4188 matches found
VMware Releases Security Update for VeloCloud
VMware has released a security update to address a vulnerability in VeloCloud. An attacker could exploit this vulnerability to obtain sensitive information. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review VMware Security Advisory...
CISA Releases Securing Industrial Control Systems: A Unified Initiative
The Cybersecurity and Infrastructure Security Agency CISA has released its five-year industrial control systems ICS strategy: Securing Industrial Control Systems: A Unified Initiative. The strategy—developed in collaboration with industry and government partners—lays out CISA's plan to improve,...
F5 Releases Security Advisory for BIG-IP TMUI RCE vulnerability, CVE-2020-5902
F5 has released a security advisory to address a remote code execution RCE vulnerability—CVE-2020-5902—in the BIG-IP Traffic Management User Interface TMUI. An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CIS...
Samba Releases Security Updates
The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to...
Mozilla Releases Security Updates for Firefox and Firefox ESR
Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators t...
Cisco Releases Security Updates for Multiple Products
Cisco has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the...
Microsoft Releases Security Updates for Windows 10, Windows Server
Microsoft has released security updates to address vulnerabilities in Windows 10 and Windows Server. These vulnerabilities could allow a remote attacker to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review t...
Palo Alto Releases Security Updates for PAN-OS
Palo Alto Networks has released security updates to address a vulnerability affecting the use of Security Assertion Markup Language in PAN-OS. An unauthenticated attacker with network access could exploit this vulnerability to obtain sensitive information. The Cybersecurity and Infrastructure...
Netgear Router Vulnerabilities
Multiple Netgear router models contain vulnerabilities that a remote attacker can exploit to take control of an affected device. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to update to the most recent firmware version and to replace end-of-life...
Apache Releases Security Advisory for Apache Tomcat
The Apache Software Foundation has released a security advisory to address a vulnerability in Apache Tomcat. An attacker could exploit this vulnerability to cause a denial-of-service condition. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review...
Cisco Releases Security Advisory for Telnet Vulnerability in IOS XE Software
Cisco has released a security advisory on a Telnet vulnerability—CVE-2020-10188—affecting Cisco IOS XE devices. A remote attacker could exploit this vulnerability to take control of an affected system. The advisory contains workarounds as well as indicators of compromise. The Cybersecurity and...
VMware Releases Security Updates for Multiple Products
VMware has released security updates to address multiple vulnerabilities in VMware ESXi, Workstation, Fusion, and Cloud Foundation. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages...
Google Releases Security Updates for Chrome
Google has released Chrome version 83.0.4103.116 for Windows, Mac, and Linux. This version addresses a vulnerability that a remote attacker could exploit to cause a denial-of-service condition. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review...
Adobe Releases Security Updates for Magento
Adobe has released security updates to address vulnerabilities in Magento Commerce 1 and Magento Open Source 1. An attacker could exploit one of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrato...
ACSC Releases Advisory on Cyber Campaign using Copy-Paste Compromises
The Australian Cyber Security Centre ACSC has released an advisory regarding an ongoing cyber campaign involving “copy-paste compromises” targeting Australian government and commercial networks. According to the advisory, a sophisticated malicious cyber actor is carrying out the campaign using...
Microsoft Releases Security Updates for Windows
Microsoft has released security updates to address a vulnerability in Windows 10 version 1903. An attacker could exploit this vulnerability to overwrite or modify a protected file and gain elevated privileges. The Cybersecurity and Infrastructure Security Agency CISA encourages users and...
CERT NZ Releases Advisory on Ransomware Campaign
The New Zealand Computer Emergency Response Team CERT NZ has released an advisory on a ransomware campaign leveraging remote access technologies. Malicious cyber actors are targeting organizations’ networks through remote access tools, such as Remote Desktop Protocol and virtual private networks,...
Cisco Releases Multiple Security Updates
Cisco has released security updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. The...
ISC Releases Security Advisories for BIND
The Internet Systems Consortium ISC has released security advisories that address vulnerabilities affecting multiple versions of ISC Berkeley Internet Name Domain BIND. A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition. The Cybersecurity and Infrastructu...
Drupal Releases Security Updates
Drupal has released security updates to address vulnerabilities affecting Drupal 7, 8.8, 8.9, and 9.0. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators ...
Adobe Releases Security Updates for Multiple Products
Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the following...
Google Releases Security Updates for Chrome
Google has released Chrome version 83.0.4103.106 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the...
Ripple20 Vulnerabilities Affecting Treck IP Stacks
The Cybersecurity and Infrastructure Security Agency CISA is aware of multiple vulnerabilities, known as Ripple20, affecting Treck IP stack implementations for embedded systems. A remote attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages user...
WordPress Releases Security and Maintenance Update
WordPress 5.4.1 and prior versions are affected by multiple vulnerabilities. An attacker could exploit some of these vulnerabilities to take control of an affected website. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the WordPress Securi...
