Unpatched Microsoft Exchange Servers Vulnerable to CVE-2020-0688

Microsoft Exchange Servers affected by a remote code execution vulnerability, known as CVE-2020-0688, continue to be an attractive target for malicious cyber actors. A remote attacker can exploit this vulnerability to take control of an affected system that is unpatched. Although Microsoft...

Mozilla Releases Security Updates for Firefox and Firefox ESR

Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators t...

Microsoft Releases March 2020 Security Updates

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review...

Intel Releases Security Updates

Intel has released security updates to address vulnerabilities in multiple products. An authenticated attacker with local access could exploit some of these vulnerabilities to gain escalation of privileges. The Cybersecurity and Infrastructure Security Agency CISA encourages users and...

Defending Against COVID-19 Cyber Scams

The Cybersecurity and Infrastructure Security Agency CISA warns individuals to remain vigilant for scams related to Coronavirus Disease 2019 COVID-19. Cyber actors may send emails with malicious attachments or links to fraudulent websites to trick victims into revealing sensitive information or...

Zoho Releases Security Update on ManageEngine Desktop Central

Zoho has released a security update on a vulnerability CVE-2020-10189 affecting ManageEngine Desktop Central build 10.0.473 and below. A remote attacker could exploit this vulnerability to take control of an affected system. ManageEngine Desktop Central is a unified endpoint management solution...

Point-to-Point Protocol Daemon Vulnerability

The CERT Coordination Center CERT/CC has released information on a vulnerability affecting Point-to-Point Protocol Daemon versions 2.4.2 through 2.4.8. A remote attacker can exploit this vulnerability to take control of an affected system. Point-to-Point Protocol Daemon is used to establish...

Cisco Releases Security Updates

Cisco has released security updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. The...

NCSC Releases Advisory on Securing Internet-Connected Cameras

The United Kingdom UK National Cyber Security Centre NCSC has released an advisory on securing internet-connected cameras such as smart security cameras and baby monitors. An attacker could gain access to unsecured, or poorly secured, internet-connected cameras to obtain live feeds or images. The...

ACSC Releases Securing Content Management Systems Guide

The Australian Cyber Security Centre ACSC has released a cybersecurity guide outlining strategies for identifying and minimizing risks to web servers from installed content management systems CMS. This guidance provides effective mitigation strategies organizations can use to better protect their...

Google Releases Security Updates for Chrome

Google has released Chrome version 80.0.3987.132 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the...

Social Security Administration Designates March 5 as National ‘Slam the Scam’ Day

In association with the Federal Trade Commission’s National Consumer Protection Week, the Social Security Administration SSA has designated March 5 as National “Slam the Scam” Day to educate Americans about telephone scammers impersonating government employees. These scammers aim to gain potentia...

National Consumer Protection Week

National Consumer Protection Week NCPW is March 1–7. This annual event encourages individuals and businesses to learn about their consumer rights and how to keep themselves secure. The Federal Trade Commission FTC and its NCPW partners provide free resources to protect consumers from fraud, scams...

Cisco Releases Security Updates

Cisco has released security updates to address vulnerabilities affecting FXOS, NX-OS, and Unified Computing System UCS software. A remote attacker could exploit some of these vulnerabilities to cause a denial-of-service condition. For updates addressing lower severity vulnerabilities, see the Cis...

New CWE List of Common Security Weaknesses

MITRE has released version 4.0 of the community-developed Common Weakness Enumeration CWE list. Previous CWE list versions describe common software security weaknesses. With version 4.0, the CWE list expands to include hardware security weaknesses. Additionally, version 4.0 simplifies the...

OpenSMTPD Releases Version 6.6.4p1 to Address a Critical Vulnerability

OpenSMTPD has released version 6.6.4p1 to address a critical vulnerability. A remote attacker could exploit this vulnerability to take control of an affected server. OpenSMTPD is an open-source server-side implementation of the Simple Mail Transfer Protocol SMTP that is part of the OpenBSD Projec...

Google Releases Security Updates for Chrome

Google has released Chrome version 80.0.3987.122 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the...

Google Releases Security Updates for Chrome

Google has released Chrome version 80.0.3987.116 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. Note: although Google published an entry on these updates on Tuesday, February 18, the associated Common...

Adobe Releases Security Updates for After Effects and Media Encoder

Adobe has released security updates to address vulnerabilities in After Effects and Media Encoder. An attacker could exploit these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review Adobe...

Cisco Releases Security Updates

Cisco has released security updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. The...

VMware Releases Security Updates for vRealize Operations for Horizon Adapter

VMware has released security updates to address multiple vulnerabilities in vRealize Operations for Horizon Adapter. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and...

North Korean Malicious Cyber Activity

The Cybersecurity and Infrastructure Security Agency CISA, the Federal Bureau of Investigation FBI, and the Department of Defense DoD have identified the following malware variants used by the North Korean government. The U.S. Government refers to malicious cyber activity by the North Korean...

Be Cautious of Romance Scams

This Valentine’s Day, the Cybersecurity and Infrastructure Security Agency CISA reminds users to be wary of internet romance scams. Cyber criminals partaking in this type of fraud target victims, gain their confidence, and convince them to transfer funds. When online dating, use caution and never...

New SchoolSafety.gov Provides Cyber Guidance for K-12 Schools

The Federal School Safety Clearinghouse just launched its website: SchoolSafety.gov. This website—a collaboration between the Department of Homeland Security and the U.S. Departments of Education, Justice, and Health and Human Services—features a fact sheet on Cyber Safety Considerations for K-12...

