4188 matches found
Microsoft Releases Security Advisory on Internet Explorer Vulnerability
Microsoft has released a security advisory to address a critical vulnerability in Internet Explorer. A remote attacker could exploit this vulnerability to take control of an affected system. According to the advisory, “Microsoft is aware of limited targeted attacks.” The Cybersecurity and...
Adobe Releases Security Updates
Adobe has released security updates to address vulnerabilities in Illustrator CC and Experience Manager. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to...
Oracle Releases January 2020 Security Bulletin
Oracle has released its Critical Patch Update for January 2020 containing 334 new security patches to address vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Securit...
Microsoft Releases January 2020 Security Updates
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review...
Intel Releases Security Updates
Intel has released security updates to address vulnerabilities in multiple products. An authenticated attacker with local access could exploit some of these vulnerabilities to gain escalation of privileges. The Cybersecurity and Infrastructure Security Agency CISA encourages users and...
VMware Releases Security Update
VMware has released a security update to address a vulnerability in VMware Tools. An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review VMware Security Advisory...
CISA Releases Emergency Directive and Activity Alert on Critical Microsoft Vulnerabilities
The Cybersecurity and Infrastructure Security Agency CISA has released an Emergency Directive and Activity Alert addressing critical vulnerabilities affecting Windows CryptoAPI, Windows Remote Desktop Gateway RD Gateway, and Windows Remote Desktop Client. A remote attacker could exploit these...
CISA Releases Test for Citrix ADC and Gateway Vulnerability
The Cybersecurity and Infrastructure Security Agency CISA has released a utility that enables users and administrators to test whether their Citrix Application Delivery Controller ADC and Citrix Gateway software is susceptible to the CVE-2019-19781 vulnerability. According to Citrix Security...
Cisco Releases Security Updates for Multiple Products
Cisco has released security updates to address vulnerabilities in Cisco Webex Video Mesh, Cisco IOS, and Cisco IOS XE Software. A remote attacker could exploit these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Securit...
Juniper Networks Releases Security Updates
Juniper Networks has released security updates to address multiple vulnerabilities in various Juniper products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and...
Mozilla Releases Security Updates for Firefox and Firefox ESR
Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the...
Citrix Application Delivery Controller and Citrix Gateway Vulnerability
The CERT Coordination Center CERT/CC has released information on a vulnerability affecting Citrix Application Delivery Controller and Citrix Gateway. A remote attacker could exploit this vulnerability to run arbitrary code on a targeted system. This vulnerability was detected in exploits in the...
Google Releases Security Updates for Chrome
Google has released security updates for Chrome version 79.0.3945.117 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and...
Mozilla Patches Critical Vulnerability
Mozilla has released security updates to address a vulnerability in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild. The Cybersecurity and Infrastructure Security...
Cisco Releases Security Updates
Cisco has released security updates to address multiple vulnerabilities in Data Center Network Manager DCNM. A remote attacker could exploit these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities see the Cisco Security Advisories webpage...
Release of New CISA Insights on Increased Geopolitical Tensions and Threats
Stakeholders, Today, the Cybersecurity and Infrastructure Security Agency CISA issued a CISA Insights document entitled, “Increased Geopolitical Tensions and Threats” pertaining to the increased tension with Iran. You can read the new CISA Insights at CISA.gov/insights. As the Nation’s risk...
DHS Releases NTAS Bulletin
Today, Acting Secretary of Homeland Security Chad Wolf reissued the NTAS bulletin pertaining to the terror threat to the U.S. homeland. Upfront, you should know that: “At this time there is no specific, credible threat against the homeland.” You can read the new, entire bulletin at National...
Reminder: CISA Publishes Weekly Vulnerability Summaries
Did you know that the Cybersecurity and Infrastructure Security Agency CISA publishes a weekly Vulnerability Bulletin? This recurring item provides a summary of all new vulnerabilities that have been recorded by the CISA-sponsored National Institute of Standards and Technology NIST National...
Secure New Internet-Connected Devices
During the holidays, internet-connected devices—also known as Internet of Things IoT devices—are popular gifts. These include smart cameras, smart TVs, watches, toys, phones, and tablets. Although this technology provides added convenience to our lives, it often requires that we share personal an...
Drupal Releases Security Updates
Drupal has released security updates to address vulnerabilities in Drupal 7.x, 8.7.x, and 8.8.x. An attacker could exploit some of these vulnerabilities to modify data on an affected website. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review t...
Google Releases Security Updates for Chrome for Windows, Mac, and Linux
Google has released Chrome version 79.0.3945.88 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the...
Microsoft Releases Information on CVE-2019-1491
Microsoft has released information about CVE-2019-1491, a vulnerability in SharePoint Server. An attacker could exploit this vulnerability to obtain sensitive information. Microsoft released security updates for this vulnerability as part of its December 2019 Security Updates. The Cybersecurity a...
WordPress Releases Security and Maintenance Updates
WordPress 5.3 and prior versions are affected by multiple vulnerabilities. An attacker could exploit some of these vulnerabilities to take control of an affected website. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the WordPress Security...
Google Releases Security Updates for Chrome
Google has released Chrome version 79.0.3945.79 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the...
Microsoft Releases December 2019 Security Updates
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review...
Apple Releases Multiple Security Updates
Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the Apple...
Adobe Releases Security Updates
Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the...
Samba Releases Security Updates
The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit one of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to...
