4188 matches found
Microsoft Releases Security Advisory for Windows DNS Servers
Microsoft has released a security advisory that addresses a vulnerability affecting Windows DNS Servers. An attacker could exploit this vulnerability to cause a denial-of-service condition. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review...
ISC Releases Security Advisory for BIND
The Internet Systems Consortium ISC has released security advisories that addresses vulnerabilities affecting multiple versions of ISC Berkeley Internet Name Domain BIND. A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition. The Cybersecurity and...
CISA-FBI Joint Announcement on PRC Targeting of COVID-19 Research Organizations
The Cybersecurity and Infrastructure Security Agency CISA and the Federal Bureau of Investigation FBI have jointly released a Public Service Announcement on the People’s Republic of China’s targeting of COVID-19 research organizations. CISA and FBI encourage COVID-19 research organizations to...
Adobe Releases Security Updates
Adobe has released security updates to address vulnerabilities affecting Adobe DNG Software Development Kit, Acrobat, and Reader. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourag...
North Korean Malicious Cyber Activity
The Cybersecurity and Infrastructure Security Agency CISA, the Federal Bureau of Investigation FBI, and the Department of Defense DoD have identified three malware variants—COPPERHEDGE, TAINTEDSCRIBE, and PEBBLEDASH—used by the North Korean government. In addition, U.S. Cyber Command has released...
Microsoft Releases May 2020 Security Updates
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review...
VMware Publishes Workarounds for Vulnerabilities in vRealize Operations Manager
VMware has published workarounds to address unpatched vulnerabilities in vRealize Operations Manager vROps. A remote attacker could exploit these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to...
Cisco Releases Security Updates for Multiple Products
Cisco has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the Cis...
Mozilla Releases Security Updates for Firefox and Firefox ESR
Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the...
Google Releases Security Updates for Chrome
Google has released Chrome version 81.0.4044.138 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the...
SaltStack Patches Critical Vulnerabilities in Salt
SaltStack has released a security update to address critical vulnerabilities affecting Salt versions prior to 2019.2.4 and 3000.2. Salt is an open-source remote task and configuration management framework widely used in data centers and cloud servers. A remote attacker could exploit these...
Unpatched Oracle WebLogic Servers Vulnerable to CVE-2020-2883
Oracle has released a blog post warning users that a previously disclosed Oracle WebLogic Server remote code execution vulnerability CVE-2020-2883 is being exploited in the wild. Oracle disclosed the vulnerability and provided software patches in their April 2020 Critical Patch Update; however,...
Cisco Releases Security Updates for IOS XE SD-WAN Solution Software
Cisco has released security updates to address a vulnerability in IOS XE SD-WAN Solution software. An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the Cisco...
WordPress Releases Security Update
WordPress 5.4 and prior versions are affected by multiple vulnerabilities. An attacker could exploit some of these vulnerabilities to take control of an affected website. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the WordPress Security...
Adobe Releases Security Updates for Multiple Products
Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the following...
VMware Releases Security Updates for ESXi
VMware has released security updates to address a vulnerability in ESXi. An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review VMware Security Advisory...
Google Releases Security Updates for Chrome
Google has released Chrome version 81.0.4044.129 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the...
Samba Releases Security Updates
The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit one of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to...
Juniper Releases Security Updates for Junos OS
Juniper has released security updates to address a vulnerability affecting multiple versions of Junos operating systems. A remote attacker can exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and...
NSA, ASD Release Guidance for Mitigating Web Shell Malware
The U.S. National Security Agency NSA and the Australian Signals Directorate ASD have jointly released a Cybersecurity Information Sheet CSI on mitigating web shell malware. Malicious cyber actors are increasingly deploying web shell malware on victim web servers to execute arbitrary system...
Google Releases Security Updates for Chrome
Google has released Chrome version 81.0.4044.122 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the...
OpenSSL Releases Security Update
OpenSSL version 1.1.1g has been released to address a vulnerability affecting versions 1.1.1d–1.1.1f. An attacker could exploit this vulnerability to cause a denial-of-service condition. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the...
Microsoft Releases Security Updates for Multiple Products
Microsoft has released security updates to address multiple vulnerabilities in products that use the Autodesk FBX library. These include Office 2016, Office 2019, Office 365 ProPlus, and Paint 3D. A remote attacker can exploit these vulnerabilities to take control of an affected system. The...