IC3 Releases Alert on Mobile Banking Apps
The Internet Crime Complaint Center IC3 has released an alert warning consumers of cyber risks associated with mobile banking apps. As more consumers rely on mobile apps for banking, malicious cyber actors are likely to increasingly target them with app-based banking Trojans and fake banking apps...
VMware Releases Security Update for Horizon Client for Windows
VMware has released a security update to address a vulnerability in Horizon Client for Windows. An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review VMware Securi...
Microsoft Releases June 2020 Security Updates
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review...
CERT/CC Reports Vulnerability in Universal Plug and Play Protocol
The CERT Coordination Center CERT/CC has released information on a vulnerability—CVE-2020-12695—affecting versions of the Universal Plug and Play UPnP protocol released before April 17, 2020. UPnP protocol allows networked devices to discover and connect with each other. A remote attacker could...
Adobe Releases Security Updates
Adobe has released security updates to address vulnerabilities in Flash Player, Experience Manager, and Framemaker. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and...
Unpatched Microsoft Systems Vulnerable to CVE-2020-0796
The Cybersecurity and Infrastructure Security Agency CISA is aware of publicly available and functional proof-of-concept PoC code that exploits CVE-2020-0796 in unpatched systems. Although Microsoft disclosed and provided updates for this vulnerability in March 2020, malicious cyber actors are...
Google Releases Security Updates for Chrome
Google has released Chrome version 83.0.4103.97 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the...
Cisco Releases Security Updates for Multiple Products
Cisco has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the Cis...
Mozilla Releases Security Updates for Firefox and Firefox ESR
Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators t...
Apple Releases Security Updates
Apple has released security updates to address a vulnerability in multiple products. An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the Apple security pages...
Cisco Releases Security Updates for NX-OS Software
Cisco has released security updates to address a vulnerability in NX-OS Software. A remote attacker could exploit this vulnerability to cause a denial-of-service condition. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the Cisco Security...
Hurricane-Related Scams
June 1 marks the official start of the 2020 Atlantic hurricane season. The Cybersecurity and Infrastructure Security Agency CISA warns users to remain on alert for malicious cyber activity targeting potential disaster victims and charitable donors following a hurricane. Fraudulent emails—often...
VMware Releases Security Updates for Multiple Products
VMware has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit one of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the...
Cisco Releases Security Updates for CML and VIRL-PE
Cisco has released security updates to address SaltStack FrameWork vulnerabilities in Cisco Modeling Labs Corporate Edition CML and Virtual Internet Routing Lab Personal Edition VIRL-PE. A remote attacker could exploit these vulnerabilities to take control of an affected system. The Cybersecurity...
NSA Releases Advisory on Sandworm Actors Exploiting an Exim Vulnerability
The National Security Agency NSA has released a cybersecurity advisory on Russian advanced persistent threat APT group Sandworm exploiting a vulnerability—CVE-2019-10149—in Exim Mail Transfer Agent MTA software. An unauthenticated remote attacker can use this vulnerability to send a specially...
Apple Releases Security Updates
Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the App...
Microsoft Releases Security Update for Edge
Microsoft has released a security update to address a vulnerability in Edge Chromium-based. A remote attacker could exploit this vulnerability to write files to arbitrary locations and gain elevated privileges. The Cybersecurity and Infrastructure Security Agency CISA encourages users and...
ACSC Releases Cyber Criminal and APT Tradecraft Trends for 2019-2020
The Australian Cyber Security Centre ACSC has released a summary of trends for 2019-2020 outlining tactics, techniques, and procedures TTPs used by cyber criminals and advanced persistent threat APT groups to target Australian networks. ACSC uses the MITRE Adversarial Tactics, Techniques, and...
CISA, DOE, and UK’s NCSC Issue Guidance on Protecting Industrial Control Systems
The Cybersecurity and Infrastructure Security Agency CISA, the Department of Energy DOE, and the UK's National Cyber Security Centre NCSC have released Cybersecurity Best Practices for Industrial Control Systems, an infographic providing recommended cybersecurity practices for industrial control...
Cisco Releases Security Updates
Cisco has released security updates to address vulnerabilities in Unified CCX software and Prime Network Registrar. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and...
CISA, IRS, USSS, and Treasury Release Joint Alert on Scams Related to Coronavirus Economic Impact Payments
The Cybersecurity and Infrastructure Security Agency CISA, U.S. Department of the Treasury, Internal Revenue Service IRS, and United States Secret Service USSS have released a Joint Alert with mitigations to help Americans avoid scams related to coronavirus economic impact payments—particularly...
Drupal Releases Security Updates
Drupal has released security updates to address vulnerabilities affecting Drupal 7, 8.7, and 8.8. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to...
Apple Releases Security Update for Xcode
Apple has released a security update to address a vulnerability in Xcode. A remote attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the Apple security page for...
Adobe Releases Security Updates
Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit these vulnerabilities to obtain sensitive information. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the following Adobe Securit...
VMware Releases Security Update for Cloud Director
VMware has released security updates to address a vulnerability in VMware Cloud Director formerly known as vCloud Director. A remote attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and...
Google Releases Security Updates for Chrome
Google has released Chrome version 83.0.4103.61 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the...