4188 matches found
CISA and CNMF Analysis of SolarWinds-related Malware
CISA and the Department of Defense DoD Cyber National Mission Force CNMF have analyzed additional SolarWinds-related malware variants—referred to as SUNSHUTTLE and SOLARFLARE. One of the analyzed files was identified as a China Chopper webshell server-side component that was observed on a network...
CISA Releases Supplemental Guidance on Emergency Directive for Microsoft Exchange Server Vulnerabilities
CISA has issued supplemental direction to Emergency Directive ED 21-02: Mitigate Microsoft Exchange On-Premises Product Vulnerabilities providing additional forensic triage and server hardening, requirements for federal agencies. Specifically, this update directs federal departments and agencies ...
ISC Releases Security Advisory for BIND
The Internet Systems Consortium ISC has released security advisories that addresses vulnerabilities affecting multiple versions of ISC Berkeley Internet Name Domain BIND. A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition. The Cybersecurity and...
SaltStack Patches Critical Vulnerabilities in Salt
SaltStack has released a security update to address critical vulnerabilities affecting Salt versions prior to 2019.2.4 and 3000.2. Salt is an open-source remote task and configuration management framework widely used in data centers and cloud servers. A remote attacker could exploit these...
Samba Releases Security Updates
The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit one of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to...
Apache Releases Security Updates for Apache Tomcat
The Apache Software Foundation has released security updates to address a vulnerability in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33, and 7.0.23 to 7.0.90. A remote attacker could exploit this vulnerability to obtain sensitive information. NCCIC encourages users and administrator...
Samba Releases Security Updates
The Samba Team has released security updates to address several vulnerabilities in Samba. An attacker could exploit one of these vulnerabilities to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review the Samba Security Announcements for CVE-2018-1050 an...
Adobe Releases Security Updates for Flash Player
Adobe has released security updates to address multiple vulnerabilities in Flash Player for Windows, Macintosh, and Linux. These include a critical vulnerability CVE-2015-5119 in Adobe Flash Player 18.0.0.194 and earlier versions. Adobe is aware of a report that an exploit targeting CVE-2015-5119...
CISA Has Added One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. This type of vulnerability is a frequent attack vector for malicious cyber actors and poses a significant risk to the federal enterprise. Note: To view the newly added...
Apple Releases Security Updates for Multiple Products
Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. Note: Apple notes they are aware of a report that states CVE-2022-22675 may have been actively exploited...
CISA Publishes Eviction Guidance for Networks Affected by SolarWinds and AD/M365 Compromise
CISA has released an analysis report, AR21-134A Eviction Guidance for Networks Affected by the SolarWinds and Active Directory/M365 Compromise. The report provides detailed steps for affected organizations to evict the adversary from compromised on-premises and cloud environments. Additionally,...
Citrix Releases Security Updates for Hypervisor
Citrix has released security updates to address vulnerabilities in Hypervisor formerly XenServer. An attacker could exploit some of these vulnerabilities to cause a denial-of-service condition. CISA encourages users and administrators to review Citrix Security Update CTX306565 and apply the...
Google Releases Security Updates for Chrome
Google has released Chrome version 89.0.4389.114 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates. Th...
North Korean Malicious Cyber Activity: AppleJeus
CISA, the Federal Bureau of Investigation, and the Department of the Treasury have released a Joint Cybersecurity Advisory and seven Malware Analysis Reports MARs on the North Korean government’s dissemination of malware that facilitates the theft of cryptocurrency—referred to by the U.S...
NCIJTF Releases Ransomware Factsheet
The National Cyber Investigative Joint Task Force NCIJTF has released a joint-sealed ransomware factsheet to address current ransomware threats and provide information on prevention and mitigation techniques. The Ransomware Factsheet was developed by an interagency group of subject matter experts...
EOL D-Link Routers Vulnerable to Remote Command Execution
The CERT Coordination Center CERT/CC has released information on a vulnerability CVE-2019-16920 affecting multiple D-Link routers. A remote attacker could exploit this vulnerability to take control of an affected device. D-Link no longer provides support to the affected end-of-life EOL devices, a...
Samba Releases Security Updates
The Samba Team has released security updates to address vulnerabilities in Samba 4.9 and all versions of Samba from 4.10 onward. An attacker could exploit these vulnerabilities to cause a denial-of-service condition. The Cybersecurity and Infrastructure Security Agency CISA encourages users and...
