4188 matches found
Microsoft Releases August 2019 Security Updates
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review...
Adobe Releases Security Updates for Multiple Products
Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the following...
NCSA Webinar on Cybersecurity for Small Businesses
The National Cyber Security Alliance NCSA and INFOSEC are hosting a webinar to educate small businesses on how to protect against phishing, vishing, and smishing threats. The webinar will be held on Tuesday, August 13, 2019 from 2-3 p.m. ET. The Cybersecurity and Infrastructure Agency CISA...
ACSC Releases Advisory on Password Spraying Attacks
The Australian Cyber Security Centre ACSC has released an advisory on password spraying attacks. Password spraying is a type of brute-force attack in which a malicious actor uses a single password against targeted user accounts before moving on to attempt a second password, and so on. This...
Google Releases Security Updates for Chrome
Google has released Chrome version 76.0.3809.100 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the...
Cisco Releases Security Updates for Multiple Products
Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the...
El Paso and Dayton Tragedy-Related Scams and Malware Campaigns
In the wake of the recent shootings in El Paso, TX, and Dayton, OH, the Cybersecurity and Infrastructure Security Agency CISA advises users to watch out for possible malicious cyber activity seeking to capitalize on these tragic events. Users should exercise caution in handling emails related to...
SWAPGS Spectre Side-Channel Vulnerability
The Cybersecurity and Infrastructure Security Agency CISA is aware of a vulnerability CVE-2019-1125 known as SWAPGS, which is a variant of Spectre Variant 1—that affects modern computer processors. This vulnerability can be exploited to steal sensitive data present in a computer systems' memory...
VMware Releases Security Updates for Multiple Products
VMware has released a security advisory to address vulnerabilities affecting multiple products. An attacker could exploit one of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review...
Cylance Antivirus Vulnerability
The CERT Coordination Center CERT/CC has released information on a vulnerability affecting Cylance Antivirus products. A remote attacker could bypass Cylance antivirus detection. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review CERT/CC...
FTC Releases Alert on the Capital One Data Breach
The Federal Trade Commission FTC has released an alert on the Capital One data breach that exposed the personal information of 106 million Capital One credit card customers and applicants. FTC reminds users to check and monitor their credit report to protect against identify theft and to be aware...
IRS Reminds Tax Professionals: Beware Phishing Emails
The Internal Revenue Service IRS has issued a news release warning tax professionals of the continued threat of phishing emails. Phishing emails are one of the most common ways cyber criminals steal sensitive data. Educating personnel on the risks posed by phishing emails is part of the Taxes...
NIST Publishes Multifactor Authentication Practice Guide
The National Institute of Standards and Technology NIST National Cybersecurity Center of Excellence NCCoE has published NIST Cybersecurity Practice Guide: Multifactor Authentication for E-Commerce. The guide provides e-commerce organizations multifactor authentication MFA protection methods they...
Cisco Releases Security Updates
Cisco has released security updates to address a vulnerability in Cisco Nexus 9000 Series Fabric Switches. An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review th...
CIS Releases Newsletter on Cleaning Up Data and Devices
The Center for Internet Security CIS July Newsletter reminds users to properly dispose of old or unused data and devices. Without careful management of online accounts, cloud storage, physical storage, and electronic devices, users could inadvertently disclose sensitive information that can be...
Google Releases Security Updates for Chrome
Google has released Chrome version 76.0.3809.87 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that an attacker could exploit to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to revie...
CISA Releases Advisory on Wind River VxWorks Platform
The Cybersecurity and Infrastructure Security Agency CISA has released an Industrial Control Systems ICS Advisory on multiple vulnerabilities in the Wind River VxWorks Platform. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages...
Steps to Safeguard Against Ransomware Attacks
The Cybersecurity and Infrastructure Security Agency CISA, Multi-State Information Sharing & Analysis Center MS-ISAC, National Governors Association NGA, and the National Association of State Chief Information Officers NASCIO have released a Joint Ransomware Statement with recommendations for sta...
Save the Date: 2019 CISA Cybersecurity Summit
The Cybersecurity and Infrastructure Security Agency CISA will be hosting the 2019 CISA Cybersecurity Summit from September 18-20, 2019, at National Harbor, MD. This summit will provide a forum for critical infrastructure stakeholders to discuss current cybersecurity topics, including emerging...
CISA Webinar: Holistic Approach to Mitigating Insider Threats
Want to recognize indicators of cybersecurity and physical insider threats? On July 29, 2019, from 2-3 p.m. ET, the Cybersecurity and Infrastructure Security Agency will host a webinar providing expert guidance for a holistic approach to detect and deter these threats. Understanding how to preven...
Vulnerabilities in Multiple VPN Applications
The Cybersecurity and Infrastructure Security Agency CISA is aware of vulnerabilities affecting multiple Virtual Private Network VPN applications. A remote attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages administrators to review the following...
IRS Reminds Tax Professionals: Create a Data Security Plan
The Internal Revenue Service IRS has issued a news release reminding professional tax preparers that they are required by law to have a written data security plan. Creating and maintaining a data security plan ensures that tax professionals are reviewing their data security protections and...
5G Wireless Network Risk Factors
The Cybersecurity and Infrastructure Security Agency CISA has released an infographic on 5G wireless network risk factors. Although 5G technology will bring capacity, reliability, and security improvements, it may also introduce supply chain, deployment, network security, and competition and choi...
Building Resilience to Foreign Interference, Misinformation Activities
As part of the effort to Protect2020, the Cybersecurity and Infrastructure Security Agency CISA is working with national partners to build resilience to foreign interferences, particularly information activities e.g., disinformation, misinformation. The Department of Homeland Security DHS views...
