Tag: CISA All NCAS Products

Original release date: February 5, 2020 Google has released Chrome 80 (version 80.0.3987.87) for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. The Cybersecurity and Infrastructure Security Agency…

Read more →

Original release date: February 4, 2020 The Internal Revenue Service (IRS) has launched its “Identity Theft Central” webpage to provide 24/7 access to online information regarding tax-related identity theft and data security protection. Tax-related identity theft occurs when someone steals…

Read more →

Original release date: February 3, 2020 The CERT Coordination Center (CERT/CC) has released information on a vulnerability affecting OpenSMTPD. An attacker could exploit this vulnerability to take control of an affected system. OpenSMTPD is an open-source server-side implementation of the…

Read more →

Original release date: January 31, 2020 Unknown cyber network exploitation (CNE) actors have successfully compromised numerous organizations that employed vulnerable Citrix devices through a critical vulnerability known as CVE-2019-19781.[1] Though mitigations were released on the same day Citrix announced CVE-2019-19781,…

Read more →

Original release date: January 31, 2020 Adobe has released security updates to address vulnerabilities affecting Magento Commerce and Open Source editions. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure…

Read more →

Original release date: January 30, 2020 Cisco has released security updates to address vulnerabilities affecting Cisco Small Business Switches. A remote attacker could exploit one of these vulnerabilities to obtain sensitive information. The Cybersecurity and Infrastructure Security Agency (CISA) encourages…

Read more →

Original release date: January 29, 2020 Tax Identity Theft Awareness Week is February 3-7. The Federal Trade Commission (FTC) Tax Identity Theft Awareness Week webpage will provide webinars and other resources from FTC and its partners throughout the week to…

Read more →

Original release date: January 28, 2020 Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages…

Read more →

Original release date: January 28, 2020 January 28 is Data Privacy Day, an annual effort to empower individuals and organizations to respect privacy, safeguard data, and enable trust. This year, the National Cyber Security Alliance (NCSA) is bringing together experts…

Read more →

Vulnerability Summary for the Week of January 20, 2020   Advertise on IT Security News. Read the complete article: Vulnerability Summary for the Week of January 20, 2020

Read more →

Original release date: January 24, 2020 The National Security Agency (NSA) has released an information sheet with guidance on mitigating cloud vulnerabilities. NSA identifies cloud security components and discusses threat actors, cloud vulnerabilities, and potential mitigation measures. The Cybersecurity and…

Read more →

Original release date: January 23, 2020 Citrix has released security updates to address the CVE-2019-19781 vulnerability in Citrix SD-WAN WANOP. An attacker could exploit this vulnerability to take control of an affected system. Citrix has also released an Indicators of…

Read more →

Original release date: January 23, 2020 Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the…

Read more →

Original release date: January 22, 2020 The Cybersecurity and Infrastructure Security Agency (CISA) is aware of a recent increase in targeted Emotet malware attacks. Emotet is a sophisticated Trojan that commonly functions as a downloader or dropper of other malware.…

Read more →

Original release date: January 22, 2020 The Internet Crime Complaint Center (IC3) has issued an alert warning consumers of fake jobs and hiring scams targeting applicants’ personally identifiable information (PII). Cyber criminals posing as legitimate employers spoof company websites and…

Read more →

Original release date: January 21, 2020 Protect personal and organizational public-facing websites from defacement, data breaches, and other types of cyberattacks by following cybersecurity best practices. The Cybersecurity and Information Security Agency (CISA) encourages users and administrators to review CISA’s…

Read more →

Original release date: January 21, 2020 The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit one of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure…

Read more →

Original release date: January 20, 2020 On January 19, 2020, Citrix released firmware updates for Citrix Application Delivery Controller (ADC) and Citrix Gateway versions 11.1 and 12.0 to address CVE-2019-19781. Citrix expects to release updates for other vulnerable versions of…