FBI Releases IC3 2019 Internet Crime Report

The Federal Bureau of Investigation FBI Internet Crime Complaint Center IC3 has released the 2019 Internet Crime Report, which includes statistics based on data reported by the public through the IC3 website. The top three crimes types reported by victims in 2019 were...

Intel Releases Security Updates

Intel has released security updates to address vulnerabilities in multiple products. An attacker could exploit these vulnerabilities to gain escalation of privileges. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the following Intel...

Mozilla Releases Security Updates for Multiple Products

Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators t...

Adobe Releases Security Updates for Multiple Products

Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the...

Microsoft Releases February 2020 Security Updates

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review...

Safer Internet Day

February 11, 2020, is Safer Internet Day, a worldwide event aimed at promoting the safe and positive use of digital technology for all users, especially children and teens. This year's theme—Together for a better internet—encourages everyone to play their part in creating a safer, more secure...

ACSC Releases Advisory on Mailto Ransomware Incidents

The Australian Cyber Security Centre ACSC has released an advisory on Mailto ransomware incidents. The ACSC has limited information regarding the initial intrusion vector for Mailto, also known as Kazakavkovkiz, but evidence suggests that Mailto actors may have used phishing and password spray...

Cisco Releases Security Updates for Multiple Products

Cisco has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories webpage. The Cybersecurity and...

Google Releases Security Updates for Chrome

Google has released Chrome 80 version 80.0.3987.87 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the...

IRS Launches “Identity Theft Central” Webpage

The Internal Revenue Service IRS has launched its “Identity Theft Central” webpage to provide 24/7 access to online information regarding tax-related identity theft and data security protection. Tax-related identity theft occurs when someone steals personal information to commit tax fraud. The...

OpenSMTPD Vulnerability

The CERT Coordination Center CERT/CC has released information on a vulnerability affecting OpenSMTPD. An attacker could exploit this vulnerability to take control of an affected system. OpenSMTPD is an open-source server-side implementation of the Simple Mail Transfer Protocol SMTP that is part o...

Adobe Releases Security Updates for Magento

Adobe has released security updates to address vulnerabilities affecting Magento Commerce and Open Source editions. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and...

Cisco Releases Security Updates for Cisco Small Business Switches

Cisco has released security updates to address vulnerabilities affecting Cisco Small Business Switches. A remote attacker could exploit one of these vulnerabilities to obtain sensitive information. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to...

Tax Identity Theft Awareness Week

Tax Identity Theft Awareness Week is February 3-7. The Federal Trade Commission FTC Tax Identity Theft Awareness Week webpage will provide webinars and other resources from FTC and its partners throughout the week to help educate the public on how to protect against identity theft this tax season...

Data Privacy Day: A Vision for the Future

January 28 is Data Privacy Day, an annual effort to empower individuals and organizations to respect privacy, safeguard data, and enable trust. This year, the National Cyber Security Alliance NCSA is bringing together experts on U.S. and international privacy for A Vision for the Future, an...

Apple Releases Multiple Security Updates

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the Apple...

Cisco Releases Security Updates

Cisco has released security updates to address a vulnerability affecting Cisco Webex Meetings Suite and Cisco Webex Meetings Online. A remote attacker could exploit this vulnerability to obtain sensitive information. The Cybersecurity and Infrastructure Security Agency CISA encourages users and...

NSA Releases Guidance on Mitigating Cloud Vulnerabilities

The National Security Agency NSA has released an information sheet with guidance on mitigating cloud vulnerabilities. NSA identifies cloud security components and discusses threat actors, cloud vulnerabilities, and potential mitigation measures. The Cybersecurity and Infrastructure Security Agenc...

Cisco Releases Security Updates

Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. The Cybersecurity...

Citrix Releases Security Updates for SD-WAN WANOP

Citrix has released security updates to address the CVE-2019-19781 vulnerability in Citrix SD-WAN WANOP. An attacker could exploit this vulnerability to take control of an affected system. Citrix has also released an Indicators of Compromise Scanner that aims to identify evidence of successful...

IC3 Issues Alert on Employment Scams

The Internet Crime Complaint Center IC3 has issued an alert warning consumers of fake jobs and hiring scams targeting applicants’ personally identifiable information PII. Cyber criminals posing as legitimate employers spoof company websites and post fake job openings to lure victims. Cyber...

Increased Emotet Malware Activity

The Cybersecurity and Infrastructure Security Agency CISA is aware of a recent increase in targeted Emotet malware attacks. Emotet is a sophisticated Trojan that commonly functions as a downloader or dropper of other malware. Emotet primarily spreads via malicious email attachments and attempts t...

Reminder: Safeguard Websites from Cyberattacks

Protect personal and organizational public-facing websites from defacement, data breaches, and other types of cyberattacks by following cybersecurity best practices. The Cybersecurity and Information Security Agency CISA encourages users and administrators to review CISA’s updated Tip on Website...

Samba Releases Security Updates

The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit one of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to...

Google Releases Security Updates for Chrome

Google has released Chrome version 79.0.3945.130 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the...

Citrix Adds SD-WAN WANOP, Updated Mitigations to CVE-2019-19781 Advisory

Citrix has released an article with updates on CVE-2019-19781, a vulnerability affecting Citrix Application Delivery Controller ADC and Citrix Gateway. This vulnerability also affects Citrix SD-WAN WANOP product versions 10.2.6 and version 11.0.3. The article includes updated mitigations for Citr...