ISC Releases Security Advisory for BIND

The Internet Systems Consortium ISC has released a security advisory that addresses a vulnerability affecting multiple versions of ISC Berkeley Internet Name Domain BIND. A remote attacker could exploit this vulnerability to obtain sensitive information. NCCIC encourages users and administrators ...

Intel Releases Security Advisory on Lazy FP State Restore Vulnerability

Intel has released recommendations to address a vulnerability—dubbed Lazy FP state restore—affecting Intel Core-based microprocessors. An attacker could exploit this vulnerability to obtain access to sensitive information. NCCIC encourages users and administrators to review Intel's Security...

Google Releases Security Update for Chrome

Google has released Chrome version 67.0.3396.87 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take control of an affected system. NCCIC encourages users and administrators to review the Chrome Release page and apply the necessary update. Thi...

Microsoft Releases June 2018 Security Updates

Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review Microsoft's June 2018 Security Update Summary and Deployment...

VMware Releases Security Update

VMware has released a security update to address a vulnerability in VMware AirWatch Agent. A remote attacker could exploit this vulnerability to take control of an affected system. NCCIC encourages users and administrators to review the VMware Security Advisory VMSA-2018-0015 and apply the...

Google Releases Security Update for Chrome

Google has released Chrome version 67.0.3396.79 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take control of an affected system. NCCIC encourages users and administrators to review the Chrome Releases page and apply the necessary update. Th...

Adobe Releases Security Updates for Flash Player

Adobe has released security updates to address vulnerabilities in Flash Player. A remote attacker could exploit these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review Adobe Security Bulletin APSB18-19 and apply the necessary updates. This...

Mozilla Releases Security Update

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. A remote attacker could exploit these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the Mozilla Security Advisory for Firefox 60.0.2 and Firefo...

Cisco Releases Security Updates for Multiple Products

Cisco has released several updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the following Cisco Security Advisories and apply the...

Apple Releases Security Updates

Apple has released a security update for macOS High Sierra and supplemental updates for Sierra and El Capitan to address multiple vulnerabilities. An attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the...

Google Releases Security Update for Chrome

Google has released Chrome version 67.0.3396.62 for Windows, Mac, and Linux. This version addresses vulnerabilities that a remote attacker could exploit to take control of an affected system. NCCIC encourages users and administrators to review the Chrome Releases page and apply the necessary...

North Korean Malicious Cyber Activity

The Department of Homeland Security DHS and the Federal Bureau of Investigation FBI released a joint Technical Alert TA that identifies two families of malware—referred to as Joanap and Brambul—used by the North Korean government. The U.S. Government refers to malicious cyber activity by the Nort...

Securing Mobile Devices During Summer Travel

As summer begins, many people will travel with their mobile devices. Although these devices—such as smart phones, tablets, and laptops—offer a range of conveniences, users should be mindful of potential threats and vulnerabilities while traveling with them. NCCIC encourages users to review the...

IRS Warns Tax Professionals of Phishing Scam

The Internal Revenue Service IRS has issued a news release warning tax professionals to beware of a new phishing email scam. Cyber criminals posing as state accounting and professional associations have been sending emails to entice their targets to reveal login credentials. Tax practitioners...

FBI Releases Article on Building a Digital Defense with Credit Reports

FBI has released an article on using credit reports to build a digital defense against identify theft. FBI explains how identity theft can deal a devastating blow to consumers' credit history. However, regularly checking the accuracy of credit reports can help consumers minimize risk. NCCIC...

VPNFilter Destructive Malware

NCCIC is aware of a sophisticated modular malware system known as VPNFilter. Devices known to be affected by VPNFilter include Linksys, MikroTik, NETGEAR, and TP-Link networking equipment, as well as QNAP network-attached storage NAS devices. Devices compromised by VPNFilter may be vulnerable to...