CERT/CC Reports Critical Vulnerabilities in Microsoft Windows, Server
The CERT Coordination Center CERT/CC has released information on vulnerabilities affecting versions of Microsoft Windows and Windows Server. A remote attacker could exploit these vulnerabilities to take control of an affected system. The National Cybersecurity and Communications Integration Cente...
Apple Releases Security Updates for Multiple Products
Apple has released security updates to address a vulnerability CVE-2022-32893 in iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch 6th generation. Exploitation of this vulnerability could allow an attacker to take control of affected device. CISA encourages...
Critical Vulnerabilities Affecting SAP Applications Employing Internet Communication Manager (ICM)
On February 8, 2022, SAP released security updates to address vulnerabilities affecting multiple products, including critical vulnerabilities affecting SAP applications using SAP Internet Communication Manager ICM. SAP applications help organizations manage critical business processes—such as...
Zoho Releases Security Advisory for ManageEngine Desktop Central and Desktop Central MSP
Zoho has released a security advisory to address an authentication bypass vulnerability CVE-2021-44757 in ManageEngine Desktop Central and Desktop Central MSP. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review th...
VMware Releases Security Updates
VMware has released security updates to address vulnerabilities in the VMware Carbon Black App Control management server as well as VMware Tools for Windows, VMware Remote Console for Windows, and VMware App Volumes. An attacker could exploit these vulnerabilities to take control of an affected...
Cisco Releases Security Advisory for Vulnerability in AnyConnect Software
Cisco has released security updates to address vulnerabilities in AnyConnect Secure Mobility Client Software and Security Manager. An attacker could exploit these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and...
Apache Releases Security Updates for Apache Tomcat
The Apache Software Foundation has released a security advisory to address a vulnerability in Apache Tomcat. An attacker could exploit this vulnerability to obtain sensitive information. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review Apache...
Apache Releases Security Advisory for Apache Tomcat
The Apache Software Foundation has released a security advisory to address a vulnerability in Apache Tomcat. An attacker could exploit this vulnerability to cause a denial-of-service condition. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review...
NCSC-NZ Releases Cyber Governance Resource for Leaders
The New Zealand National Cyber Security Centre NCSC-NZ has released an article on a new cybersecurity governance resource to support public and private sector leaders in making decisions about their cybersecurity resilience and risk. NCSC-NZ developed this governance—a series of documents with...
Apache Releases Security Advisory for Apache Struts
The Apache Software Foundation has released an advisory to address a vulnerable commons-fileupload library used in Apache Struts versions 2.3.36 and prior. A remote attacker could exploit this vulnerability to take control of an affected system. Struts versions from 2.5.12 are not affected. NCCIC...
ISC Releases Security Advisories for DHCP, BIND
The Internet Systems Consortium ISC has released updates or workarounds that address vulnerabilities in versions of ISC Dynamic Host Configuration Protocol DHCP and Berkeley Internet Name Domain BIND. A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition...
Oracle Releases Critical Patch Update for April 2011
Oracle has released their Critical Patch Update for April 2011 to address 73 vulnerabilities across multiple products. This update contains the following security fixes: 6 updates for the Oracle Database Server 9 updates for Oracle Fusion Middleware 1 update for Oracle Enterprise Manager Grid...
CISA Announces Vulnerability Disclosure Policy (VDP) Platform
CISA has announced the establishment of its Vulnerability Disclosure Policy VDP Platform for the federal civilian enterprise, which will allow the Federal Civilian Executive Branch to coordinate with the civilian security research community in a streamlined fashion. The VDP Platform provides a...
CISA Begins Cataloging Bad Practices that Increase Cyber Risk
In a blog post by Executive Assistant Director EAD Eric Goldstein, CISA announced the creation of a catalog to document bad cybersecurity practices that are exceptionally risky for any organization and especially dangerous for those supporting designated Critical Infrastructure or National Critic...
Cisco Releases Security Advisory for DVMRP Vulnerability in IOS XR Software
Cisco has released a security advisory on a vulnerability—CVE-2020-3566—in the Distance Vector Multicast Routing Protocol DVMRP feature of Cisco IOS XR software. This vulnerability affects Cisco devices running IOS XR software that have an active interface configured under multicast routing. A...
