Current Activity

Apple Releases Security Updates

8 hours 17 minutes ago
Original release date: May 27, 2020

Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Microsoft Releases Security Update for Edge

5 days 9 hours ago
Original release date: May 22, 2020

Microsoft has released a security update to address a vulnerability in Edge (Chromium-based). A remote attacker could exploit this vulnerability to write files to arbitrary locations and gain elevated privileges.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft’s Security Advisory for CVE-2020-1195 and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Cisco Releases Security Updates

5 days 9 hours ago
Original release date: May 22, 2020

Cisco has released security updates to address vulnerabilities in Unified CCX software and Prime Network Registrar. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Cisco advisories and apply the necessary updates:

For updates addressing lower severity vulnerabilities see the Cisco Security Advisories page.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

ACSC Releases Cyber Criminal and APT Tradecraft Trends for 2019-2020

5 days 9 hours ago
Original release date: May 22, 2020

The Australian Cyber Security Centre (ACSC) has released a summary of trends for 2019-2020 outlining tactics, techniques, and procedures (TTPs) used by cyber criminals and advanced persistent threat (APT) groups to target Australian networks. ACSC uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework to identify notable adversary TTPs.  

The Cybersecurity and Infrastructure Security Agency (CISA) encourages administrators to review ACSC’s Summary of Tradecraft Trends for 2019-20: Tactics, Techniques and Procedures Used to Target Australian Networks and MITRE’s ATT&CK for Enterprise framework for more information.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

CISA, DOE, and UK’s NCSC Issue Guidance on Protecting Industrial Control Systems

5 days 10 hours ago
Original release date: May 22, 2020

The Cybersecurity and Infrastructure Security Agency (CISA), the Department of Energy (DOE), and the UK's National Cyber Security Centre (NCSC) have released Cybersecurity Best Practices for Industrial Control Systems, an infographic providing recommended cybersecurity practices for industrial control systems (ICS). The two-page infographic summarizes common ICS risk considerations, short- and long-term cybersecurity event impacts, best practices to defend ICS processes, and highlights NCSC's product on Secure Design Principles and Operational Technology.

CISA, DOE, and NCSC encourage users to review Cybersecurity Best Practices for Industrial Control Systems. For more in-depth information, visit CISA’s ICS Recommended Practices webpage and DOE's Cybersecurity Capability Maturity Model (C2M2) Program webpage. For information on CISA Assessments, visit https://www.cisa.gov/cyber-resource-hub.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Drupal Releases Security Updates

6 days 9 hours ago
Original release date: May 21, 2020

Drupal has released security updates to address vulnerabilities affecting Drupal 7, 8.7, and 8.8. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Drupal Advisories SA-CORE-2020-002 and SA-CORE-2020-003 for more information and to apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Apple Releases Security Update for Xcode

6 days 9 hours ago
Original release date: May 21, 2020

Apple has released a security update to address a vulnerability in Xcode. A remote attacker could exploit this vulnerability to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apple security page for Xcode 11.5 and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

CISA, IRS, USSS, and Treasury Release Joint Alert on Scams Related to Coronavirus Economic Impact Payments

6 days 9 hours ago
Original release date: May 21, 2020

The Cybersecurity and Infrastructure Security Agency (CISA), U.S. Department of the Treasury, Internal Revenue Service (IRS), and United States Secret Service (USSS) have released a Joint Alert with mitigations to help Americans avoid scams related to coronavirus economic impact payments—particularly attempts to steal payments, personal and financial information, and disrupt payment efforts.

CISA encourages consumers to review the Joint Alert, Avoid Scams Related to Economic Payments, COVID-19, and www.cisa.gov/coronavirus for more information.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

ISC Releases Security Advisory for BIND

1 week ago
Original release date: May 20, 2020

The Internet Systems Consortium (ISC) has released security advisories that addresses vulnerabilities affecting multiple versions of ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the ISC advisories for CVE-2020-8616 and CVE-2020-8617 for more information and to apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Adobe Releases Security Updates

1 week ago
Original release date: May 20, 2020

Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit these vulnerabilities to obtain sensitive information.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Google Releases Security Updates for Chrome

1 week ago
Original release date: May 20, 2020

Google has released Chrome version 83.0.4103.61 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome Release Note and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

VMware Releases Security Update for Cloud Director

1 week ago
Original release date: May 20, 2020

VMware has released security updates to address a vulnerability in VMware Cloud Director (formerly known as vCloud Director). A remote attacker could exploit this vulnerability to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the VMware Security Advisory and apply the necessary updates or workaround.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Microsoft Releases Security Advisory for Windows DNS Servers

1 week ago
Original release date: May 20, 2020

Microsoft has released a security advisory that addresses a vulnerability affecting Windows DNS Servers. An attacker could exploit this vulnerability to cause a denial-of-service condition.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft Advisory ADV200009 for more information and to apply the necessary mitigation or workaround.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

CISA-FBI Joint Announcement on PRC Targeting of COVID-19 Research Organizations

2 weeks ago
Original release date: May 13, 2020

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have jointly released a Public Service Announcement on the People’s Republic of China’s targeting of COVID-19 research organizations. CISA and FBI encourage COVID-19 research organizations to review and apply the announcement’s recommended mitigations to prevent surreptitious review or theft of COVID-19-related material.  

For more information on Chinese malicious cyber activity, see https://www.us-cert.gov/china.

 

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Microsoft Releases May 2020 Security Updates

2 weeks 1 day ago
Original release date: May 12, 2020

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft’s May 2020 Security Update Summary and Deployment Information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Adobe Releases Security Updates

2 weeks 1 day ago
Original release date: May 12, 2020

Adobe has released security updates to address vulnerabilities affecting Adobe DNG Software Development Kit, Acrobat, and Reader. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Adobe Security Bulletin APSB20-24 and APSB20-26 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

North Korean Malicious Cyber Activity

2 weeks 1 day ago
Original release date: May 12, 2020

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Defense (DoD) have identified three malware variants—COPPERHEDGE, TAINTEDSCRIBE, and PEBBLEDASH—used by the North Korean government. In addition, U.S. Cyber Command has released the three malware samples to the malware aggregation tool and repository, VirusTotal. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA.

CISA encourages users and administrators to review the Malware Analysis Reports for each malware variant listed above, U.S. Cyber Command’s VirusTotal page, and CISA’s North Korean Malicious Cyber Activity page for more information.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

VMware Publishes Workarounds for Vulnerabilities in vRealize Operations Manager

2 weeks 2 days ago
Original release date: May 11, 2020

VMware has published workarounds to address unpatched vulnerabilities in vRealize Operations Manager (vROps). A remote attacker could exploit these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the VMware Security Advisory and apply the necessary mitigations.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Cisco Releases Security Updates for Multiple Products

2 weeks 6 days ago
Original release date: May 7, 2020

Cisco has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Cisco Security Advisories page and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Google Releases Security Updates for Chrome 

3 weeks ago
Original release date: May 6, 2020

Google has released Chrome version 81.0.4044.138 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome Release and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA
Checked
2 hours 46 minutes ago
A regularly updated summary of the most frequent, high-impact security incidents currently being reported to the US-CERT.
Subscribe to Current Activity feed