Tragedy-Related Scams

In the wake of the recent Texas school shooting, NCCIC advises users to watch out for possible malicious cyber activity seeking to capitalize on this tragic event. Users should exercise caution in handling emails related to the shooting, even if they appear to originate from trusted sources...

Mozilla Releases Security Update for Thunderbird

Mozilla has released a security update to address vulnerabilities in Thunderbird. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the Mozilla Security Advisory for Thunderbird 52.8 and apply th...

ISC Releases Security Advisories for BIND

The Internet Systems Consortium ISC has released updates that address vulnerabilities in versions of ISC Berkeley Internet Name Domain BIND. A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition. NCCIC encourages users and administrators to review ISC...

Red Hat Addresses DHCP Client Vulnerability

Red Hat has released security updates to address a vulnerability in its Dynamic Host Configuration Protocol DHCP client packages for Red Hat Enterprise Linux 6 and 7. An attacker could exploit this vulnerability to take control of an affected system. NCCIC encourages users and administrators to...

Cisco Releases Security Updates

Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the following Cisco Security Advisories and apply the necessa...

FBI Releases Article on Digital Defense Against ID Theft

FBI has released an article on building a digital defense against identify theft. FBI explains that the growing number of data breaches put more people at risk of becoming a victim of identity theft. However, implementing basic security practices can help users minimize their risk. NCCIC encourag...

VMware Releases Security Update

VMware has released a security update to address a vulnerability in NSX SD-WAN Edge by VeloCloud. A remote attacker could exploit this vulnerability to take control of an affected system. NCCIC encourages users and administrators to review the VMware Security Advisory VMSA-2018-0011 and apply the...

OpenPGP, S/MIME Mail Client Vulnerabilities

The CERT Coordination Center CERT/CC has released information on email client vulnerabilities that can reveal plaintext versions of OpenPGP- and S/MIME-encrypted emails. A remote attacker could exploit these vulnerabilities to obtain sensitive information. NCCIC encourages users and administrator...

FTC Promotes Privacy Awareness Week

The Federal Trade Commission FTC has released an announcement promoting Privacy Awareness Week PAW May 14–18, 2018. PAW is an annual event fostering awareness of privacy issues and the importance of protecting personal information. This year’s theme, “From Principles to Practice,” focuses on...

Adobe Releases Security Updates

Adobe has released security updates to address vulnerabilities in Adobe Acrobat and Reader and Photoshop CC. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review Adobe Security Bulletins APSB18-09...

Google Releases Security Update for Chrome

Google has released Chrome version 66.0.3359.170 for Windows, Mac, and Linux. This version addresses vulnerabilities, one of which a remote attacker could exploit to take control of an affected system. NCCIC encourages users and administrators to review the Chrome Releases page and apply the...

Mozilla Releases Security Updates for Firefox

Mozilla has released security updates to address vulnerabilities in Firefox ESR and Firefox. An attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the Mozilla Security Advisories for Firefox ESR 52.8 and...

Adobe Releases Security Updates

Adobe has released security updates to address vulnerabilities in Adobe Connect, Adobe Flash Player, and Adobe Creative Cloud Desktop Application. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to revi...

Microsoft Releases May 2018 Security Updates

Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review Microsoft's May 2018 Security Update Summary and Deployment...

Debug Exception May Cause Unexpected Behavior

CERT Coordination Center CERT/CC has released information for CVE-2018-8897 – unexpected behavior for debug exceptions. A local attacker could exploit this bug to obtain sensitive information. NCCIC encourages users and administrators to review CERT/CC’s Vulnerability Note VU 631579 for more...

FBI Releases IC3 2017 Internet Crime Report

FBI has released the Internet Crime Complaint Center IC3 2017 Internet Crime Report, which highlights scams trending online. The top three crime types reported by victims in 2017 were non-payment/non-delivery, personal data breach, and phishing. Hot topics for 2017 include ransomware, business...

