4188 matches found
WordPress Releases Security Update
WordPress versions prior to 4.8.3 are affected by a vulnerability. A remote attacker could exploit this vulnerability to obtain sensitive information. US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.8.3. This product is provided...
Oracle Releases Security Bulletin
Oracle has released a security update bulletin to address a vulnerability in Oracle Identity Manager. A remote attacker could exploit this vulnerability to take control of an affected system. Users and administrators are encouraged to review the Oracle Security Alert Advisory and apply the...
Google Releases Security Update for Chrome
Google has released Chrome version 62.0.3202.75 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to cause a denial-of-service condition. US-CERT encourages users and administrators to review the Chrome Releases page and apply the necessary update...
The Internet Wants You: Consider a Career in Cybersecurity
October is National Cybersecurity Awareness Month, an annual campaign to raise awareness about cybersecurity. The month’s themes educate students and professionals about cybersecurity attack methods, best practices, and preventive measures and are geared toward informing the next generation of...
Multiple Ransomware Infections Reported
US-CERT has received multiple reports of ransomware infections, known as Bad Rabbit, in many countries around the world. A suspected variant of Petya, Bad Rabbit is ransomware—malicious software that infects a computer and restricts user access to the infected machine until a ransom is paid to...
Cisco Releases Security Updates
Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the...
Google Releases Security Updates for Chrome
Google has released Chrome version 62.0.3202.62 for Windows, Mac, and Linux to address multiple vulnerabilities. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review the Chrome Releas...
IC3 Issues Alert on IoT Devices
In conjunction with National Cyber Security Awareness Month, the Internet Crime Complaint Center IC3 has issued an alert to individuals and businesses about the security risks involved with the Internet of Things IoT. IoT refers to the emerging network of devices e.g., smart TVs, home automation...
IC3 Issues Alert on DDoS Attacks
The Internet Crime Complaint Center IC3 has issued an alert on distributed denial-of-service DDoS-for-hire services advertised on criminal forums and marketplaces. Using DDoS attacks to prevent legitimate users from accessing websites or information can lead to serious consequences. US-CERT...
Today’s Predictions for Tomorrow’s Internet
October is National Cybersecurity Awareness Month, an annual campaign to raise awareness about cybersecurity. Smart cities, connected devices, digitized records, as well as smart cars and homes, have become a new reality. While there are tremendous benefits to this technology, it is critical to...
Oracle Releases Security Bulletin
Oracle has released its Critical Patch Update for October 2017 to address 252 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. Users and administrators are encouraged to review the Oracle October 2017...
CERT/CC Reports WPA2 Vulnerabilities
CERT Coordination Center CERT/CC has released information on Wi-Fi Protected Access II WPA2 protocol vulnerabilities. Exploitation of these vulnerabilities could allow an attacker to take control of an affected system. The vulnerabilities are in the WPA2 protocol, not within individual WPA2...
Adobe Releases Security Updates
Adobe has released security updates to address a vulnerability in Adobe Flash Player. A remote attacker could exploit this vulnerability to take control of an affected system. US-CERT encourages users and administrators to review Adobe Security Bulletin APSB17-32 and apply the necessary updates...
Mozilla Releases Security Update
Mozilla has released a security update to address multiple vulnerabilities in Thunderbird. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review the Mozilla Security Advisory for...
Cybersecurity in the Workplace is Everyone’s Business
October is National Cybersecurity Awareness Month, an annual campaign to raise awareness about cybersecurity. Creating a culture of cybersecurity is critical for all organizations—large and small businesses, academic institutions, non-profits, and government agencies—and is a responsibility share...
Microsoft Releases October 2017 Security Updates
Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review Microsoft's October 2017 Security Update Summary and Deployme...
Apple Releases Security Update for macOS High Sierra
Apple has released a supplemental security update to address vulnerabilities in macOS High Sierra 10.13. An attacker could exploit these vulnerabilities to obtain sensitive information. US-CERT encourages users and administrators to review the Apple security page for macOS High Sierra 10.13 and...
Cisco Releases Security Updates
Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to cause a denial-of-service condition. US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the...
Tragic-Event-Related Scams
In the wake of Sunday's tragic event in Las Vegas, US-CERT warns users to be watchful for various malicious cyber activity targeting both victims and potential donors. Users should exercise caution when handling emails that relate to the event, even if those emails appear to originate from truste...
Dnsmasq Contains Multiple Vulnerabilities
Dnsmasq versions 2.77 and prior contain multiple vulnerabilities. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review VUL Note VU973527 for more information and update to dnsmasq...
National Cybersecurity Awareness Month: Simple Steps to Online Safety
October is National Cybersecurity Awareness Month NCSAM, an annual campaign to raise awareness about cybersecurity. The National Cyber Security Alliance NCSA has published general tips to help you increase your cybersecurity awareness—including whom to contact if you are the victim of cyber...
Apache Releases Security Updates for Apache Tomcat
The Apache Software Foundation has released Apache Tomcat 9.0.1 and 8.5.23 to address a vulnerability in previous versions of the software. A remote attacker could exploit this vulnerability to take control of an affected server. US-CERT encourages users and administrators to review the Apache...
Apple Releases Security Update for iOS
Apple has released iOS 11.0.2 to address vulnerabilities in previous versions of iOS. Exploitation of some of these vulnerabilities could allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review the Apple security page for iOS 11.0.2 and...
October is National Cybersecurity Awareness Month
October is National Cybersecurity Awareness Month NCSAM. NCSAM is a collaborative effort between DHS and its public and private partners--including the National Cyber Security Alliance NCSA--to raise awareness about the vital role cybersecurity plays in the lives of U.S. citizens. US-CERT will be...
