Exim Releases Security Update

Exim has released a security update to address a vulnerability affecting Exim versions 4.92 to 4.92.2. A remote attacker could exploit this vulnerability to take control of an affected email server. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to...

Prepare for National Cybersecurity Awareness Month

October is National Cybersecurity Awareness Month NCSAM, which is a collaborative effort between the Cybersecurity and Infrastructure Security Agency CISA and its public and private partners—including the National Cyber Security Alliance NCSA—to ensure every American has the resources they need t...

MS-ISAC Releases Advisory on PHP Vulnerability

The Multi-State Information Sharing & Analysis Center MS-ISAC has released an advisory on a vulnerability in Hypertext Preprocessor PHP. An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users a...

Apple Releases Security Updates

Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the Appl...

Cisco Releases Security Advisories

Cisco has released security updates to address vulnerabilities affecting multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to...

Apple Releases Security Updates

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit one of these vulnerabilities to obtain access to sensitive information. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review Apple’s...

Canadian Centre for Cyber Security Releases Advisory on New Ransomware Campaign

The Canadian Centre for Cyber Security CCCS has released an advisory on a new ransomware campaign. The malware, named TFlower, may infect users via exposed, unpatched Remote Desktop Protocol RDP services. The Cybersecurity and Infrastructure Security Agency CISA encourages administrators to revie...

Adobe Releases Security Updates for ColdFusion

Adobe has released security updates to address vulnerabilities in ColdFusion. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review Adobe Security...

VMware Releases Security Updates

VMware has released security updates to address vulnerabilities in Cloud Foundation and Harbor Container Registry for Pivotal Cloud Foundry. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA...

Microsoft Releases Out-of-Band Security Updates

Microsoft has released out-of-band security updates to address vulnerabilities in Microsoft software. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators t...

CISA Releases Four New Insights Products

The Cybersecurity and Infrastructure Security Agency CISA has released four new CISA Insights products informed by U.S. intelligence and real-world events. Each of the following products provides a description of the threat, lessons learned, recommendations, and additional relevant resources:...

VMware Releases Security Updates for Multiple Products

VMware has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review VMwar...

Google Releases Security Updates for Chrome

Google has released Chrome 77.0.3865.90 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker can exploit to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the Chrome Releas...

VMware Releases Security Updates for Multiple Products

VMware has released security updates to address vulnerabilities in ESXi and vCenter. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review VMware Securi...

2019 CWE Top 25 Most Dangerous Software Errors

MITRE has released the 2019 Common Weakness Enumeration CWE Top 25 Most Dangerous Software Errors list. The Top 25 is a compilation of the most frequent and critical errors that can lead to serious vulnerabilities in software. An attacker can often exploit these vulnerabilities to take control of...

MS-ISAC Releases Security Event Primer on Malware

The Multi-State Information Sharing & Analysis Center MS-ISAC has released a Security Event Primer on Malware. The white paper outlines general malware operations and includes common malware event types and best practice recommendations. An attacker can use malware to gain access to a network,...

Microsoft Releases September 2019 Security Updates

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review...

Adobe Releases Security Updates

Adobe has released security updates to address vulnerabilities affecting Flash Player and Application Manager. An attacker could exploit these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to...

Google Releases Security Updates for Chrome

Google has released Chrome version 77.0.3865.75 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that an attacker could exploit to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to revie...

Intel Releases Security Updates

Intel has released security updates to address vulnerabilities in multiple products. An attacker could exploit one of these vulnerabilities to gain an escalation of privileges on a previously infected machine. The Cybersecurity and Infrastructure Security Agency CISA encourages users and...

North Korean Malicious Cyber Activity

The Cybersecurity and Infrastructure Security Agency CISA and the Federal Bureau of Investigation FBI have identified two malware variants—referred to as ELECTRICFISH and BADCALL—used by the North Korean government. The U.S. Government refers to malicious cyber activity by the North Korean...

FBI Safe Online Surfing Challenge

The Federal Bureau of Investigation FBI has launched the Safe Online Surfing SOS Challenge, encouraging educators to promote web literacy and safety for students during the 2019-20 school year. FBI developed the program to educate children on how to navigate the web securely using activities that...

U.S. Cyber Command Shares 11 New Malware Samples

U.S. Cyber Command has released 11 malware samples to the malware aggregation tool and repository, VirusTotal. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review U.S. Cyber Command’s VirusTotal page to view the samples. CISA also recommends use...

Exim Releases Security Patches

Exim has released patches to address vulnerabilities affecting Exim 4.92.1 and prior versions. A remote attacker could exploit this vulnerability to take control of an affected email server. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review th...

Ransomware Protection Strategies

The Cybersecurity and Infrastructure Security Agency CISA has observed an increase in ransomware attacks across the Nation. Helping organizations protect themselves from ransomware is a chief priority for CISA. Organizations are encouraged to review the following resources to help prevent,...

WordPress Releases Security Update

WordPress 5.2.2 and prior versions are affected by multiple vulnerabilities. An attacker could exploit some of these vulnerabilities to take control of an affected website. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the WordPress Securi...

MS-ISAC Releases Advisory on PHP Vulnerabilities

The Multi-State Information Sharing & Analysis Center MS-ISAC has released an advisory on multiple Hypertext Preprocessor PHP vulnerabilities. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA...

