4188 matches found
Lenovo Releases Security Advisory
Lenovo has released security updates to address a vulnerability affecting Enterprise Network Operating System ENOS firmware. An attacker could exploit this vulnerability to obtain sensitive information. NCCIC/US-CERT encourages users and administrators to review Lenovo's Security Advisory and the...
NCSC Releases Security Advisory
The United Kingdom's National Cyber Security Centre NCSC has released a report updating its guidance on Turla Neuron malware, which provides a platform to steal sensitive data. NCSC provides enhanced cybersecurity services to protect against cybersecurity threats. NCCIC/US-CERT encourages users a...
Cisco Releases Security Updates
Cisco has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit one of these vulnerabilities to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply t...
Oracle Releases January 2018 Security Bulletin
Oracle has released its Critical Patch Update for January 2018 to address 237 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to obtain access to sensitive information. NCCIC/US-CERT encourages users and administrators to review the Oracle...
ISC Releases Security Advisories for DHCP, BIND
The Internet Systems Consortium ISC has released updates or workarounds that address vulnerabilities in versions of ISC Dynamic Host Configuration Protocol DHCP and Berkeley Internet Name Domain BIND. A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition...
VMware Releases Security Updates for Workstation, Fusion
VMware has released security updates to address vulnerabilities in VMware Workstation and Fusion. An attacker could exploit these vulnerabilities to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review the VMware Security Advisory VMSA-2018-0005 and appl...
Juniper Networks Releases Security Updates
Juniper Networks has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review the following Juniper Security Advisori...
VMware Releases Security Updates
VMware has released security updates to address a vulnerability in multiple products. An attacker could exploit this vulnerability to obtain access to sensitive information. NCCIC/US-CERT encourages users and administrators to review the VMware Security Advisory VMSA-2018-0004 and apply the...
Microsoft Releases January 2018 Security Updates
Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review Microsoft's January 2018 Security Update Summary and Deployme...
Adobe Releases Security Updates for Flash Player
Adobe has released security updates to address a vulnerability in Flash Player. A remote attacker could exploit this vulnerability to obtain sensitive information. NCCIC/US-CERT encourages users and administrators to review Adobe Security Bulletin APSB18-01 and apply the necessary updates. This...
MS-ISAC Releases Advisory on PHP Vulnerabilities
The Multi-State Information Sharing & Analysis Center MS-ISAC has released an advisory on multiple Hypertext Preprocessor PHP vulnerabilities. An attacker could exploit one of these vulnerabilities to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review...
Apple Releases Multiple Security Updates
Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit these vulnerabilities to obtain access to sensitive information. NCCIC/US-CERT encourages users and administrators to review Apple security pages for the following products and apply the...
VMware Releases Security Updates
VMware has released security updates to address multiple vulnerabilities in vRealize Operations for Horizon, vRealize Operations for Published Applications, Workstation, Horizon View Client, and Tools. A remote attacker could exploit these vulnerabilities to take control of an affected system...
Mozilla Releases Security Update
Mozilla has released a security update to address a vulnerability in Firefox. An attacker could exploit this vulnerability to obtain access to sensitive information. NCCIC/US-CERT encourages users and administrators to review the Mozilla Security Advisory and update to Firefox 57.0.4. This produc...
Meltdown and Spectre Side-Channel Vulnerabilities
US-CERT is aware of a set of security vulnerabilities—known as Meltdown and Spectre—that affect modern computer processors. Exploitation of these vulnerabilities could allow an attacker to obtain access to sensitive information. Users and administrators are encouraged to review Vulnerability Note...
VMware Releases Security Updates
VMware has released security updates to address vulnerabilities in vSphere Data Protection. A remote attacker could exploit these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review the VMware Security Advisory VMSA-2018-0001 and apply the...
Mozilla Releases Security Update for Thunderbird
Mozilla has released a security update to address multiple vulnerabilities in Thunderbird. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review the Mozilla Security Advisory for Thunderbird 52.5....
North Korean Malicious Cyber Activity
The Department of Homeland Security DHS and the Federal Bureau of Investigation FBI have identified Trojan malware variants—referred to as BANKSHOT—used by the North Korean government. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA. US-CERT...
Google Releases Security Update for Chrome
Google has released Chrome version 63.0.3239.108 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take control of an affected system. US-CERT encourages users and administrators to review the Chrome Releases page and apply the necessary update...
Transport Layer Security (TLS) Vulnerability
CERT Coordination Center CERT/CC has released information on a Transport Layer Security TLS vulnerability. Exploitation of this vulnerability could allow an attacker to access sensitive information. The TLS vulnerability is also known as Return of Bleichenbacher's Oracle Threat ROBOT. ROBOT allow...
Apple Releases Security Updates
Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review Apple security pages for the following products and apply...
Microsoft Releases December 2017 Security Updates
Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review Microsoft's December 2017 Security Update Summary and...
Apple Releases Security Updates
Apple has released security updates to address vulnerabilities in AirPort Base Station. An attacker could exploit some of these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review the Apple security pages for AirPort Base Station Firmware...
Microsoft Releases Security Updates for its Malware Protection Engine
Microsoft has released updates to address a vulnerability in Microsoft Malware Protection Engine affecting multiple products. A remote attacker could exploit this vulnerability to take control of an affected system. US-CERT encourages users and administrators to review Microsoft's Advisory and...
Mozilla Releases Security Updates
Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. A remote attacker could exploit these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review the Mozilla Security Advisory for Firefox 57.0.2 and ESR...
Apple Releases Security Updates
Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review Apple security pages for the following products and apply...
