4188 matches found
WordPress Releases Security Update
WordPress 5.0 and prior versions are affected by multiple vulnerabilities. An attacker could exploit some of these vulnerabilities to take control of an affected system. The National Cybersecurity and Communications Integration Center NCCIC, part of the Cybersecurity and Infrastructure Security...
Bomb Threats Emailed Around the World
The National Cybersecurity and Communications Integration Center NCCIC, part of the Cybersecurity and Infrastructure Security Agency CISA, is aware of a worldwide email campaign targeting businesses and organizations with bomb threats. The emails claim that a device will detonate unless a ransom ...
Google Releases Security Updates for Chrome
Google has released Chrome Version 71.0.3578.98 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take control of an affected system. The National Cybersecurity and Communications Integration Center NCCIC, part of the Cybersecurity and...
Mozilla Releases Security Updates for Firefox
Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The National Cybersecurity and Communications Integration Center NCCIC, part of the Cybersecurity and...
Microsoft Releases December 2018 Security Updates
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker could exploit some of these vulnerabilities to obtain access to sensitive information. The National Cybersecurity and Communications Integration Center NCCIC, part of the Cybersecurity and...
Adobe Releases Security Updates
Adobe has released security updates to address vulnerabilities in Adobe Acrobat and Reader. An attacker could exploit some of these vulnerabilities to take control of an affected system. The National Cybersecurity and Communications Integration Center NCCIC, part of the Cybersecurity and...
Adobe Releases Security Updates
Adobe has released security updates to address vulnerabilities in Adobe Flash Player and Adobe Flash Player installer. An attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review Adobe Security Bulletin APSB18-...
Apple Releases Multiple Security Updates
Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the Apple security pages for the following products and apply the...
FTC Issues Alert on Recent Marriott Breach
The Federal Trade Commission FTC has released an alert to provide affected users with recommended precautions against identity theft after the recent breach of the Marriott International Starwood guest reservation database. NCCIC encourages users and administrators to review the FTC Alert and the...
Google Releases Security Updates for Chrome
Google has released Chrome version 71.0.3578.80 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that an attacker could exploit to take control of an affected system. NCCIC encourages users and administrators to review the Chrome Releases page and apply the necessary...
SamSam Ransomware
The Department of Homeland Security and the Federal Bureau of Investigation have identified cyber threat actors using SamSam ransomware—also known as MSIL/SAMAS.A—to target industries in the United States and worldwide. NCCIC encourages users and administrators to review Alert AA18-337A: SamSam...
Protecting Against Identity Theft
As the holidays draw near, many consumers turn to the internet to shop for goods and services. Although online shopping can offer convenience and save time, shoppers should be cautious online and protect personal information against identity theft. Identity thieves steal personal information, suc...
Cisco Releases Security Update
Cisco has released a security update to address a vulnerability in Cisco Prime License Manager. A remote attacker could exploit this vulnerability to obtain sensitive information. NCCIC encourages users and administrators to review the Cisco Security Advisory and apply the necessary update. This...
3ve – Fraudulent Online Advertising
The Department of Homeland Security and the Federal Bureau of Investigation have released a joint Technical Alert TA on a major online ad fraud operation—referred to by the U.S. Government as "3ve." NCCIC encourages users and administrators to review Alert TA18-331A: 3ve – Major Online Ad Fraud...
Samba Releases Security Updates
The Samba Team has released security updates to address several vulnerabilities in Samba. An attacker could exploit one of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the Samba Security Announcements for CVE-2018-14629,...
VMware Releases Security Updates
VMware has released security updates to address a vulnerability in Workstation and Fusion. An attacker could exploit this vulnerability to take control of an affected system. NCCIC encourages users and administrators to review VMware Security Advisory VMSA-2018-0030 and apply the necessary update...
VMware Releases Security Updates
VMware has released security updates to address vulnerabilities in vSphere Data Protection. An attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the VMware Security Advisory VMSA-2018-0029 and apply the...