Apple Releases Multiple Security Updates
Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the App...
Canadian Centre for Cyber Security Releases Advisory on Fileless Malware
The Canadian Centre for Cyber Security CCCS has released an advisory on an Astaroth fileless malware campaign affecting Microsoft Windows. Astaroth resides solely in memory, and an attacker can use it and other fileless malware to steal information, such as credentials and keystrokes, and obtain...
WaterISAC Releases Cybersecurity Fundamentals
The Water Information Sharing and Analysis Center WaterISAC recently released an updated cybersecurity fundamentals guide for water and wastewater utilities. The guide includes cybersecurity best practices, grouped into 15 categories, to help sector utilities reduce exploitable weaknesses and...
Cisco Releases Security Updates for Multiple Products
Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review t...
Drupal Releases Security Update
Drupal has released a security update to address a vulnerability in Drupal Core. An attacker could exploit this vulnerability to take control of an affected website. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review Drupal’s security advisory...
Microsoft Releases Security Updates for PowerShell Core
Microsoft has released updates to address a vulnerability in PowerShell Core versions 6.1 and 6.2. An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the...
IRS Releases Six Cybersecurity Safeguards
The Internal Revenue Service IRS has issued a news release outlining six cybersecurity safeguards to protect computers, email, and sensitive data. The recommendations are part of the Taxes. Security. Together. Checklist, which the IRS created to help tax professionals protect sensitive taxpayer...
Oracle Releases July 2019 Security Bulletin
Oracle has released its Critical Patch Update for July 2019 to address 319 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and...
NCSC Releases 2019 Active Cyber Defence Report
The United Kingdom’s National Cyber Security Centre NCSC has released their 2019 Active Cyber Defence ACD report, which provides an analysis of program outcomes throughout 2018. NCSC’s ACD program—stood up in 2016—seeks to reduce harm from commodity cyberattacks against the United Kingdom. The...
DHS Webinar: Cybersecurity Threats to the Healthcare Sector
The Department of Homeland Security DHS and the American Hospital Association AHA are conducting a webinar focused on current cybersecurity threats to the healthcare sector. The webinar will be held on Wednesday, July 17, 2019, at 1 p.m. ET. The Cybersecurity and Infrastructure Security Agency CI...
Google Releases Security Updates for Chrome
Google has released Chrome 75.0.3770.142 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker can exploit to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the Chrome Relea...
NCSC Releases Advisory on Ongoing DNS Hijacking Campaign
The United Kingdom’s National Cyber Security Centre NCSC has released an advisory about an ongoing Domain Name System DNS hijacking campaign. The advisory details risks and mitigations for organizations to defend against this campaign, in which attackers use compromised credentials to modify the...
Atlassian Releases Security Updates for Jira
Atlassian has released security updates to address a vulnerability affecting Jira Server and Jira Data Center. A remote attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to...
Juniper Networks Releases Multiple Security Updates
Juniper Networks has released security updates to address multiple vulnerabilities in various products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrator...
Cisco Releases Security Updates for Multiple Products
Cisco has released security updates to address a vulnerability in Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software. A remote attacker could exploit this vulnerability to cause a denial-of-service condition. The Cybersecurity and Infrastructure Security Agency CISA...
Mozilla Releases Security Updates for Firefox and Firefox ESR
Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the...
Intel Releases Security Updates
Intel has released security updates to address vulnerabilities in Intel Solid State Drives for Data Centers and Intel Processor Diagnostic Tool. An attacker could exploit these vulnerabilities to gain an escalation of privileges on a previously infected machine. The Cybersecurity and Infrastructu...
Microsoft Releases July 2019 Security Updates
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review...
Adobe Releases Security Updates
Adobe has released security updates to address vulnerabilities affecting Bridge CC, Experience Manager, and Dreamweaver. An attacker could exploit one of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and...
U.S. Coast Guard Releases Cybersecurity Measures for Commercial Vessels
The U.S. Coast Guard has released a Safety Alert with recommended cybersecurity best practices for commercial vessels. With a dynamic cybersecurity threat landscape and growing reliance on technology to support vessels, the maritime community can help strengthen their defenses by implementing the...
ACSC Releases Updated Essential Eight Maturity Model
The Australian Cyber Security Centre ACSC has released updates to its Essential Eight Maturity Model. The model assists organizations in determining the maturity of their implementation of the Essential Eight—ACSC’s list of the top mitigation strategies to help organizations protect their systems...
Cisco Releases Security Updates for Multiple Products
Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the...
VMware Releases Security Advisory for Multiple Products
VMware has released a security advisory to address vulnerabilities affecting multiple products. An attacker could exploit these vulnerabilities to cause a denial-of-service condition. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the VMwar...
NCSC Releases Advisory on Ryuk Ransomware
The United Kingdom UK National Cyber Security Centre NCSC has released an advisory, Ryuk Ransomware Targeting Organisations Globally, on their ongoing investigation into global Ryuk ransomware campaigns and associated Emotet and TrickBot malware. The Cybersecurity and Infrastructure Security Agen...
Google Releases Security Updates for Chrome OS
Google has released Chrome OS version 75.0.3770.102 for Chrome devices. This version addresses multiple vulnerabilities that an attacker could exploit to obtain sensitive information. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the Googl...
Cisco Releases Security Updates for Data Center Network Manager
Cisco has released security updates to address vulnerabilities in Cisco Data Center Network Manager DCNM. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and...