Current Activity

Microsoft Releases Security Updates to Address Remote Code Execution Vulnerabilities

3 days 3 hours ago
Original release date: October 16, 2020

Microsoft has released security updates to address remote code execution vulnerabilities affecting Windows Codecs Library and Visual Studio Code. An attacker could exploit these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Microsoft security advisories for CVE-2020-17022 and CVE-2020-17023 and apply the necessary updates.

 

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

NCSC Releases Alert on Microsoft SharePoint Vulnerability

3 days 4 hours ago
Original release date: October 16, 2020

The United Kingdom (UK) National Cyber Security Centre (NCSC) has released an Alert to address a vulnerability—CVE-2020-16952—affecting Microsoft SharePoint server. An attacker could exploit this vulnerability to take control of an affected system. Applying patches from Microsoft’s October 2020 Security Advisory for CVE-2020-16952 can prevent exploitation of this vulnerability.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages administrators to review the NCSC Alert and the Microsoft Security Advisory for CVE-2020-16952 for more information.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Adobe Releases Security Updates for Magento

3 days 5 hours ago
Original release date: October 16, 2020

Adobe has released security updates to address vulnerabilities affecting Magento Commerce and Magento Open Source. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Adobe Security Bulletin APSB20-59 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Juniper Networks Releases Security Updates for Multiple Products

4 days 6 hours ago
Original release date: October 15, 2020

Juniper Networks has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Juniper Networks security advisories page and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Microsoft Addresses Windows TCP/IP RCE/DoS Vulnerability

5 days 5 hours ago
Original release date: October 14, 2020

Microsoft has released a security update to address a protocol vulnerability—CVE-2020-16898—in Windows Transmission Control Protocol (TCP)/IP stack handling of Internet Control Message Protocol version 6 (ICMPv6) Router Advertisement packets. A remote attacker could exploit this vulnerability to take control of an affected system or cause a denial-of-service condition.
 
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft’s Security Advisory for more information, and apply the necessary updates or workaround.
 

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Adobe Releases Security Updates for Flash Player

5 days 8 hours ago
Original release date: October 14, 2020 | Last revised: October 15, 2020

Adobe has released security updates to address a vulnerability affecting Flash Player. An attacker could exploit this vulnerability to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Adobe Security Bulletin APSB20-58 and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Apache Releases Security Updates for Apache Tomcat

5 days 8 hours ago
Original release date: October 14, 2020 | Last revised: October 15, 2020

The Apache Software Foundation has released a security advisory to address a vulnerability in Apache Tomcat. An attacker could exploit this vulnerability to obtain sensitive information. 

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Apache Security Advisory for CVE-2020-13943 and upgrade to the appropriate version.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Microsoft Releases October 2020 Security Updates

6 days 2 hours ago
Original release date: October 13, 2020

Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft’s October 2020 Security Update Summary and Deployment Information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

SAP Releases October 2020 Security Updates

6 days 4 hours ago
Original release date: October 13, 2020

SAP has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. This includes an OS command injection vulnerability (CVE-2020-6364) affecting SAP Solution Manager and SAP Focused Run.
 
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the SAP Security Notes for October 2020 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

CISA and FBI Release Joint Advisory Regarding APT Actors Chaining Vulnerabilities Against SLTT, Critical Infrastructure, and Elections Organizations

1 week 2 days ago
Original release date: October 9, 2020

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released a joint cybersecurity advisory regarding advanced persistent threat (APT) actors chaining vulnerabilities—a commonly used tactic exploiting multiple vulnerabilities in the course of a single intrusion—in an attempt to compromise federal and state, local, tribal, and territorial (SLTT) government networks, critical infrastructure, and elections organizations. CISA is aware of some instances where this activity resulted in unauthorized access to elections support systems; however, CISA has no evidence to date that integrity of elections data has been compromised.

The joint cybersecurity advisory contains information on exploited vulnerabilities and recommended mitigation actions for affected organizations to pursue.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

QNAP Releases Security Updates for QNAP Helpdesk

1 week 4 days ago
Original release date: October 8, 2020

QNAP Systems has released security updates to address vulnerabilities in QNAP Helpdesk. An attacker could exploit these vulnerabilities to take control of an affected QNAP network-attached storage (NAS) device.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review QNAP Security Advisory QSA-20-08 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Cisco Releases Security Updates

1 week 4 days ago
Original release date: October 8, 2020

Cisco has released security updates to address vulnerabilities in Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities see the Cisco Security Advisories page.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Cisco Advisories and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Google Releases Security Updates for Chrome

1 week 5 days ago
Original release date: October 7, 2020

Google has released Chrome version 86.0.4240.75 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome Release and apply the necessary changes.
 