DNSSEC Key Signing Key Rollover Postponed
The Internet Corporation for Assigned Names and Numbers ICANN has announced that the change to the Root Zone Key Signing Key KSK scheduled for October 11, 2017, has been postponed. A new date for the Key Roll has not yet been determined. DNSSEC is a set of DNS protocol extensions used to digitall...
Mozilla Releases Security Updates
Mozilla has released security updates to address multiple vulnerabilities in Firefox ESR 52.4 and Firefox 56. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review the Mozilla Security Advisories...
Cisco Releases Security Updates
Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the...
Apple Releases Security Update for iOS
Apple has released iOS 11.0.1 to address vulnerabilities in previous versions of iOS. Exploitation of some of these vulnerabilities could allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review the Apple security page for iOS 11.0.1 and...
Apple Releases Security Updates
Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review Apple security pages for the following products and apply...
Oracle Patches Apache Vulnerabilities
Oracle has released security updates to address Apache Struts 2 vulnerabilities found across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review the Oracle Security Alert and...
Google Releases Security Updates for Chrome
Google has released Chrome version 61.0.3163.100 for Windows, Mac, and Linux. This update addresses multiple vulnerabilities that an attacker may exploit to cause a denial-of-service condition. US-CERT encourages users and administrators to review the Chrome Releases page and apply the necessary...
Joomla! Releases Security Update
Joomla! has released version 3.8.0 of its Content Management System CMS software to address a vulnerability. A remote attacker could exploit this vulnerability to obtain access to sensitive information. US-CERT encourages users and administrators to review the Joomla! Security Release and apply t...
Samba Releases Security Updates
The Samba Team has released security updates to address several vulnerabilities in Samba. An attacker could exploit any of these vulnerabilities to obtain access to potentially sensitive information. US-CERT encourages users and administrators to review the Samba Security Announcements for...
FTC Releases Alerts on Protecting Against Identity Theft
The Federal Trade Commission FTC has released two alerts to educate consumers on recommended protections against identity theft after the recent data breach at Equifax. Users should consider placing security freezes with the three major credit reporting agencies: Equifax, Transunion, and Experian...
IC3 Issues Alert on Disaster-Related Fraud
The Internet Crime Complaint Center IC3 has released an announcement on fraudulent cyber activity related to natural disasters. IC3 reports that scammers have recently used email and social-networking sites to solicit money from disaster victims with scams on false temporary housing and job...
WordPress Releases Security Update
WordPress versions prior to 4.8.2 are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website. US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.8.2. Th...
Cisco Releases Security Updates
Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the...
Apple Releases Security Updates
Apple has released security updates to address vulnerabilities in multiple products. A remote attacker may exploit some of these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review the following Apple security pages and apply the necessary...
Avast’s Piriform Releases Security Update for CCleaner
Piriform, a subsidiary of Avast, has released CCleaner 5.34 and has pushed v1.07.3214 to CCleaner Cloud users. These versions do not contain the Floxif malware found in the 32-bit versions of CCleaner 5.33.6162 and CCleaner Cloud 1.07.3191. Floxif malware collects information from the victim's...
Apache Releases Security Updates for Apache Tomcat
The Apache Foundation has released security updates to address vulnerabilities in Apache Tomcat. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected server. US-CERT encourages users and administrators to review the Apache advisories for...
VMware Releases Security Updates
VMware has released security updates to address vulnerabilities in ESXi, vCenter Server, Fusion, and Workstation. Exploitation of one of these vulnerabilities could allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review VMware Security...
Potential Phishing Scams Related to Equifax Data Breach
The Federal Trade Commission FTC has released an alert on phishing attacks related to the Equifax data breach. Phishing attacks try to trick message recipients into sharing sensitive information with cyber criminals. FTC warns consumers to be wary of calls or emails purporting to be from Equifax...
BlueBorne Bluetooth Vulnerabilities
US-CERT is aware of a collection of Bluetooth vulnerabilities, known as BlueBorne, potentially affecting millions of unpatched mobile phones, computers, and Internet of Things IoT devices. A remote attacker could exploit several of these vulnerabilities to take control of affected devices. US-CER...
Microsoft Releases September 2017 Security Updates
Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of a system. US-CERT encourages users and administrators to review Microsoft's September 2017 Security Update Summary and Deployment...
Adobe Releases Security Updates
Adobe has released security updates to address vulnerabilities in Adobe RoboHelp, Flash Player, and ColdFusion. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review Adobe Security...
Cisco Releases Security Advisories
Cisco has released advisories describing Apache Struts 2 vulnerabilities potentially affecting multiple products. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review the Cisco Security Advisories...
Hurricane-Related Scams
As the peak of the 2017 hurricane season approaches, US-CERT warns users to be watchful for various malicious cyber activity targeting both disaster victims and potential donors. Users should exercise caution when handling emails that relate to recent hurricanes, even if those emails appear to...
Google Releases Security Updates for Chrome
Google has released Chrome version 61.0.3163.79 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that an attacker could exploit to take control of an affected system. Users and administrators are encouraged to review the Chrome Releases page and apply the necessary...
Apache Software Foundation Releases Security Update
The Apache Software Foundation has released a security update to address a vulnerability in Struts 2. A remote attacker could exploit this vulnerability to take control of an affected system. US-CERT encourages users and administrators to review the Apache Security Bulletin and Vulnerability Note...
Potential Hurricane Harvey Phishing Scams
US-CERT warns users to remain vigilant for malicious cyber activity seeking to capitalize on interest in Hurricane Harvey. Users are advised to exercise caution in handling any email with subject line, attachments, or hyperlinks related to Hurricane Harvey, even if it appears to originate from a...