Adobe Releases Security Update for Creative Cloud

Adobe has released a security update to address a vulnerability in Adobe Creative Cloud Desktop Application. An attacker could exploit this vulnerability to obtain access to sensitive information. NCCIC encourages users and administrators to review Adobe Security Bulletin APSB18-32 and apply the...

Adobe Releases Security Updates

Adobe has released security updates to address vulnerabilities in Adobe Photoshop CC. An attacker could exploit these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review Adobe Security Bulletin APSB18-28 and apply the necessary updates. This...

FTC Issues Alert on Bitcoin Blackmail Scams

The Federal Trade Commission has released an alert on Bitcoin blackmail scams. In these schemes, scammers threaten victims with public disclosure of their "secret" unless they send a payment in Bitcoin. NCCIC encourages users and administrators to refer to the FTC Alert and a related FBI press...

Apache Releases Security Update for Apache Struts 2

The Apache Software Foundation has released a security update to address a vulnerability in Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16. A remote attacker could exploit this vulnerability to take control of an affected system. NCCIC encourages users and administrators to review Apache...

Ghostscript Vulnerability

NCCIC is aware of a Ghostscript vulnerability affecting various vendors. An attacker could exploit this vulnerability to take control of an affected system. NCCIC encourages users and administrators to review the Vulnerability Note VU332928, apply the necessary workarounds, and refer to vendors f...

Apache Releases Security Updates for Tomcat Native

The Apache Foundation has released security updates to address vulnerabilities in Apache Tomcat Native. A remote attacker could exploit these vulnerabilities to take control of an affected server. NCCIC encourages users and administrators to review the Apache Advisory and Tomcat Native Downloads...

Cisco Releases Security Updates

Cisco has released updates to address vulnerabilities affecting Cisco products. A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition. NCCIC encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates...

FBI Releases Guidance on Defending Against Travel Scams

The Federal Bureau of Investigation FBI has released an article on building a digital defense against travel scams. FBI explains how scammers trick consumers with "free" vacation ploys. These offers may be fake or involve hidden fees. Legitimate companies will not ask prize winners to pay to clai...

Microsoft Releases August 2018 Security Updates

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review Microsoft’s August 2018 Security Update Summary and...

Adobe Releases Security Updates

Adobe has released security updates to address vulnerabilities in Adobe Acrobat and Reader, Adobe Experience Manager, Adobe Flash Player, and Adobe Creative Cloud Desktop Application. An attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages...

VMware Releases Security Updates

VMware has released security updates to address vulnerabilities in vSphere, Workstation, Fusion, and Virtual Appliances. An attacker could exploit these vulnerabilities to obtain sensitive information. NCCIC encourages users and administrators to review VMware Security Advisories VMSA-2018-0020,...

Intel Side-Channel L1TF Vulnerability

Intel has released recommendations to address a side-channel vulnerability called L1 Terminal Fault L1TF that affects multiple Intel microprocessors. An attacker could exploit this vulnerability to obtain sensitive information. NCCIC encourages users and administrators to review Intel's Security...

Samba Releases Security Updates

The Samba Team has released security updates to address several vulnerabilities in Samba. An attacker could exploit one of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the Samba Security Announcements for CVE-2018-10858,...

Oracle Releases Security Alert

Oracle has released a security alert to address a vulnerability in multiple versions of Oracle Database. A remote attacker could exploit this vulnerability to take control of an affected system. NCCIC encourages users and administrators to review the Oracle Security Alert and the Multi-State...

Back-to-School Cyber Safety

As summer break ends, many students will return to school with mobile devices, such as smart phones, tablets, and laptops. Although these devices can help students with their schoolwork and stay in touch with family and friends, there are risks associated with using them. However, there are simpl...

North Korean Malicious Cyber Activity

The Department of Homeland Security DHS and the Federal Bureau of Investigation FBI have identified a Trojan malware variant—referred to as KEYMARBLE—used by the North Korean government. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA. NCCIC...

ISC Releases Security Advisory for BIND

The Internet Systems Consortium ISC has released a security advisory that addresses a vulnerability affecting multiple versions of ISC Berkeley Internet Name Domain BIND. A remote attacker could exploit this vulnerability to cause a denial-of-service condition. NCCIC encourages users and...

