Original release date: February 5, 2020 Google has released Chrome 80 (version 80.0.3987.87) for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. The Cybersecurity and Infrastructure Security Agency…
Tag: CISA All NCAS Products
IRS Launches “Identity Theft Central” Webpage
Original release date: February 4, 2020 The Internal Revenue Service (IRS) has launched its “Identity Theft Central” webpage to provide 24/7 access to online information regarding tax-related identity theft and data security protection. Tax-related identity theft occurs when someone steals…
OpenSMTPD Vulnerability
Original release date: February 3, 2020 The CERT Coordination Center (CERT/CC) has released information on a vulnerability affecting OpenSMTPD. An attacker could exploit this vulnerability to take control of an affected system. OpenSMTPD is an open-source server-side implementation of the…
Detecting Citrix CVE-2019-19781
Original release date: January 31, 2020 Unknown cyber network exploitation (CNE) actors have successfully compromised numerous organizations that employed vulnerable Citrix devices through a critical vulnerability known as CVE-2019-19781.[1] Though mitigations were released on the same day Citrix announced CVE-2019-19781,…
Adobe Releases Security Updates for Magento
Original release date: January 31, 2020 Adobe has released security updates to address vulnerabilities affecting Magento Commerce and Open Source editions. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure…
Cisco Releases Security Updates for Cisco Small Business Switches
Original release date: January 30, 2020 Cisco has released security updates to address vulnerabilities affecting Cisco Small Business Switches. A remote attacker could exploit one of these vulnerabilities to obtain sensitive information. The Cybersecurity and Infrastructure Security Agency (CISA) encourages…
Tax Identity Theft Awareness Week
Original release date: January 29, 2020 Tax Identity Theft Awareness Week is February 3-7. The Federal Trade Commission (FTC) Tax Identity Theft Awareness Week webpage will provide webinars and other resources from FTC and its partners throughout the week to…
Apple Releases Multiple Security Updates
Original release date: January 28, 2020 Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages…
Data Privacy Day: A Vision for the Future
Original release date: January 28, 2020 January 28 is Data Privacy Day, an annual effort to empower individuals and organizations to respect privacy, safeguard data, and enable trust. This year, the National Cyber Security Alliance (NCSA) is bringing together experts…
Vulnerability Summary for the Week of January 20, 2020
Vulnerability Summary for the Week of January 20, 2020 Advertise on IT Security News. Read the complete article: Vulnerability Summary for the Week of January 20, 2020
NSA Releases Guidance on Mitigating Cloud Vulnerabilities
Original release date: January 24, 2020 The National Security Agency (NSA) has released an information sheet with guidance on mitigating cloud vulnerabilities. NSA identifies cloud security components and discusses threat actors, cloud vulnerabilities, and potential mitigation measures. The Cybersecurity and…
Citrix Releases Security Updates for SD-WAN WANOP
Original release date: January 23, 2020 Citrix has released security updates to address the CVE-2019-19781 vulnerability in Citrix SD-WAN WANOP. An attacker could exploit this vulnerability to take control of an affected system. Citrix has also released an Indicators of…
Cisco Releases Security Updates
Original release date: January 23, 2020 Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the…
Increased Emotet Malware Activity
Original release date: January 22, 2020 The Cybersecurity and Infrastructure Security Agency (CISA) is aware of a recent increase in targeted Emotet malware attacks. Emotet is a sophisticated Trojan that commonly functions as a downloader or dropper of other malware.…
IC3 Issues Alert on Employment Scams
Original release date: January 22, 2020 The Internet Crime Complaint Center (IC3) has issued an alert warning consumers of fake jobs and hiring scams targeting applicants’ personally identifiable information (PII). Cyber criminals posing as legitimate employers spoof company websites and…
Reminder: Safeguard Websites from Cyberattacks
Original release date: January 21, 2020 Protect personal and organizational public-facing websites from defacement, data breaches, and other types of cyberattacks by following cybersecurity best practices. The Cybersecurity and Information Security Agency (CISA) encourages users and administrators to review CISA’s…
Samba Releases Security Updates
Original release date: January 21, 2020 The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit one of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure…
Critical Vulnerability in Citrix Application Delivery Controller, Gateway, and SD-WAN WANOP
Original release date: January 20, 2020 On January 19, 2020, Citrix released firmware updates for Citrix Application Delivery Controller (ADC) and Citrix Gateway versions 11.1 and 12.0 to address CVE-2019-19781. Citrix expects to release updates for other vulnerable versions of…
Citrix Adds SD-WAN WANOP, Updated Mitigations to CVE-2019-19781 Advisory
Original release date: January 17, 2020 Citrix has released an article with updates on CVE-2019-19781, a vulnerability affecting Citrix Application Delivery Controller (ADC) and Citrix Gateway. This vulnerability also affects Citrix SD-WAN WANOP product versions 10.2.6 and version 11.0.3. The…