Adobe Releases Security Updates
Adobe has released security updates to address a vulnerability in Adobe Flash Player. An attacker could exploit this vulnerability to take control of an affected system. NCCIC encourages users and administrators to review Adobe Security Bulletin APSB18-44 and apply the necessary updates. This...
Securing Mobile Devices During Holiday Travel
As the holiday season begins, many people will travel with their mobile devices. Although these devices—such as smart phones, tablets, and laptops—offer a range of conveniences, users should be mindful of potential threats and vulnerabilities while traveling with them. The Cybersecurity and...
Google Releases Security Updates for Chrome
Google has released Chrome version 70.0.3538.110 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take control of an affected system. NCCIC encourages users and administrators to review the Chrome Releases page and apply the necessary updates...
Holiday Scams and Malware Campaigns
As the holidays approach, the Cybersecurity and Infrastructure Security Agency CISA reminds users to be aware of seasonal scams and malware campaigns. Users should be cautious of unsolicited emails that contain malicious links or attachments with malware, advertisements infected with malware, and...
Cybersecurity and Infrastructure Security Agency
On November 16, 2018, the President signed into law the Cybersecurity and Infrastructure Security Agency Act of 2018. This Act elevates the mission of the former Department of Homeland Security DHS National Protection and Programs Directorate NPPD and establishes the Cybersecurity and...
Microsoft Releases November 2018 Security Updates
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review Microsoft’s November 2018 Security Update Summary and...
Adobe Releases Security Updates
Adobe has released security updates to address vulnerabilities in Flash Player, Adobe Acrobat and Reader, and Adobe Photoshop CC. An attacker could exploit these vulnerabilities to obtain access to sensitive information. NCCIC encourages users and administrators to review Adobe Security Bulletins...
VMware Releases Security Updates
VMware has released security updates to address vulnerabilities in ESXi, Workstation, and Fusion. An attacker could exploit these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the VMware Security Advisory VMSA-2018-0027 and apply the...
NCCIC Releases Analysis Report on JexBoss
NCCIC has released Analysis Report AR AR18-312A: JexBoss - JBoss Verify and EXploitation Tool. Cyber threat actors use JexBoss to remotely access victims' systems. The report provides information on JexBoss' capabilities, as well as suggestions for detection and mitigation. NCCIC encourages users...
Cisco Releases Security Updates
Cisco has released security updates to address vulnerabilities affecting Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the following Cisco Security Advisories and apply the necessa...
Self-Encrypting Solid-State Drive Vulnerabilities
NCCIC is aware of reports of vulnerabilities in the hardware encryption of certain self-encrypting solid-state drives. An attacker could exploit these vulnerabilities to obtain access to sensitive information. NCCIC encourages users and administrators to review Vulnerability Note VU 395981,...
Apache Releases Security Advisory for Apache Struts
The Apache Software Foundation has released an advisory to address a vulnerable commons-fileupload library used in Apache Struts versions 2.3.36 and prior. A remote attacker could exploit this vulnerability to take control of an affected system. Struts versions from 2.5.12 are not affected. NCCIC...
Cisco Releases Security Advisory
Cisco has released a security advisory to address a vulnerability affecting Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software. A remote attacker could exploit this vulnerability to cause a denial-of-service condition. NCCIC encourages users and administrators ...
November is National Critical Infrastructure Security and Resilience Month
November is National Critical Infrastructure Security and Resilience Month. Critical Infrastructure CI is our Nation’s backbone; it is the physical and cyber systems and assets that are so vital to the United States that their incapacity or destruction would have a debilitating impact on our...
Mozilla Releases Security Update for Thunderbird ESR
Mozilla has released a security update to address vulnerabilities in Thunderbird ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the Mozilla Security Advisory for Thunderbird ESR 60.3 and apply...
Apache Releases Security Update for Apache Tomcat JK Connectors
The Apache Software Foundation has released a security update to address a vulnerability affecting Apache Tomcat JK Connectors 1.2.0 to 1.2.44. A remote attacker could exploit this vulnerability to obtain access to sensitive information. NCCIC encourages users and administrators to review the...