Google Releases Security Update for Chrome
Google has released Chrome version 63.0.3239.84 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. US-CERT encourages users and administrators to review the Chrome Releases page and apply the necessary update...
Securing Mobile Devices During Holiday Travel
As the holiday season begins, many people will travel with their mobile devices. Although these devices—such as smart phones, tablets, and laptops—offer a range of conveniences, users should be mindful of potential threats and vulnerabilities while traveling with them. US-CERT encourages users to...
Mozilla Releases Security Update for Firefox
Mozilla has released a security update to address multiple vulnerabilities in Firefox 57. A remote attacker could exploit these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review the Mozilla Security Advisory for Firefox 57.0.1 and apply t...
Apache Software Foundation Releases Security Updates
The Apache Software Foundation has released security updates to address vulnerabilities in Apache Struts versions 2.5 to 2.5.14. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review Apache Securit...
Cisco Releases Security Updates
Cisco has released security updates to address vulnerabilities in its WebEx Network Recording Player for Advanced Recording Format ARF and WebEx Recording Format WRF files. A remote attacker could exploit these vulnerabilities to take control of an affected system. US-CERT encourages users and...
Apple Releases Security Update for macOS High Sierra
Apple has released a supplemental security update to address a vulnerability in macOS High Sierra 10.13. An attacker could exploit this vulnerability to take control of an affected system. US-CERT encourages users and administrators to review CERT/CC Vulnerability Note VU113765 and the Apple...
NCSC Releases Security Advisory
The United Kingdom's National Cyber Security Centre NCSC has released an advisory to highlight Neuron and Nautilus tools used alongside Snake—malware that provides a platform to steal sensitive data. NCSC provides enhanced cybersecurity services to protect against cybersecurity threats. US-CERT...
National Tax Security Awareness Week: IRS Helps Taxpayers Protect Against Cyber Criminals
As part of National Tax Security Awareness Week—November 27 to December 1—the Internal Revenue Service IRS is releasing daily security tips to help taxpayers protect their data and identities against tax-related identity theft. US-CERT encourages taxpayers to visit the IRS National Tax Security...
Intel Firmware Vulnerability
Intel has released recommendations to address vulnerabilities in the firmware of the following Intel products: Management Engine, Server Platform Services, and Trusted Execution Engine. An attacker could exploit some of these vulnerabilities to take control of an affected system. US-CERT encourag...
Symantec Releases Security Update
Symantec has released an update to address a vulnerability in the Symantec Management Console. A remote attacker could exploit this vulnerability to take control of an affected system. US-CERT encourages users and administrators to review the Symantec Security Advisory and apply the necessary...
Windows ASLR Vulnerability
The CERT Coordination Center CERT/CC has released information on a vulnerability in Windows Address Space Layout Randomization ASLR that affects Windows 8, Windows 8.1, and Windows 10. A remote attacker could exploit this vulnerability to take control of an affected system. US-CERT encourages use...
Holiday Scams and Malware Campaigns
US-CERT reminds users to remain vigilant when browsing or shopping online this holiday season. Emails and ecards from unknown senders may contain malicious links. Fake advertisements or shipping notifications may deliver attachments infected with malware. Spoofed email messages and phony posts on...
Oracle Releases Security Alert
Oracle has released a security alert to address multiple vulnerabilities in Oracle Tuxedo. A remote attacker could exploit these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review the Oracle Security Alert Advisory and apply the necessary...
Cisco Releases Security Update
Cisco has released a security update to address a vulnerability in its Voice Operating System software platform. Exploitation of this vulnerability could allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review the Cisco Security Advisor...
Adobe Releases Security Updates
Adobe has released security updates to address vulnerabilities in Flash Player, Photoshop CC, Adobe Connect, DNG Converter, InDesign, Digital Editions, Shockwave Player, and Experience Manager. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affecte...
Microsoft Releases November 2017 Security Updates
Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review Microsoft's November 2017 Security Update Summary and...
Mozilla Releases Security Updates
Mozilla has released security updates to address multiple vulnerabilities in Firefox 57 and ESR 52.5. An attacker could exploit these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review the Mozilla Security Advisory for Firefox 57 and ESR...
Microsoft Releases Security Advisory on Dynamic Data Exchange (DDE)
Microsoft has released an advisory that provides guidance on securing Dynamic Data Exchange DDE fields in Microsoft Office applications. Exploitation of this protocol may allow an attacker to take control of an affected system. US-CERT encourages users and administrators to review the Microsoft...
Joomla! Releases Security Update
Joomla! has released version 3.8.2 of its Content Management System CMS software to address multiple vulnerabilities. A remote attacker could exploit one of these vulnerabilities to obtain sensitive information. US-CERT encourages users and administrators to review the Joomla! Security Release an...
Google Releases Security Update for Chrome
Google has released Chrome version 62.0.3202.89 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. US-CERT encourages users and administrators to review the Chrome Releases page and apply the necessary update...
Cisco Releases Security Update for IOS XE Software
Cisco has released a security update to address a vulnerability in its IOS XE software. A remote attacker could exploit this vulnerability to cause a denial-of-service condition. US-CERT encourages users and administrators to review the Cisco Security Advisory and apply the necessary update. This...
Cisco Releases Security Updates
Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the...
Protecting Critical Infrastructure from Cyber Threats
October is National Cybersecurity Awareness Month, an annual campaign to raise awareness about cybersecurity. Building resilience in critical infrastructure is crucial to national security. The essential infrastructure systems that support our daily lives—such as electricity, financial...
Apple Releases Multiple Security Updates
Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review Apple security pages for the following products and apply...