US-CERT Feed

Microsoft Releases November 2018 Security Updates

US-Cert Current Activity - Tue, 11/13/2018 - 6:24pm
Original release date: November 13, 2018

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review Microsoft’s November 2018 Security Update Summary and Deployment Information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

Adobe Releases Security Updates

US-Cert Current Activity - Tue, 11/13/2018 - 12:40pm
Original release date: November 13, 2018

Adobe has released security updates to address vulnerabilities in Flash Player, Adobe Acrobat and Reader, and Adobe Photoshop CC. An attacker could exploit these vulnerabilities to obtain access to sensitive information.

NCCIC encourages users and administrators to review Adobe Security Bulletins APSB18-39, APSB18-40, and APSB18-43 and apply the necessary updates.

 

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

VMware Releases Security Updates

US-Cert Current Activity - Fri, 11/09/2018 - 1:59pm
Original release date: November 09, 2018

VMware has released security updates to address vulnerabilities in ESXi, Workstation, and Fusion. An attacker could exploit these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review the VMware Security Advisory VMSA-2018-0027 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

NCCIC Releases Analysis Report on JexBoss

US-Cert Current Activity - Thu, 11/08/2018 - 3:43pm
Original release date: November 08, 2018

NCCIC has released Analysis Report (AR) AR18-312A: JexBoss - JBoss Verify and EXploitation Tool. Cyber threat actors use JexBoss to remotely access victims' systems. The report provides information on JexBoss' capabilities, as well as suggestions for detection and mitigation.

NCCIC encourages users and administrators to review AR18-312A for more information.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

Cisco Releases Security Updates

US-Cert Current Activity - Wed, 11/07/2018 - 12:42pm
Original release date: November 07, 2018

Cisco has released security updates to address vulnerabilities affecting Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

Self-Encrypting Solid-State Drive Vulnerabilities

US-Cert Current Activity - Tue, 11/06/2018 - 7:17pm
Original release date: November 06, 2018

NCCIC is aware of reports of vulnerabilities in the hardware encryption of certain self-encrypting solid-state drives. An attacker could exploit these vulnerabilities to obtain access to sensitive information.

NCCIC encourages users and administrators to review Microsoft's Security Advisory ADV180028 and Samsung's Customer Notice regarding Samsung SSDs for more information and refer to vendors for appropriate patches and recommendations, when available.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

Apache Releases Security Advisory for Apache Struts

US-Cert Current Activity - Mon, 11/05/2018 - 2:34pm
Original release date: November 05, 2018

The Apache Software Foundation has released an advisory to address a vulnerable commons-fileupload library used in Apache Struts versions 2.3.36 and prior. A remote attacker could exploit this vulnerability to take control of an affected system. Struts versions from 2.5.12 are not affected.

NCCIC encourages users and administrators of Apache Struts versions 2.3.36 and prior to review the Apache security advisory for CVE-2016-1000031 and upgrade to the latest released version of Commons FileUpload library, which is currently 1.3.3.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

Cisco Releases Security Advisory

US-Cert Current Activity - Thu, 11/01/2018 - 7:43pm
Original release date: November 01, 2018

Cisco has released a security advisory to address a vulnerability affecting Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software. A remote attacker could exploit this vulnerability to cause a denial-of-service condition.

NCCIC encourages users and administrators to review the Cisco Security Advisory and the CERT Coordination Center's Vulnerability Note VU# 339704 and apply the necessary mitigations until patches are made available. 

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

November is National Critical Infrastructure Security and Resilience Month

US-Cert Current Activity - Thu, 11/01/2018 - 7:03am
Original release date: November 01, 2018

November is National Critical Infrastructure Security and Resilience Month. Critical Infrastructure (CI) is our Nation’s backbone; it is the physical and cyber systems and assets that are so vital to the United States that their incapacity or destruction would have a debilitating impact on our physical or economic security or public health or safety.

Everyone is involved in the mission to protect CI. Users and administrators can help by using cybersecurity best practices, reporting cybersecurity incidents and phishing attempts, and submitting malware for review. Keeping your systems secured can help NCCIC identify cyber threats and inform the CI community.

NCCIC encourages CI owners and operators to review the DHS CI resource page for information on available resources and training. NCCIC also encourages CI owners and operators to visit the Critical Infrastructure Cyber Community Voluntary Program (C3VP) page for information on the C3VP program. 