IC3 Releases Alert on Extortion Email Scams
The Internet Crime Complaint Center IC3 has released an alert warning of a recent increase in extortion email scams. Cyber criminals threaten to release sexually explicit photos or videos of victims unless they agree to send payment. The Cybersecurity and Infrastructure Security Agency CISA...
Apple Releases Security Update for Xcode
Apple has released a security update to address vulnerabilities in Xcode. A remote attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the Apple security page for...
Cisco Releases Security Updates for Multiple Products
Cisco has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the...
Google Releases Security Updates
Google has released Chrome version 81.0.4044.113 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the...
Oracle Releases April 2020 Security Bulletin
Oracle has released its Critical Patch Update for April 2020 to address 397 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and...
VMware Releases Security Updates for vRealize Log Insight
VMware has released security updates to address vulnerabilities in VMware vRealize Log Insight. An attacker could exploit these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review VMware...
Intel Releases Security Updates
Intel has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to gain escalation of privileges. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the following Inte...
Microsoft Releases April 2020 Security Updates
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review...
Adobe Releases Security Updates for Multiple Products
Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the following...
VMware Releases Security Updates for VMware Directory Service
VMware has released security updates to address a vulnerability in VMware Directory Service vmdir. An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review VMware...
Juniper Networks Releases Security Updates
Juniper Networks has released security updates to address multiple vulnerabilities in various Juniper products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and...
Mozilla Releases Security Updates for Firefox, Firefox ESR
Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review Mozil...
Google Releases Security Updates
Google has released Chrome version 81.0.4044.92 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the...
Mozilla Patches Critical Vulnerabilities in Firefox, Firefox ESR
Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit these vulnerabilities to take control of an affected system. These vulnerabilities have been detected in exploits in the wild. The Cybersecurity and Infrastructure Security Agenc...
FBI Releases Guidance on Defending Against VTC Hijacking and Zoom-bombing
The Federal Bureau of Investigation FBI has released an article on defending against video-teleconferencing VTC hijacking referred to as “Zoom-bombing” when attacks are to the Zoom VTC platform. Many organizations and individuals are increasingly dependent on VTC platforms, such as Zoom and...
MS-ISAC Releases Advisory on DrayTek Devices
The Multi-State Information Sharing & Analysis Center MS-ISAC has released an advisory regarding two vulnerable command injection points in DrayTek devices CVE-2020-8515. An attacker could exploit these vulnerabilities to take control of an affected system. These vulnerabilities were detected in...
Google Releases Security Updates for Chrome
Google has released Chrome version 80.0.3987.162 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the...
Apple Releases Security Updates
Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the Apple...
Adobe Releases Security Update for Creative Cloud Desktop Application
Adobe has released a security update to address a vulnerability in Creative Cloud Desktop Application. An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review Adobe...
Microsoft RCE Vulnerabilities Affecting Windows, Windows Server
Microsoft has released a security advisory to address remote code execution vulnerabilities in Adobe Type Manager Library affecting all currently supported versions of Windows and Windows Server operating systems. A remote attacker can exploit these vulnerabilities to take control of an affected...
Google Releases Security Updates for Chrome
Google has released Chrome version 80.0.3987.149 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the...
Drupal Releases Security Updates
Drupal has released security updates to address vulnerabilities affecting Drupal 8.7.x and 8.8.x. An attacker could exploit these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the Drup...
Cisco Releases Security Updates for SD-WAN Solution Software
Cisco has released security updates to address multiple vulnerabilities in SD-WAN Solution software. An attacker could exploit these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories webpage. The...
Adobe Releases Security Updates for Multiple Products
Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the following...
VMware Releases Security Updates for Multiple Products
VMware has released security updates to address vulnerabilities in multiple products. An attacker could exploit these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review VMware Security...
Microsoft Releases Out-of-Band Security Updates for SMB RCE Vulnerability
Microsoft has released out-of-band security updates to address a remote code execution vulnerability CVE-2020-0796 in Microsoft Server Message Block 3.1.1 SMBv3. A remote attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security...
Microsoft Server Message Block RCE Vulnerability
Microsoft has released a security advisory to address a remote code execution vulnerability CVE-2020-0796 in Microsoft Server Message Block 3.1.1 SMBv3. A remote attacker can exploit this vulnerability to take control of an affected system. SMB is a network file-sharing protocol that allows clien...