Microsoft Releases Security Advisory on Internet Explorer Vulnerability
Original release date: January 17, 2020 Microsoft has released a security advisory to address a critical vulnerability in Internet Explorer. A remote attacker could exploit this vulnerability to take control of an affected system. According to the advisory, “Microsoft is…
Google Releases Security Updates for Chrome
Original release date: January 17, 2020 Google has released Chrome version 79.0.3945.130 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA)…
Oracle Releases January 2020 Security Bulletin
Original release date: January 14, 2020 Oracle has released its Critical Patch Update for January 2020 containing 334 new security patches to address vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an…
VMware Releases Security Update
Original release date: January 14, 2020 VMware has released a security update to address a vulnerability in VMware Tools. An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages…
Adobe Releases Security Updates
Original release date: January 14, 2020 Adobe has released security updates to address vulnerabilities in Illustrator CC and Experience Manager. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security…
Intel Releases Security Updates
Original release date: January 14, 2020 Intel has released security updates to address vulnerabilities in multiple products. An authenticated attacker with local access could exploit some of these vulnerabilities to gain escalation of privileges. The Cybersecurity and Infrastructure Security Agency…
Microsoft Releases January 2020 Security Updates
Original release date: January 14, 2020 Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA)…
CISA Releases Emergency Directive and Activity Alert on Critical Microsoft Vulnerabilities
Original release date: January 14, 2020 The Cybersecurity and Infrastructure Security Agency (CISA) has released an Emergency Directive and Activity Alert addressing critical vulnerabilities affecting Windows CryptoAPI and Windows Remote Desktop Protocol (RDP) server and client. A remote attacker could…
Critical Vulnerabilities in Microsoft Windows Operating Systems
Original release date: January 14, 2020 New vulnerabilities are continually emerging, but the best defense against attackers exploiting patched vulnerabilities is simple: keep software up to date. Timely patching is one of the most efficient and cost-effective steps an organization…
CISA Releases Test for Citrix ADC and Gateway Vulnerability
Original release date: January 13, 2020 The Cybersecurity and Infrastructure Security Agency (CISA) has released a utility that enables users and administrators to test whether their Citrix Application Delivery Controller (ADC) and Citrix Gateway software is susceptible to the CVE-2019-19781…
Continued Exploitation of Pulse Secure VPN Vulnerability
Original release date: January 10, 2020 Unpatched Pulse Secure VPN servers continue to be an attractive target for malicious actors. Affected organizations that have not applied the software patch to fix a remote code execution (RCE) vulnerability, known as CVE-2019-11510,…
Juniper Networks Releases Security Updates
Original release date: January 9, 2020 Juniper Networks has released security updates to address multiple vulnerabilities in various Juniper products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and…
Cisco Releases Security Updates for Multiple Products
Original release date: January 9, 2020 Cisco has released security updates to address vulnerabilities in Cisco Webex Video Mesh, Cisco IOS, and Cisco IOS XE Software. A remote attacker could exploit these vulnerabilities to take control of an affected system.…
Citrix Application Delivery Controller and Citrix Gateway Vulnerability
Original release date: January 8, 2020 The CERT Coordination Center (CERT/CC) has released information on a vulnerability affecting Citrix Application Delivery Controller and Citrix Gateway. A remote attacker could exploit this vulnerability to run arbitrary code on a targeted system.…
Mozilla Patches Critical Vulnerability
Original release date: January 8, 2020 Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in…
Google Releases Security Updates for Chrome
Original release date: January 8, 2020 Google has released security updates for Chrome version 79.0.3945.117 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take control of an affected system. The Cybersecurity and…
Mozilla Releases Security Updates for Firefox and Firefox ESR
Original release date: January 8, 2020 Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency…
Cisco Releases Security Updates
Original release date: January 7, 2020 Cisco has released security updates to address multiple vulnerabilities in Data Center Network Manager (DCNM). A remote attacker could exploit these vulnerabilities to take control of an affected system. For updates addressing lower severity…
Release of New CISA Insights on Increased Geopolitical Tensions and Threats
Original release date: January 6, 2020 Stakeholders, Today, the Cybersecurity and Infrastructure Security Agency (CISA) issued a CISA Insights document entitled, “Increased Geopolitical Tensions and Threats” pertaining to the increased tension with Iran. You can read the new CISA Insights…
DHS Releases NTAS Bulletin
Original release date: January 4, 2020 Today, Acting Secretary of Homeland Security Chad Wolf reissued the NTAS bulletin pertaining to the terror threat to the U.S. homeland. Upfront, you should know that: “At this time there is no specific, credible…