Microsoft Releases November 2019 Security Updates

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review...

Holiday Shopping, Phishing, and Malware Scams

As this holiday season approaches, the Cybersecurity and Infrastructure Security Agency CISA encourages users to be aware of potential holiday scams and malicious cyber campaigns, particularly when browsing or shopping online. Cyber actors may send emails and ecards containing malicious links or...

Cisco Releases Security Updates

Cisco has released security updates to address vulnerabilities in Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities see the Cisco Security Advisories webpage. The Cybersecurity...

U.S. Cyber Command Shares Seven New Malware Samples

U.S. Cyber Command has released seven malware samples to the malware aggregation tool and repository, VirusTotal. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review U.S. Cyber Command’s VirusTotal page to view the samples. CISA also recommends...

CISA Launches “Cyber Essentials” for Small Businesses and Small SLTT Governments

The Cybersecurity and Infrastructure Security Agency CISA has launched Cyber Essentials, an effort to assist small organizations in understanding and addressing cybersecurity risks. Developed in partnership with small businesses and small state, local, tribal, and territorial SLTT governments,...

CSET Version 9.2 Now Available

The Cybersecurity and Infrastructure Security Agency CISA has released version 9.2 of its Cyber Security Evaluation Tool CSET. CSET is a desktop software tool that guides asset owners and operators through a consistent process for evaluating control system networks as part of a comprehensive...

National Critical Infrastructure Security and Resilience Month

November is National Critical Infrastructure Security and Resilience Month. The Nation’s critical infrastructure CI relies on a highly interdependent environment, in which physical and cyber systems converge. CI plays a vital role in keeping our Nation and communities safe and secure. Everyone is...

North Korean Malicious Cyber Activity

The Cybersecurity and Infrastructure Security Agency CISA, the Federal Bureau of Investigation FBI, and the Department of Defense DoD have identified a Trojan malware variant—referred to as HOPLIGHT—used by the North Korean government. The U.S. Government refers to malicious cyber activity by the...

Google Releases Security Updates for Chrome

Google has released Chrome version 78.0.3904.87 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. One of these vulnerabilities CVE-2019-13720 was detected in exploits in the wild. The Cybersecurity and...

Apple Releases Security Updates

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the Apple...

MS-ISAC Releases EOS Software Report List

The Multi-State Information Sharing and Analysis Center MS-ISAC has released an end-of-support EOS software report list. Software that has reached its EOS date no longer receives security updates and patches from the vendor and is, therefore, susceptible to exploitation from security...

MS-ISAC Releases Advisory on PHP Vulnerabilities

The Multi-State Information Sharing & Analysis Center MS-ISAC has released an advisory on multiple Hypertext Preprocessor PHP vulnerabilities. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA...

Microsoft Reports Global Cyberattacks on Sporting and Anti-Doping Organizations from Russian Espionage Actors

Microsoft publicly released information revealing an uptick in cyberattacks globally targeting anti-doping authorities and sporting organizations. The Microsoft Threat Intelligence Center MSTIC routinely tracks malicious activity originating from the Russian advanced persistent threat APT group 2...

FTC Provides Tips for Warding Off Hackers

The Federal Trade Commission FTC has released an article with tips on how protect your personal information from being stolen by hackers. In support of National Cybersecurity Awareness Month NCSAM, FTC provides recommendations on how to safeguard phones, computers, accounts, and personally...

Samba Releases Security Updates

The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit some of these vulnerabilities to obtain sensitive information. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review t...

ACSC Releases Advisory on Emotet Malware Campaign

The Australian Cyber Security Centre ACSC has released an advisory on an ongoing, widespread Emotet malware campaign. Emotet is a Trojan—commonly spread via malicious email attachments—that attempts to proliferate within a network by brute forcing user credentials and writing to shared drives. AC...

FBI Expands Election Security Resources

The Federal Bureau of Investigation FBI has released additional election security resources as part of the Protected Voices initiative. Created in partnership with FBI, the Department of Homeland Security, and the Office of the Director of National Intelligence, Protected Voices is an effort to...

IRS Releases Recommendations to Keep Children and Teens Safe Online

The Internal Revenue Service IRS has issued a news release urging parents and families to be wary of the risks posed when sharing home devices, shopping online, and using social media. As part of National Cybersecurity Awareness Month NCSAM, the Cybersecurity and Infrastructure Security Agency CI...

Mozilla Releases Security Update for Thunderbird

Mozilla has released a security update to address vulnerabilities in Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the Mozilla...

NCSC Releases 2019 Annual Review

The United Kingdom's UK National Cyber Security Centre NCSC has released its Annual Review for 2019, which reports their work and key accomplishments from September 1, 2018, to August 31, 2019. NCSC provides enhanced services to protect the UK against cybersecurity threats. The Cybersecurity and...

EOL D-Link Routers Vulnerable to Remote Command Execution

The CERT Coordination Center CERT/CC has released information on a vulnerability CVE-2019-16920 affecting multiple D-Link routers. A remote attacker could exploit this vulnerability to take control of an affected device. D-Link no longer provides support to the affected end-of-life EOL devices, a...

FBI Releases Article on Defending Against E-Skimming

The Federal Bureau of Investigation FBI has released an article to raise awareness on e-skimming threats. E-skimming occurs when an attacker injects malicious code onto a website to capture credit or debit card data or personally identifiable information PII. The Cybersecurity and Infrastructure...

Juniper Networks Releases Junos OS Security Advisory

Juniper Networks has released a security update to address a vulnerability in Junos OS. An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the Juniper Security...