Intel Releases Security Updates
Intel has released security updates to address vulnerabilities in multiple products. An authenticated attacker with local access could exploit some of these vulnerabilities to gain escalation of privileges. The Cybersecurity and Infrastructure Security Agency CISA encourages users and...
VMware Releases Security Updates for ESXi and Horizon DaaS
VMware has released security updates to address a vulnerability in ESXi and Horizon DaaS. An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review VMware Security...
NCSC-NZ Releases Cyber Governance Resource for Leaders
The New Zealand National Cyber Security Centre NCSC-NZ has released an article on a new cybersecurity governance resource to support public and private sector leaders in making decisions about their cybersecurity resilience and risk. NCSC-NZ developed this governance—a series of documents with...
ACSC Releases Fundamentals of Cross Domain Solutions
The Australian Cyber Security Centre ACSC has released a cybersecurity guide outlining the fundamentals of cross domain solution CDS technologies. This guidance provides cross domain security principles to enable organizations to share information securely across separated networks. The...
Microsoft Releases Security Advisory for Windows Hello for Business
Microsoft has released a Security Advisory to address an issue in Windows Hello for Business WHfB. An attacker could exploit this issue on devices that were affected by CVE-2017-15361, also known as Return of Coppersmith’s Attack ROCA, to take control of an affected system. The Cybersecurity and...
Mozilla Releases Security Updates for Firefox and Firefox ESR
Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators t...
CISA Releases Draft of Binding Operational Directive on Developing a Vulnerability Disclosure Policy
The Cybersecurity and Infrastructure Security Agency CISA has released a draft of Binding Operational Directive BOD 20-01, Develop and Publish a Vulnerability Disclosure Policy. BOD 20-01 will require each federal agency to publish a vulnerability disclosure policy VDP. CISA has posted the draft...
Cyber Monday: Tips for Safeguarding Personal Information
Cyber Monday draw millions of shoppers online for deals and savings, but this day also provides opportunities for an attacker to steal personal information. The Cybersecurity and Infrastructure Security Agency CISA reminds users to remain vigilant when browsing or shopping online. CISA encourages...
Caller Poses as CISA Rep in Extortion Scam
The Cybersecurity and Infrastructure Security Agency CISA is aware of a phone scam where a caller pretends to be a CISA representative. The scammer claims to have knowledge of the potential victim’s questionable behavior and attempts to extort money. If you receive a threatening call from someone...
Black Friday Shopping: Protect Your Identity
Black Friday is one of the most lucrative shopping days of the year for retailers in brick-and-mortar shops and online, but shoppers aren't the only ones looking for deals. Malicious people may be able to obtain personal information such as credit card numbers, phone numbers, account numbers, and...
Securing Portable Electronic Devices During Travel
Holiday travelers often use portable electronic devices PEDs because they offer a range of conveniences, for example, enabling the traveler to order gifts on-the-go, access to online banking, or download boarding passes. However, these devices are vulnerable to cyberattack or theft, resulting in...
Microsoft Releases Outlook for Android Security Update
Microsoft has released an update to address a vulnerability in Outlook for Android. An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the Microsoft Security...
ISC Releases Security Advisory for BIND
The Internet Systems Consortium ISC has released a security advisory that addresses a vulnerability affecting multiple versions of ISC Berkeley Internet Name Domain BIND. A remote attacker could exploit this vulnerability to cause a denial-of-service condition. The Cybersecurity and Infrastructur...
National Tax Security Awareness Week is December 2–6
The Internal Revenue Service IRS has released an article announcing that National Tax Security Awareness Week will be held December 2–6. The annual recognition event will feature a series of resources and tips to help taxpayers and tax professionals protect their data and identities against...
Google Releases Security Updates for Chrome
Google has released Chrome 78.0.3904.108 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the Chrome...
FTC Provides Tips on Safeguarding Data Before Upgrading Mobile Phones
The Federal Trade Commission FTC has released an article with tips on how to protect personal information before trading in a mobile phone for a newer model. FTC recommends the following four steps to safeguard these devices: Back up data. Remove SIM and SD cards. Erase personal information. Veri...
NSA Releases Cyber Advisory: Managing Risk from Transport Layer Security Inspection
The National Security Agency NSA has released a Cyber Advisory that addresses managing risk from Transport Layer Security Inspection TLSI. This short, informative document defines TLSI a security process that allows incoming traffic to be decrypted, inspected, and re-encrypted, explains some risk...
Reminder: Malware Can Exploit Improper Configurations
Protect yourself from unwanted—and potentially harmful—files or programs by adhering to vendor-recommended configurations for hardware and software. Doing so in addition to maintaining regular patch maintenance, will help give your systems and networks the best security possible. The Cybersecurit...
NCSC-NZ Releases Annual Cyber Threat Report
The New Zealand National Cyber Security Centre NCSC-NZ has released their annual report detailing cyber threats and incidents affecting New Zealand from July 2018 to June 2019. During this period, NCSC-NZ recorded an increase in the severity of cybersecurity incidents—particularly from...
VMware Releases Security Updates
VMware has released security updates to address vulnerabilities in ESXi, Workstation, and Fusion. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review...
Adobe Releases Security Updates
Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the...
Intel Releases Security Updates
Intel has released security updates to address vulnerabilities in multiple products. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the following Intel advisories and apply the necessary updates: BMC Advisory INTEL-SA-00313 UEFI Advisory...