National Cybersecurity Awareness Month: Staying Secure
National Cybersecurity Awareness Month is over, but your work securing your home and business systems and networks is not. NCCIC recommends users and administrators subscribe to NCCIC National Cyber Awareness System product notifications to keep on top of cybersecurity threats as they emerge. Thi...
Apple Releases Multiple Security Updates
Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the Apple security pages for the following products and app...
DHS Webinar: Communicating Cyber Risk to Agency Decision Makers and Mission Owners
DHS Office of Cybersecurity and Communications Assistant Secretary Jeanette Manfra is hosting a webinar on communicating cybersecurity risk issues to federal department and agency executives and mission owners on Tuesday, October 30, 2018, from 12-1 p.m. ET. NCCIC encourages users and...
FTC Releases Alert with Cybersecurity Resources for Non-Profits and Small Businesses
The Federal Trade Commission FTC has released an alert with new cybersecurity resources for non-profits and small businesses. These resources, which cover topics such as ransomware, phishing, and email authentication, aim to help organizations protect their network and information. NCCIC encourag...
Cisco Releases Security Updates
Cisco has released security updates to address a vulnerability in Cisco Webex Productivity Tools and the Cisco Webex Meetings Desktop App. An attacker could exploit this vulnerability to take control of an affected system. NCCIC encourages users and administrators to review the Cisco Security...
Mozilla Releases Security Updates for Firefox
Mozilla has released security updates to address multiple vulnerabilities in Firefox and Firefox ESR. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the Mozilla Security Advisories for Firefo...
National Cybersecurity Awareness Month: Critical Infrastructure Cybersecurity
October is National Cybersecurity Awareness Month, an annual campaign to raise awareness about cybersecurity. Building resilience in critical infrastructure is crucial to national security. The essential infrastructure systems that support our daily lives—such as electricity, financial...
FTC Promotes International Charity Fraud Awareness Week
The Federal Trade Commission FTC has released an announcement promoting the first International Charity Fraud Awareness Week ICFAW. FTC, the National Association of State Charities Officials, and state and international partners coordinated this effort to raise awareness about donating wisely to...
Microsoft Releases Security Update for Yammer
Microsoft has released a security update to address a vulnerability in the Yammer desktop application. A remote attacker could exploit this vulnerability to take control of an affected system. NCCIC encourages users and administrators to review the Microsoft Security Advisory and apply the...
libssh Releases Security Updates
libssh has released security updates addressing a vulnerability affecting libssh versions 0.6 and above. A remote attacker could exploit this vulnerability to take control of an affected system. NCCIC encourages users and administrators to review the libssh Security Release for additional...
NCSC Releases 2018 Annual Review
The United Kingdom's UK National Cyber Security Centre NCSC has released its Annual Review for 2018, which provides a snapshot of their work from September 1, 2017, to August 31, 2018. NCSC provides enhanced services to protect the UK against cybersecurity threats. NCCIC encourages users and...
Drupal Releases Security Updates
Drupal has released security updates addressing multiple vulnerabilities in Drupal 7.x and 8.x. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review Drupal's Security Advisory and apply the necessa...
Cisco Releases Security Updates
Cisco has released security updates to address multiple vulnerabilities affecting Cisco products. An attacker could exploit one of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the Cisco Security Advisories and Alerts webpage and...
Google Releases Security Update for Chrome
Google has released Chrome version 70.0.3538.67 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. NCCIC encourages users and administrators to review the Chrome Releases page and apply the necessary update. Th...
VMware Releases Security Updates
VMware has released security updates to address a vulnerability in ESXi, Workstation, and Fusion. An attacker could exploit this vulnerability to take control of an affected system. NCCIC encourages users and administrators to review VMware Security Advisory VMSA-2018-0026 and apply the necessary...
Oracle Releases October 2018 Security Bulletin
Oracle has released its Critical Patch Update for October 2018 to address 301 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the Oracle October 2018...
FBI Releases Article on Defending Against Payroll Phishing Scams
The Federal Bureau of Investigation FBI has released an article on building a digital defense against phishing scams targeting electronically deposited paychecks. In these schemes, scammers use phishing emails to direct employees to fraudulent websites and collect their work credentials. Scammers...