NCSC-NZ Releases Annual Cyber Threat Report
Original release date: November 14, 2019The New Zealand National Cyber Security Centre (NCSC-NZ) has released their annual report detailing cyber threats and incidents affecting New Zealand from July 2018 to June 2019. During this period, NCSC-NZ recorded an increase...
VMware Releases Security Updates
Original release date: November 12, 2019VMware has released security updates to address vulnerabilities in ESXi, Workstation, and Fusion. An attacker could exploit some of these vulnerabilities to take control of an affected system.
The Cybersecurity and Infrastructure Security Agency (CISA)...
Adobe Releases Security Updates
Original release date: November 12, 2019Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages...
Intel Releases Security Updates
Original release date: November 12, 2019Intel has released security updates to address vulnerabilities in multiple products. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Intel advisories and apply the necessary updates:
BMC Advisory...
Microsoft Releases November 2019 Security Updates
Original release date: November 12, 2019Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages...
Vulnerability Summary for the Week of November 4, 2019
Original release date: November 11, 2019 | Last revised: November 12, 2019The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS...
Holiday Shopping, Phishing, and Malware Scams
Original release date: November 8, 2019As this holiday season approaches, the Cybersecurity and Infrastructure Security Agency (CISA) encourages users to be aware of potential holiday scams and malicious cyber campaigns, particularly when browsing or shopping online. Cyber actors may...
Cisco Releases Security Updates
Original release date: November 7, 2019Cisco has released security updates to address vulnerabilities in Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities see...
CISA Launches “Cyber Essentials” for Small Businesses and Small SLTT Governments
Original release date: November 6, 2019The Cybersecurity and Infrastructure Security Agency (CISA) has launched Cyber Essentials, an effort to assist small organizations in understanding and addressing cybersecurity risks. Developed in partnership with small businesses and small state, local, tribal,...
U.S. Cyber Command Shares Seven New Malware Samples
Original release date: November 6, 2019U.S. Cyber Command has released seven malware samples to the malware aggregation tool and repository, VirusTotal. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review U.S. Cyber Command’s VirusTotal page...
CSET Version 9.2 Now Available
Original release date: November 4, 2019The Cybersecurity and Infrastructure Security Agency (CISA) has released version 9.2 of its Cyber Security Evaluation Tool (CSET). CSET is a desktop software tool that guides asset owners and operators through a consistent process...
Vulnerability Summary for the Week of October 28, 2019
Original release date: November 4, 2019The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated...
National Critical Infrastructure Security and Resilience Month
Original release date: November 1, 2019November is National Critical Infrastructure Security and Resilience Month. The Nation’s critical infrastructure (CI) relies on a highly interdependent environment, in which physical and cyber systems converge. CI plays a vital role in keeping...
Google Releases Security Updates for Chrome
Original release date: October 31, 2019Google has released Chrome version 78.0.3904.87 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. One of these vulnerabilities (CVE-2019-13720) was detected...
North Korean Malicious Cyber Activity
Original release date: October 31, 2019The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Defense (DoD) have identified a Trojan malware variant—referred to as HOPLIGHT—used by the North Korean government. The...
MAR-10135536-8 – North Korean Trojan: HOPLIGHT
Original release date: October 31, 2019
Notification
This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained herein. The DHS does not endorse...
MS-ISAC Releases EOS Software Report List
Original release date: October 30, 2019The Multi-State Information Sharing and Analysis Center (MS-ISAC) has released an end-of-support (EOS) software report list. Software that has reached its EOS date no longer receives security updates and patches from the vendor and...
MS-ISAC Releases Advisory on PHP Vulnerabilities
Original release date: October 30, 2019The Multi-State Information Sharing & Analysis Center (MS-ISAC) has released an advisory on multiple Hypertext Preprocessor (PHP) vulnerabilities. An attacker could exploit some of these vulnerabilities to take control of an affected system.
The Cybersecurity...
Apple Releases Security Updates
Original release date: October 30, 2019Content: Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages...
Microsoft Reports Global Cyberattacks on Sporting and Anti-Doping Organizations from Russian Espionage Actors
Original release date: October 29, 2019Microsoft publicly released information revealing an uptick in cyberattacks globally targeting anti-doping authorities and sporting organizations. The Microsoft Threat Intelligence Center (MSTIC) routinely tracks malicious activity originating from the Russian advanced persistent threat (APT)...
LINE Launches Public Bug Bounty Program on HackerOne
Japan-based communications company LINE Corporation today announced the launch of a public bug bounty program on hacker-powered pentest and bug bounty platform HackerOne.
Launched in 2011, LINE has grown to become one of the largest social platforms in the world,...
Try as they might, ransomware crooks can’t hide their tells when playing hands
Sophos sees common behavior across various infections Common behaviors shared across all families of ransomware are helping security vendors better spot and isolate attacks.…
Google Chrome experiment crashes browser tabs, impacts companies worldwide
In what looks to be the Chrome team's biggest misstep, companies report massive outages caused by unannounced Chrome experiment.
Threat actor impersonates German, Italian and American gov’t agencies to spread malware
Since October, a threat actor has been impersonating governmental agencies in phishing emails designed to infect American, German and Italian organizations with various forms of malware, including the Cobalt Strike backdoor, Maze ransomware and the IcedID banking trojan.
Business and...
GitHub launches ‘Security Lab’ to help secure open source ecosystem
Fourteen companies unite get together to search, find, and fix security flaws in GitHub-hosted open source projects.