Read more →

Original release date: January 17, 2020 Citrix has released an article with updates on CVE-2019-19781, a vulnerability affecting Citrix Application Delivery Controller (ADC) and Citrix Gateway. This vulnerability also affects Citrix SD-WAN WANOP product versions 10.2.6 and version 11.0.3. The…

Read more →

Original release date: January 17, 2020 Microsoft has released a security advisory to address a critical vulnerability in Internet Explorer. A remote attacker could exploit this vulnerability to take control of an affected system. According to the advisory, “Microsoft is…

Read more →

Original release date: January 17, 2020 Google has released Chrome version 79.0.3945.130 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA)…

Read more →

Original release date: January 14, 2020 Oracle has released its Critical Patch Update for January 2020 containing 334 new security patches to address vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an…

Read more →

Original release date: January 14, 2020 VMware has released a security update to address a vulnerability in VMware Tools. An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages…

Read more →

Original release date: January 14, 2020 Adobe has released security updates to address vulnerabilities in Illustrator CC and Experience Manager. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security…

Read more →

Original release date: January 14, 2020 Intel has released security updates to address vulnerabilities in multiple products. An authenticated attacker with local access could exploit some of these vulnerabilities to gain escalation of privileges. The Cybersecurity and Infrastructure Security Agency…

Read more →

Original release date: January 14, 2020 Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA)…

Read more →

Original release date: January 14, 2020 The Cybersecurity and Infrastructure Security Agency (CISA) has released an Emergency Directive and Activity Alert addressing critical vulnerabilities affecting Windows CryptoAPI and Windows Remote Desktop Protocol (RDP) server and client. A remote attacker could…

Read more →

Original release date: January 14, 2020 New vulnerabilities are continually emerging, but the best defense against attackers exploiting patched vulnerabilities is simple: keep software up to date. Timely patching is one of the most efficient and cost-effective steps an organization…

Read more →

Original release date: January 13, 2020 The Cybersecurity and Infrastructure Security Agency (CISA) has released a utility that enables users and administrators to test whether their Citrix Application Delivery Controller (ADC) and Citrix Gateway software is susceptible to the CVE-2019-19781…

Read more →

Original release date: January 10, 2020 Unpatched Pulse Secure VPN servers continue to be an attractive target for malicious actors. Affected organizations that have not applied the software patch to fix a remote code execution (RCE) vulnerability, known as CVE-2019-11510,…

Read more →

Original release date: January 9, 2020 Juniper Networks has released security updates to address multiple vulnerabilities in various Juniper products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.   The Cybersecurity and…

Read more →

Original release date: January 9, 2020 Cisco has released security updates to address vulnerabilities in Cisco Webex Video Mesh, Cisco IOS, and Cisco IOS XE Software. A remote attacker could exploit these vulnerabilities to take control of an affected system.…

Read more →

Original release date: January 8, 2020 The CERT Coordination Center (CERT/CC) has released information on a vulnerability affecting Citrix Application Delivery Controller and Citrix Gateway. A remote attacker could exploit this vulnerability to run arbitrary code on a targeted system.…

Read more →

Original release date: January 8, 2020 Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in…

Read more →

Original release date: January 8, 2020 Google has released security updates for Chrome version 79.0.3945.117 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take control of an affected system. The Cybersecurity and…

Read more →

Original release date: January 8, 2020 Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency…

Read more →

Original release date: January 7, 2020 Cisco has released security updates to address multiple vulnerabilities in Data Center Network Manager (DCNM). A remote attacker could exploit these vulnerabilities to take control of an affected system. For updates addressing lower severity…

Read more →

Original release date: January 6, 2020 Stakeholders,   Today, the Cybersecurity and Infrastructure Security Agency (CISA) issued a CISA Insights document entitled, “Increased Geopolitical Tensions and Threats” pertaining to the increased tension with Iran. You can read the new CISA Insights…

Read more →

Original release date: January 4, 2020 Today, Acting Secretary of Homeland Security Chad Wolf reissued the NTAS bulletin pertaining to the terror threat to the U.S. homeland. Upfront, you should know that: “At this time there is no specific, credible…

Read more →