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

Mozilla Releases Security Update for Thunderbird ESR

US-Cert Current Activity - Wed, 10/31/2018 - 9:07pm
Original release date: October 31, 2018

Mozilla has released a security update to address vulnerabilities in Thunderbird ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review the Mozilla Security Advisory for Thunderbird ESR 60.3 and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

Apache Releases Security Update for Apache Tomcat JK Connectors

US-Cert Current Activity - Wed, 10/31/2018 - 5:56pm
Original release date: October 31, 2018

The Apache Software Foundation has released a security update to address a vulnerability affecting Apache Tomcat JK Connectors 1.2.0 to 1.2.44. A remote attacker could exploit this vulnerability to obtain access to sensitive information.

NCCIC encourages users and administrators to review the Apache security advisory for CVE-2018-11759 and apply the necessary update or mitigation.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

Apple Releases Multiple Security Updates

US-Cert Current Activity - Tue, 10/30/2018 - 2:57pm
Original release date: October 30, 2018

Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

National Cybersecurity Awareness Month: Staying Secure

US-Cert Current Activity - Tue, 10/30/2018 - 6:22am
Original release date: October 30, 2018

National Cybersecurity Awareness Month is over, but your work securing your home and business systems and networks is not.

NCCIC recommends users and administrators subscribe to NCCIC National Cyber Awareness System product notifications to keep on top of cybersecurity threats as they emerge.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

FTC Releases Cyber Resources for Small Businesses

US-Cert Current Activity - Thu, 10/25/2018 - 9:15pm
Original release date: October 25, 2018

The Federal Trade Commission (FTC) has released new cyber resources for small businesses, including non-profit and charity organizations. These resources, which cover topics such as ransomware, phishing, and email authentication, aim to help smaller organizations protect their network and information.

NCCIC encourages small businesses and consumers to review FTC's Cybersecurity Resources for Non-Profits article, FTC's Cybersecurity for Small Business web page, and NCCIC's Resources for Small and Midsize Businesses web page for more information.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

DHS Webinar: Communicating Cyber Risk to Agency Decision Makers and Mission Owners

US-Cert Current Activity - Thu, 10/25/2018 - 12:43am
Original release date: October 25, 2018

DHS Office of Cybersecurity and Communications Assistant Secretary Jeanette Manfra is hosting a webinar on communicating cybersecurity risk issues to federal department and agency executives and mission owners on Tuesday, October 30, 2018, from 12-1 p.m. ET.
 
NCCIC encourages users and administrators to attend the one-hour webinar. For more information, and to register, visit the Communicating Cyber Risk to Agency Decision Makers and Mission Owners webinar page.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

Cisco Releases Security Updates

US-Cert Current Activity - Wed, 10/24/2018 - 12:46pm
Original release date: October 24, 2018

Cisco has released security updates to address a vulnerability in Cisco Webex Productivity Tools and the Cisco Webex Meetings Desktop App. An attacker could exploit this vulnerability to take control of an affected system.

NCCIC encourages users and administrators to review the Cisco Security Advisory and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

Mozilla Releases Security Updates for Firefox

US-Cert Current Activity - Tue, 10/23/2018 - 1:00pm
Original release date: October 23, 2018

Mozilla has released security updates to address multiple vulnerabilities in Firefox and Firefox ESR. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review the Mozilla Security Advisories for Firefox 63 and Firefox ESR 60.3 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

National Cybersecurity Awareness Month: Critical Infrastructure Cybersecurity

US-Cert Current Activity - Tue, 10/23/2018 - 6:38am
Original release date: October 23, 2018

October is National Cybersecurity Awareness Month, an annual campaign to raise awareness about cybersecurity. Building resilience in critical infrastructure is crucial to national security. The essential infrastructure systems that support our daily lives—such as electricity, financial institutions, and transportation—must be protected from cyber threats.

NCCIC encourages users and administrators to review the following:

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

FTC Promotes International Charity Fraud Awareness Week

US-Cert Current Activity - Mon, 10/22/2018 - 7:45pm
Original release date: October 22, 2018

The Federal Trade Commission (FTC) has released an announcement promoting the first International Charity Fraud Awareness Week (ICFAW). FTC, the National Association of State Charities Officials, and state and international partners coordinated this effort to raise awareness about donating wisely to charities. ICFAW will feature resources and tips on various topics—including giving after natural disasters, telemarketing solicitations, privacy, and online giving—hosted on FTC’s Twitter and Facebook accounts.

NCCIC encourages consumers to review FTC’s announcement and the following resources for more information:

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

NCSC Releases 2018 Annual Review

US-Cert Current Activity - Fri, 10/19/2018 - 8:13pm
Original release date: October 19, 2018

The United Kingdom's (UK) National Cyber Security Centre (NCSC) has released its Annual Review for 2018, which provides a snapshot of their work from September 1, 2017, to August 31, 2018. NCSC provides enhanced services to protect the UK against cybersecurity threats.

NCCIC encourages users and administrators to review NCSC’s 2018 Annual Review for more information.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

Pages