FBI Releases Article on Think Before You Post Campaign

The Federal Bureau of Investigation FBI has released an article on their Think Before You Post campaign, designed to educate students on the use of social media and how to avoid making poor choices when posting, texting, or emailing thoughts or grievances that could lead to disruptive behavior,...

Cisco Releases Security Updates

Cisco has released security updates to address vulnerabilities affecting Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the...

Mozilla Releases Security Updates for Firefox and Firefox ESR

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the...

Samba Releases Security Updates

The Samba Team has released security updates to address a vulnerability in all versions of Samba from 4.9.0 onward. An attacker could exploit this vulnerability to obtain sensitive information. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review...

Supermicro Releases Security Updates

Supermicro has released security updates to address vulnerabilities affecting the Baseboard Management Controller BMC component of Supermicro X9, X10, and X11 platforms. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and...

NCSC Releases UK Cyber Incident Trends Report

The United Kingdom UK National Cyber Security Centre NCSC has released a report detailing cyber incident trends in the UK from October 2018 to April 2019. The report provides technical guidance on how to defend against, and recover from, the following cyber threats: ransomware, phishing,...

Potential Hurricane Dorian Cyber Scams

The Cybersecurity and Infrastructure Security Agency CISA warns users to remain vigilant for malicious cyber activity targeting Hurricane Dorian disaster victims and potential donors. Fraudulent emails commonly appear after major natural disasters and often contain links or attachments that direc...

Cisco Releases Security Updates for Multiple Products

Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review t...

September is National Preparedness Month: Be Prepared, Not Scared

National Preparedness Month NPM promotes family and community disaster and emergency planning. This year’s theme is “Prepared, Not Scared.” Although most people understand that being prepared is essential to getting through an emergency such as a natural disaster, there is less awareness about th...

Apple Releases Multiple Security Updates

Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the App...

Protect Against Romance Scams

The Federal Trade Commission FTC has released a short video to help users spot and defend against romance scams. In this type of fraud, cyber criminals gain the confidence of their victims and trick them into sending money. The video includes stories that romance scammers tell to online daters to...

Google Releases Security Updates for Chrome

Google has released Chrome version 76.0.3809.132 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the...

FISMA Annual Report to Congress

The Office of Management and Budget OMB has published its Fiscal Year FY 2018 Annual Report to Congress on the implementation of the Federal Information Security Modernization Act of 2014 FISMA. The document includes data reported by agencies to OMB and the Cybersecurity and Infrastructure Securi...

IRS Warns of New Email Scam

The Internal Revenue Service IRS has issued a warning about a new email scam in which malicious cyber actors send unsolicited emails to taxpayers from fake i.e., spoofed IRS email addresses. The emails contain a link to a spoofed IRS.gov website that displays fake details about the targeted...

Cisco Releases Security Updates

Cisco has released security updates to address vulnerabilities in Cisco Integrated Management Controller IMC Supervisor, Unified Computing System UCS Director, and UCS Director Express for Big Data. A remote attacker could exploit these vulnerabilities to take control of an affected system. The...

CISA Strategic Intent: Defend Today, Secure Tomorrow

The Cybersecurity and Infrastructure Security Agency CISA has released the CISA Strategic Intent document, framing the new agency’s mission to protect the Nation’s critical infrastructure from physical and cyber threats. The document details CISA Director Christopher Krebs’ strategic vision and...

CISA Insights: Ransomware Outbreak

The Cybersecurity and Infrastructure Security Agency CISA has released its first CISA Insights product, which discusses the rapid emergence of ransomware across our Nation’s networks. CISA Insights – Ransomware Outbreak includes steps in the following key areas to help organizations protect...

Cyber Safety for Students

As summer break ends, many students will return to school with mobile devices, such as smart phones, tablets, and laptops. Although these devices can help students complete schoolwork and stay in touch with family and friends, there are risks associated with using them. However, there are simple...

Microsoft Releases Security Update for Windows Elevation of Privilege Vulnerability

Microsoft has released a security update to address an elevation of privilege vulnerability CVE-2019-1162 in Windows. An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators t...

IRS Security Summit Series for Tax Professionals: Create a Data Theft Recovery Plan

The fifth and final step in the Internal Revenue Service IRS Security Summit series for tax professionals is creating a data theft recovery plan. IRS issued a news release highlighting the importance of understanding the risks posed by national and international cybersecurity criminal syndicates,...

Microsoft Releases Security Updates to Address Remote Code Execution Vulnerabilities

Microsoft has released security updates to address two remote code execution vulnerabilities, CVE-2019-1181 and CVE-2019-1182, in the following operating systems: Windows 7 SP1 Windows Server 2008 R2 SP1 Windows Server 2012 Windows 8.1 Windows Server 2012 R2 Windows 10 Windows Server 2016 Windows...

Multiple HTTP/2 Implementation Vulnerabilities

The CERT Coordination Center CERT/CC has released information on vulnerabilities affecting HTTP/2 implementations. An attacker could exploit these vulnerabilities to cause a denial-of-service DoS condition. Attacks can consume excessive system resources and lead to distributed DoS DDoS attacks. T...

Intel Releases Security Updates

Intel has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to gain an escalation of privileges on a previously infected machine. The Cybersecurity and Infrastructure Security Agency CISA encourages users and...