlier. Some of these vulnerabilities could allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review McAfee...