Mozilla Releases Security Updates for Firefox and Firefox ESR

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the...

Google Releases Security Updates for Chrome

Google has released Chrome version 78.0.3904.70 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the...

Beware of Stalking Apps

The Federal Trade Commission FTC has released an article warning consumers of “stalking apps”—spyware that secretly monitors smartphones. These apps can share information like call history, text messages, photos, GPS locations, and browser history without the user's knowledge. Although this can b...

FTC Promotes International Charity Fraud Awareness Week

The Federal Trade Commission FTC has released an article promoting International Charity Fraud Awareness Week ICFAW, which runs October 21–25. FTC, the National Association of State Charities Officials, and state and international partners coordinated this campaign to help both charities and dono...

NSA and NCSC Release Joint Advisory on Turla Group Activity

The National Security Agency NSA and the United Kingdom National Cyber Security Centre NCSC have released a joint advisory on advanced persistent threat APT group Turla—widely reported to be Russian and also known as Snake, Uroburos, VENEMOUS BEAR, or Waterbug. The advisory provides an update to...

ISC Releases Security Advisories for BIND

The Internet Systems Consortium ISC has released security advisories that address vulnerabilities affecting multiple versions of ISC Berkeley Internet Name Domain BIND. A remote attacker could exploit one of these vulnerabilities to obtain sensitive information. The Cybersecurity and Infrastructu...

Cisco Releases Security Updates

Cisco has released security updates to address vulnerabilities in Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities see the Cisco Security Advisories page. The Cybersecurity an...

Multiple Vulnerabilities in Pulse Secure VPN

The CERT Coordination Center CERT/CC has released information on multiple vulnerabilities affecting Pulse Secure Virtual Private Network VPN. An attacker could exploit these vulnerabilities to take control of an affected system. These vulnerabilities have been targeted by advanced persistent thre...

VMware Releases Security Update for Harbor Container Registry for PCF

VMware has released a security update to address a vulnerability affecting Harbor Container Registry for Pivotal Cloud Foundry PCF. An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and...

Oracle Releases October 2019 Security Bulletin

Oracle has released its Critical Patch Update for October 2019 to address 219 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users a...

WordPress Releases Security Update

WordPress 5.2.3 and prior versions are affected by multiple vulnerabilities. An attacker could exploit some of these vulnerabilities to take control of an affected website. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the WordPress Securi...

Adobe Releases Security Updates for Multiple Products

Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the...

Google Releases Security Updates for Chrome

Google has released Chrome version 77.0.3865.120 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the...

ACSC Releases Small Business Cybersecurity Guide

The Australian Cyber Security Centre ACSC has released a cybersecurity guide for small businesses. The guide provides checklists to help small businesses protect themselves against common cybersecurity incidents. The Cybersecurity and Infrastructure Security Agency CISA encourages small business...

FBI Releases Article on Defending Against Phishing and Spearphishing Attacks

In recognition of National Cybersecurity Awareness Month NCSAM, the Federal Bureau of Investigation FBI has released an article to raise awareness of phishing and spearphishing. The article provides guidance on recognizing and avoiding these types of attacks. The Cybersecurity and Infrastructure...

Juniper Networks Releases Security Updates

Juniper Networks has released security updates to address multiple vulnerabilities in various Juniper products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and...

Intel Releases Security Updates

Intel has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to gain an escalation of privileges on a previously infected machine. The Cybersecurity and Infrastructure Security Agency CISA encourages users and...

iTerm2 Vulnerability

The CERT Coordination Center CERT/CC has released information on a vulnerability CVE-2019-9535 affecting iTerm2, a macOS terminal emulator. An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages user...

Microsoft Releases October 2019 Security Updates

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review...

Apple Releases Security Updates

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the Apple...

NSA Releases Advisory on Mitigating Recent VPN Vulnerabilities

The National Security Agency NSA has released an advisory on advanced persistent threat APT actors exploiting multiple vulnerabilities in Virtual Private Network VPN applications. A remote attacker could exploit these vulnerabilities to take control of an affected system. The Cybersecurity and...

IC3 Issues Alert on Ransomware

The Internet Crime Complaint Center IC3 has released an alert on ransomware threats to U.S. businesses and organizations. Ransomware is a type of malware designed to deny access to a computer system or data until a ransom is paid. Cyber criminals often infect organizations with ransomware through...

Vulnerabilities Exploited in Multiple VPN Applications

The United Kingdom UK National Cyber Security Centre NCSC has released an alert on advanced persistent threat APT actors exploiting vulnerabilities in Virtual Private Network VPN applications. A remote attacker could exploit these vulnerabilities to take control of an affected system. The...

Microsoft Reports Cyberattacks on Targeted Email Accounts

The Microsoft Threat Intelligence Center MSTIC has released a blog post describing an increase in malicious cyber activity from the Iranian group known as Phosphorus. These threat actors are exploiting password reset or account recovery features to take control of targeted email accounts. The...

NCSC Releases Fact Sheet on DNS Monitoring

The Dutch National Cyber Security Centre NCSC has released a fact sheet on the increasing difficulty of Domain Name System DNS monitoring. NCSC warns that although modernization of transport protocols is helpful, it also makes it more difficult to monitor or modify DNS requests. These changes cou...

Cisco Releases Security Updates

Cisco has released security updates to address vulnerabilities affecting multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to...

Microsoft Re-Releases Security Updates

Microsoft has re-released security updates to address a vulnerability in Microsoft software. A remote attacker could exploit this vulnerability to take control of an affected system. Updates are now available automatically via Windows Update or Windows Server Update Services. The Cybersecurity an...