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

CISA Releases FY2019 Risk Vulnerability Assessment Infographic

1 week 5 days ago
Original release date: October 7, 2020

The Cybersecurity and Information Security Agency (CISA) has released an infographic mapping analysis of 44 of its Risk and Vulnerability Assessments (RVAs) conducted in Fiscal Year 2019 to the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) Framework. The infographic identifies routinely successful attack paths CISA observed during RVAs conducted across multiple sectors. Cyber attackers can use these attack paths to compromise organizations.

CISA encourages network administrators and IT professionals to review the infographic and apply the recommended defensive strategies to protect against the observed tactics and techniques. Review CISA’s Cyber Essentials for more information on where to start implementing organizational cybersecurity practices. For information on CISA RVAs and requesting additional services, visit CISA’s National Cybersecurity Assessment and Technical Services page.  

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Department of Treasury Releases Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments

2 weeks 3 days ago
Original release date: October 2, 2020

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has released an [Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments]. Financial institutions, cyber insurance firms, and companies that facilitate payments on behalf of victims may be violating OFAC regulations.

CISA encourages organizations to review the OFAC Advisory for more information. See CISA’s Ransomware page for how to report and protect against ransomware attacks.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

CISA and CNMF Identify a New Malware Variant

2 weeks 4 days ago
Original release date: October 1, 2020

The Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Defense (DOD) Cyber National Mission Force (CNMF) have identified a malware variant—referred to as SLOTHFULMEDIA—used by a sophisticated cyber actor. In addition, U.S. Cyber Command has released the malware sample to the malware aggregation tool and repository, VirusTotal.

CISA encourages users and administrators to review Malware Analysis Report MAR-10303705-1.v1 and U.S. Cyber Command’s VirusTotal page for more information.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

October is National Cybersecurity Awareness Month

2 weeks 4 days ago
Original release date: October 1, 2020

October is National Cybersecurity Awareness Month (NCSAM), which is a collaborative effort between the Cybersecurity and Infrastructure Security Agency (CISA) and its public and private partners—including the National Cyber Security Alliance—to ensure every American has the resources they need to stay safe and secure online. This year’s theme, “Do your Part. #BeCyberSmart.,” encourages individuals and organizations to take proactive steps to enhance cybersecurity and protect their part of cyberspace.

CISA encourages individuals and organizations to review the NCSAM 2020 page for ways to participate in and promote NCSAM.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

CISA and MS-ISAC Release Ransomware Guide

2 weeks 5 days ago
Original release date: September 30, 2020

The Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) have released a joint Ransomware Guide that details practices that organizations should continuously engage in to help manage the risk posed by ransomware and other cyber threats. The in-depth guide provides actionable best practices for ransomware prevention as well as a ransomware response checklist that can serve as a ransomware-specific addendum to organization cyber incident response plans.

CISA encourages users and administrators to review the Ransomware Guide and CISA’s Ransomware webpage for additional information.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

CISA Releases Telework Essentials Toolkit

2 weeks 5 days ago
Original release date: September 30, 2020

The Cybersecurity and Infrastructure Security Agency (CISA) has released the Telework Essentials Toolkit, a comprehensive resource of telework best practices. The Toolkit provides three personalized modules for executive leaders, IT professionals, and teleworkers. Each module outlines distinctive security considerations appropriate for their role:

  • Actions for executive leaders that drive cybersecurity strategy, investment and culture
  • Actions for IT professionals that develop security awareness and vigilance
  • Actions for teleworkers to develop their home network security awareness and vigilance

CISA encourages users and administrators to review the Telework Essentials Toolkit and the CISA Telework page for more information.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Cisco Releases Security Updates for Multiple Products

3 weeks 3 days ago
Original release date: September 25, 2020

Cisco has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Cisco security page and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA
Checked
42 seconds ago
A regularly updated summary of the most frequent, high-impact security incidents currently being reported to the US-CERT.
Subscribe to Current Activity feed