VMware Releases Security Updates

VMware has released security updates to address a vulnerability in Horizon 6, 7, and Horizon Client for Windows. An attacker could exploit this vulnerability to obtain sensitive information. NCCIC encourages users and administrators to review the VMware Security Advisory VMSA-2018-0019 and apply...

FBI Releases Article on Building a Digital Defense Against Facebook Scams

The Federal Bureau of Investigation FBI has released an article on building a digital defense against a fraud that uses Facebook’s texting app—Facebook Messenger. Scammers send messages that appear to be from trusted sources or trick users into clicking on malicious links or sharing personal...

Mozilla Releases Security Update for Thunderbird

Mozilla has released a security update to address vulnerabilities in Thunderbird. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the Mozilla Security Advisory for Thunderbird 60 and apply the...

Linux Kernel Vulnerability

NCCIC is aware of a Linux kernel vulnerability affecting Linux versions 4.9 and greater. An attacker could exploit this vulnerability to cause a denial-of-service condition. NCCIC encourages users and administrators to review the Vulnerability Note VU 962459 and apply the necessary updates. This...

Drupal Releases Security Update

Drupal has released a security update addressing a vulnerability in Drupal 8.x. A remote attacker could exploit this vulnerability to take control of an affected system. NCCIC encourages users and administrators to review Drupal's Security Advisory and apply the necessary update. This product is...

FBI Releases Article on Securing the Internet of Things

The Federal Bureau of Investigation FBI has released an article on the risks associated with internet-connected devices, commonly referred to as the Internet of Things IoT. FBI warns that cyber threat actors can use unsecured IoT devices as proxies to anonymously pursue malicious cyber activities...

Cisco Releases Security Update

Cisco has released a security update to address a vulnerability in Cisco Prime Collaboration Provisioning. A remote attacker could exploit this vulnerability to cause a denial-of-service condition. NCCIC encourages users and administrators to review the Cisco Security Advisory and apply the...

NCCIC Webinar Series on Russian Government Cyber Activity

NCCIC is holding a webinar on Russian government cyber activity against critical infrastructure as detailed in NCCIC Alert TA18-074A today from 1–2:30 p.m. ET. The webinar will feature NCCIC subject matter experts discussing recent cybersecurity incidents, mitigation techniques, and resources tha...

Malicious Cyber Activity Targeting ERP Applications

Digital Shadows Ltd. and Onapsis Inc. have released a report describing an increase in the exploitation of vulnerabilities in Enterprise Resource Planning ERP applications. ERP applications help organizations manage critical business processes—such as product lifecycle management, customer...

Google Releases Security Update for Chrome

Google has released Chrome version 68.0.3440.75 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. NCCIC encourages users and administrators to review the Chrome Releases page and apply the necessary update. Th...

Bluetooth Vulnerability

NCCIC is aware of a vulnerability affecting Bluetooth firmware and operating system software drivers. A remote attacker could exploit this vulnerability to obtain sensitive information. NCCIC encourages users and administrators to review Vulnerability Note VU 304725 for more information and refer...

Apache Releases Security Updates for Apache Tomcat

The Apache Software Foundation has released security updates to address vulnerabilities in Apache Tomcat versions 9.0.0.M9 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86. A remote attacker could exploit one of these vulnerabilities to obtain sensitive information. NCCIC...

NCCIC Webinar Series on Russian Government Cyber Activity

NCCIC will conduct a series of webinars on Russian government cyber activity against critical infrastructure as detailed in NCCIC Alert TA18-074A, which will feature NCCIC subject matter experts discussing recent cybersecurity incidents, mitigation techniques, and resources that are available to...

Cisco Releases Security Updates

Cisco has released updates to address vulnerabilities affecting Cisco products. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the Cisco Security Advisories and Alerts website and apply the...

Oracle Releases July 2018 Security Bulletin

Oracle has released its Critical Patch Update for July 2018 to address 334 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the Oracle July 2018 Critic...