Samba Releases Security Updates
The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to...
MS-ISAC Releases Advisory on DrayTek Devices
The Multi-State Information Sharing & Analysis Center MS-ISAC has released an advisory regarding two vulnerable command injection points in DrayTek devices CVE-2020-8515. An attacker could exploit these vulnerabilities to take control of an affected system. These vulnerabilities were detected in...
NSA Releases Guidance on Mitigating Cloud Vulnerabilities
The National Security Agency NSA has released an information sheet with guidance on mitigating cloud vulnerabilities. NSA identifies cloud security components and discusses threat actors, cloud vulnerabilities, and potential mitigation measures. The Cybersecurity and Infrastructure Security Agenc...
ISC Releases BIND Security Updates
The Internet Systems Consortium ISC has released updates that address vulnerabilities in versions of ISC Berkeley Internet Name Domain BIND. A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition. The Cybersecurity and Infrastructure Security Agency CISA...
Samba Releases Security Updates
The Samba Team has released security updates to address several vulnerabilities in Samba. An attacker could exploit any of these vulnerabilities to obtain access to potentially sensitive information. US-CERT encourages users and administrators to review the Samba Security Announcements for...
Enhanced Analysis of GRIZZLY STEPPE
The Department of Homeland Security DHS has released an Analysis Report AR related to malicious cyber activity designated as GRIZZLY STEPPE. This AR provides a thorough analysis of the methods threat actors use to infiltrate systems, as well as specific mitigation techniques that may be used to...
ISC dhclient Vulnerability
The Internet Systems Consortium ISC has released an advisory to address a vulnerability in its dhclient application. This vulnerability may allow a remote attacker to execute arbitrary code on the client machine. US-CERT encourages administrators of this product to review the ISC advisory. Users ...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. This type of vulnerability is a frequent attack vector for malicious cyber actors and poses a significant risk to the federal enterprise. Note: To view the newly added...
ISC Releases Security Advisories for Multiple Versions of BIND 9
The Internet Systems Consortium ISC has released security advisories that address vulnerabilities affecting multiple versions of the ISC’s Berkeley Internet Name Domain BIND 9. A remote attacker could exploit these vulnerabilities to potentially cause denial-of-service conditions. For advisories...
Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird
Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Mozilla Security Advisories for Firefox 85,...
Google Releases Security Updates for Chrome
Google has released Chrome version 86.0.4240.198 for Windows, Mac, and Linux. This version addresses CVE-2020-16013 and CVE-2020-16017. An attacker could exploit one of these vulnerabilities to take control of an affected system. These vulnerabilities have been detected in exploits in the wild. T...
CERT/CC Reports Vulnerability in Universal Plug and Play Protocol
The CERT Coordination Center CERT/CC has released information on a vulnerability—CVE-2020-12695—affecting versions of the Universal Plug and Play UPnP protocol released before April 17, 2020. UPnP protocol allows networked devices to discover and connect with each other. A remote attacker could...
Samba Releases Security Updates
The Samba Team has released security updates to address vulnerabilities in Samba. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the Samba Securi...
Mozilla Releases Security Update for Thunderbird
Mozilla has released a security update to address vulnerabilities in Thunderbird. An attacker could exploit these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the Mozilla Security...
Microsoft Releases Out-of-Band Security Updates
Microsoft has released out-of-band security updates to address a vulnerability in Internet Explorer 9, 10, and 11. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild. The National Cybersecurity and...
Apache Releases Security Update for Apache Tomcat JK Connectors
The Apache Software Foundation has released a security update to address a vulnerability affecting Apache Tomcat JK Connectors 1.2.0 to 1.2.44. A remote attacker could exploit this vulnerability to obtain access to sensitive information. NCCIC encourages users and administrators to review the...
Microsoft Releases June Security Bulletin
Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, .NET Framework, Lync, and Dynamics AX as part of the Microsoft Security Bulletin Summary for June 2012. These vulnerabilities may allow an attacker to execute arbitrary code or operate with elevated...
CISA and FBI Release Known IOCs Associated with Androxgh0st Malware
Today, CISA and the Federal Bureau of Investigation FBI released a joint Cybersecurity Advisory CSA, Known Indicators of Compromise Associated with Androxgh0st Malware, to disseminate known indicators of compromise IOCs and tactics, techniques, and procedures TTPs associated with threat actors...