First Lady’s 'Be Best' Initiative Addresses Kids' Online Safety

First Lady Melania Trump has announced her initiative to help children be their best. As part of her initiative, the First Lady released a guide to help parents and other adults discuss online safety and responsibility with children. Children taught about internet safety, appropriate online...

FTC Releases Alert on Exposed Twitter Passwords

The Federal Trade Commission FTC has issued guidance for Twitter users on changing their passwords. Users should change their Twitter passwords as well as any other accounts that use the same password. NCCIC encourages consumers to review the FTC alert for more information. Refer to the NCCIC Tip...

Microsoft Releases Security Update

Microsoft has released a security update to address a vulnerability in the Windows Host Compute Service Shim hcsshim library. A remote attacker could exploit this vulnerability to take control of an affected system. NCCIC encourages users and administrators to review the Microsoft Security Adviso...

Cisco Releases Security Updates

Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the following Cisco Security Advisories and apply the necessa...

MS-ISAC Releases Advisory on PHP Vulnerabilities

The Multi-State Information Sharing & Analysis Center MS-ISAC has released an advisory on multiple Hypertext Preprocessor PHP vulnerabilities. An attacker could exploit one of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review MS-ISAC...

Drupal Releases Critical Security Updates

Drupal has released critical updates addressing a vulnerability in Drupal 8.x and 7.x. A remote attacker could exploit this vulnerability to take control of an affected system. NCCIC encourages users and administrators to review Drupal's Security Advisory and apply the necessary updates. This...

Apple Releases Multiple Security Updates

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review Apple security pages for the following products and apply the...

Google Releases Security Update for Chrome

Google has released Chrome version 66.0.3359.117 for Windows, Mac, and Linux. This version addresses vulnerabilities that a remote attacker could exploit to take control of an affected system. NCCIC encourages users and administrators to review the Chrome Releases page and apply the necessary...

Cisco Releases Security Updates for Multiple Products

Cisco has released several updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the following Cisco Security Advisories and apply the...

Drupal Releases Security Updates

Drupal has released updates addressing a vulnerability in Drupal 8 and 7. A remote attacker could exploit this vulnerability to gain access to sensitive information. NCCIC encourages users and administrators to review the Drupal Security Advisory for additional information and apply the necessary...

Oracle Releases April 2018 Security Bulletin

Oracle has released its Critical Patch Update for April 2018 to address 254 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the Oracle April 2018...

Russian Malicious Cyber Activity

The Department of Homeland Security DHS, Federal Bureau of Investigation FBI, and the United Kingdom’s UK National Cyber Security Centre NCSC released a joint Technical Alert TA about malicious cyber activity carried out by the Russian Government. The U.S. Government refers to malicious cyber...

VMware Releases Security Updates

VMware has released security updates to address a vulnerability in vRealize Automation. An attacker could exploit this vulnerability to take control of an affected system. NCCIC encourages users and administrators to review the VMware Security Advisory VMSA-2018-0009 and apply the necessary...

Juniper Networks Releases Security Updates

Juniper Networks has released security updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the following Juniper Security Advisories...

Adobe Releases Security Updates

Adobe has released security updates to address vulnerabilities in Adobe PhoneGap Push Plugin, Adobe Digital Editions, Adobe InDesign, Adobe Experience Manager, and Adobe Flash Player. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC...

Microsoft Releases April 2018 Security Updates

Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review Microsoft's April 2018 Security Update Summary and Deployment...

Ongoing Threat of Ransomware

NCCIC has observed an increase in ransomware attacks across the world. Ransomware is a type of malicious software, or malware, designed to deny access to a computer system or data until a ransom is paid. Ransomware typically spreads through phishing emails or by unknowingly visiting an infected...

Microsoft Releases Security Update

Microsoft has released a security update to address a vulnerability in the Microsoft Malware Protection Engine. A remote attacker could exploit this vulnerability to take control of an affected system. NCCIC encourages users and administrators to review the Microsoft Security Advisory and apply t...