Current Activity

Cisco Releases Security Updates for Multiple Products

3 days 21 hours ago
Original release date: August 6, 2020

Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit one of these vulnerabilities to take obtain sensitive information.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Cisco Advisories and apply the necessary updates:

For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

NSA Releases Guidance on Limiting Location Data Exposure

3 days 21 hours ago
Original release date: August 6, 2020

The National Security Agency (NSA) has released an information sheet with guidance on how to limit location data exposure for National Security System (NSS) / Department of Defense (DoD) system users, as well as the general public. NSA outlines mobile device geolocation services and provides recommendations on how to prevent the exposure of sensitive location information and reduce the amount of location data shared.  

The Cybersecurity and Infrastructure Security Agency (CISA) encourages administrators and users to review NSA's guidance on Limiting Location Data Exposure and CISA’s Security Tip on Privacy and Mobile Device Apps for information on protecting mobile location data.  

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

FBI Reports Increase in Online Shopping Scams

4 days 21 hours ago
Original release date: August 5, 2020

The Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (I3C) has released an alert on a recent increase in online shopping scams. The scams direct victims to fraudulent websites via ads on social media platforms and popular online search engines’ shopping pages.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and consumers to review the IC3 Alert for indicators of fraud and tips to avoid being victimized, as well as CISA’s tip on Shopping Safely Online.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Chinese Malicious Cyber Activity

6 days 23 hours ago
Original release date: August 3, 2020

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Defense (DoD) have identified a malware variant—referred as TAIDOOR—used by the Chinese government. In addition, U.S. Cyber Command has released the malware sample to the malware aggregation tool and repository, VirusTotal.

CISA encourages users and administrators to review Malware Analysis Report MAR-10292089-1.v1, U.S. Cyber Command’s VirusTotal page, and CISA’s Chinese Malicious Cyber Activity page for more information.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Cisco Releases Security Updates for Multiple Products

1 week 3 days ago
Original release date: July 30, 2020

Cisco has released security updates to address vulnerabilities affecting multiple products. An unauthenticated, remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Cisco Advisories and apply the necessary updates. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

GNU GRUB2 Vulnerability

1 week 3 days ago
Original release date: July 30, 2020 | Last revised: July 31, 2020

Free Software Foundation GNU Project's multiboot boot loader, GNU GRUB2, contains a vulnerability—CVE-2020-10713—that a local attacker could exploit to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the CERT Coordination Center’s Vulnerability Note VU#174059 for mitigations and to refer to operating system vendors for appropriate patches, when available. CISA encourages administrators to test rigorously before applying patches as changes to the bootloader carry high operational risk.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Adobe Releases Security Updates for Magento

1 week 4 days ago
Original release date: July 29, 2020 | Last revised: July 30, 2020

Adobe has released security updates to address vulnerabilities in Magento Commerce 2 (formerly known as Magento Enterprise Edition) and Magento Open Source 2 (formerly known as Magento Community Edition). An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Adobe Security Bulletin APSB20-47 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Mozilla Releases Security Updates for Multiple Products

1 week 4 days ago
Original release date: July 29, 2020 | Last revised: July 30, 2020

Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Mozilla Security Advisories and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Google Releases Security Updates for Chrome

1 week 5 days ago
Original release date: July 28, 2020

Google has released Chrome version 84.0.4147.105 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome Release and apply the necessary updates.

 

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Cisco Releases Security Updates for ASA and FTD Software

2 weeks 3 days ago
Original release date: July 23, 2020

Cisco has released security updates to address a vulnerability in Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software Web Service. A remote attacker could exploit this vulnerability to obtain sensitive information.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Cisco Security Advisory cisco-sa-asaftd-ro-path-KJuQhB86 for more information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Citrix Releases Security Updates for Workspace App for Windows

2 weeks 3 days ago
Original release date: July 23, 2020

Citrix has released security updates to address a vulnerability in Workspace app for Windows.  A remote attacker could exploit this vulnerability to take control of an affected system if Windows Server Message Block (SMB) is enabled.

The Cybersecurity and Infrastructure Security Agency (CISA) recommends users and administrators review Citrix Security Bulletin CTX277662 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Adobe Releases Security Updates

2 weeks 4 days ago
Original release date: July 22, 2020

Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Microsoft Releases Security Update for Edge

3 weeks 2 days ago
Original release date: July 17, 2020

Microsoft has released a security update to address a vulnerability in Edge (Chromium-based). An attacker could exploit this vulnerability to drop Dynamic Link Library (DLL) files and gain elevated privileges.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft’s Security Advisory for CVE-2020-1341 and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Mozilla Releases Security Update for Thunderbird

3 weeks 2 days ago
Original release date: July 17, 2020

Mozilla has released a security update to address multiple vulnerabilities in Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisory for Thunderbird 78 and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

CISA Releases Emergency Directive on Critical Microsoft Vulnerability

3 weeks 3 days ago
Original release date: July 16, 2020

The Cybersecurity and Infrastructure Security Agency (CISA) has released Emergency Directive 20-03 addressing a critical vulnerability—CVE-2020-1350—affecting all versions of Windows Server with the Domain Name System (DNS) role enabled. A remote attacker could exploit this vulnerability to take control of an affected system. This vulnerability is considered “wormable” because malware exploiting it on a system could, without user interaction, propagate to other vulnerable systems.

Although Emergency Directive 20-03 applies only to certain Executive Branch departments and agencies, CISA strongly recommends state and local governments, the private sector, and others patch this critical vulnerability as soon as possible. Review the following resources for more information:

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Apple Releases Security Updates

3 weeks 3 days ago
Original release date: July 16, 2020

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Malicious Activity Targeting COVID-19 Research, Vaccine Development

3 weeks 4 days ago
Original release date: July 16, 2020

In response to malicious activity targeting COVID-19 research and vaccine development in the United States, United Kingdom (UK), and Canada, the Cybersecurity and Infrastructure Security Agency (CISA), UK’s National Cyber Security Centre (NCSC), Canada’s Communications Security Establishment (CSE), and the National Security Agency (NSA) released a Joint Cybersecurity Advisory to expose the threat. A malicious cyber actor is using a variety of tools and techniques to target organizations involved in COVID-19 research and vaccine development. Tools include SOREFANG, WELLMESS, and WELLMAIL malware.
 
CISA encourages users and administrators to review the Joint Cybersecurity Advisory and the following Malware Analysis Reports for more information and to apply the mitigations provided.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Cisco Releases Security Updates for Multiple Products

3 weeks 4 days ago
Original release date: July 15, 2020

Cisco has released security updates to address vulnerabilities affecting multiple products. An unauthenticated, remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Cisco Advisories and apply the necessary updates. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Oracle Releases July 2020 Security Bulletin

3 weeks 5 days ago
Original release date: July 14, 2020

Oracle has released its Critical Patch Update for July 2020 to address 433 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Oracle July 2020 Critical Patch Update and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Google Releases Security Updates for Chrome

3 weeks 5 days ago
Original release date: July 14, 2020

Google has released Chrome version 84.0.4147.89 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome Release and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA
Checked
1 hour 22 minutes ago
A regularly updated summary of the most frequent, high-impact security incidents currently being reported to the US-CERT.
Subscribe to Current Activity feed