FTC Issues Alert on Tech Support Scams

The Federal Trade Commission has released an alert on tech support scams. Scammers use pop-up messages, websites, emails, and phone calls to entice users to pay for fraudulent tech support services to repair problems that don’t exist. Users should not pay or give control of their devices to any...

IC3 Warns of Business Email Compromise Scams

The Internet Crime Complaint Center IC3 has released an alert on business email compromise scams. This type of scam targets businesses and individuals by using social engineering or computer intrusion to compromise legitimate email accounts and conduct unauthorized fund transfers or obtain...

Juniper Networks Releases Security Updates

Juniper Networks has released security updates to address vulnerabilities affecting multiple Junos OS versions. An attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the Juniper Security Advisories websit...

ISC Releases Security Advisory for Kea DHCP

The Internet Systems Consortium ISC has released a security advisory that addresses a memory leak vulnerability in Kea DHCP 1.4.0. A remote attacker could exploit this vulnerability to cause a denial-of-service condition. NCCIC encourages users and administrators to review ISC Knowledge Base...

Cisco Releases Security Updates

Cisco has released updates to address vulnerabilities affecting Cisco products. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the following Cisco Security Advisories and apply the necessary...

Adobe Releases Security Updates

Adobe has released security updates to address vulnerabilities in Adobe Acrobat and Reader, Adobe Flash Player, Adobe Connect, and Adobe Experience Manager. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrato...

Microsoft Releases July 2018 Security Updates

Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review Microsoft’s July 2018 Security Update Summary and Deployment...

Apple Releases Multiple Security Updates

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review Apple security pages for the following products and apply the...

CIS Releases 2017 Year in Review

The Center for Internet Security CIS has released its 2017 Year in Review. CIS is home to the Multi-State Information Sharing and Analysis Center MS-ISAC, an NCCIC partner focused on cyber threat prevention, protection, response, and recovery for U.S. state, local, tribal, and territorial...

Apple Releases Security Update for Boot Camp

Apple has released a security update to address vulnerabilities in Wi-Fi for Boot Camp 6.4.0. An attacker could exploit these vulnerabilities to obtain access to sensitive information. NCCIC encourages users and administrators to review Apple’s security page for Wi-Fi Update for Boot Camp 6.4.0 a...

Mozilla Releases Security Update for Thunderbird

Mozilla has released a security update to address multiple vulnerabilities in Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the Mozilla Security Advisory for Thunderbird 52.9 and appl...

VMware Releases Security Updates

VMware has released security updates to address vulnerabilities in VMware ESXi, Workstation, and Fusion. An attacker could exploit these vulnerabilities to obtain sensitive information. NCCIC encourages users and administrators to review the VMware Security Advisory VMSA-2018-0016 and apply the...

Mozilla Releases Security Updates for Firefox

Mozilla has released security updates to address multiple vulnerabilities in Firefox ESR and Firefox. A remote attacker could exploit some of these vulnerabilities to cause a denial-of-service condition. NCCIC encourages users and administrators to review the Mozilla Security Advisories for Firef...

Global Threats to Information Systems

The advanced capabilities of organized hacker groups and cyber threat actors are an increasing global threat to information systems. Rising threat levels place more demands on cybersecurity personnel and network administrators to protect information systems. Protecting network infrastructure is...

Cisco Releases Security Updates for Multiple Products

Cisco has released several updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the following Cisco Security Advisories and apply the...

FTC, Partners Help Small Businesses Stop Scams

The Federal Trade Commission FTC has launched Operation Main Street, an effort with the Better Business Bureau BBB and law enforcement to educate small business owners on how to stop scams targeting their businesses. Accordingly, FTC released Scams and Your Small Business, a guide for businesses...

North Korean Malicious Cyber Activity

The Department of Homeland Security DHS and the Federal Bureau of Investigation FBI have identified Trojan malware variants—referred to as TYPEFRAME—used by the North Korean government. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA. US-CERT...

Apple Releases Security Update for Xcode

Apple has released a security update to address vulnerabilities in Xcode. An attacker could exploit one of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review Apple’s security page for Xcode 9.4.1 and apply the necessary update. This...