Tuesday, May 26, 2020

Vulnerability Summary for the Week of May 18, 2020

Original release date: May 25, 2020 The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated...

Microsoft Releases Security Update for Edge

Original release date: May 22, 2020Microsoft has released a security update to address a vulnerability in Edge (Chromium-based). A remote attacker could exploit this vulnerability to write files to arbitrary locations and gain elevated privileges. The Cybersecurity and Infrastructure Security...

Cisco Releases Security Updates

Original release date: May 22, 2020Cisco has released security updates to address vulnerabilities in Unified CCX software and Prime Network Registrar. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. The Cybersecurity and...

ACSC Releases Cyber Criminal and APT Tradecraft Trends for 2019-2020

Original release date: May 22, 2020The Australian Cyber Security Centre (ACSC) has released a summary of trends for 2019-2020 outlining tactics, techniques, and procedures (TTPs) used by cyber criminals and advanced persistent threat (APT) groups to target Australian networks....

CISA, DOE, and UK’s NCSC Issue Guidance on Protecting Industrial Control Systems

Original release date: May 22, 2020The Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Energy (DOE) have jointly released Recommended Cybersecurity Practices for Industrial Control Systems, an infographic providing recommended cybersecurity practices for industrial control systems (ICS)....

Drupal Releases Security Updates

Original release date: May 21, 2020Drupal has released security updates to address vulnerabilities affecting Drupal 7, 8.7, and 8.8. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security...

Apple Releases Security Update for Xcode

Original release date: May 21, 2020Apple has released a security update to address a vulnerability in Xcode. A remote attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users...

CISA, IRS, USSS, and Treasury Release Joint Alert on Scams Related to Coronavirus Economic Impact Payments

Original release date: May 21, 2020The Cybersecurity and Infrastructure Security Agency (CISA), U.S. Department of the Treasury, Internal Revenue Service (IRS), and United States Secret Service (USSS) have released a Joint Alert with mitigations to help Americans avoid scams...

ISC Releases Security Advisory for BIND

Original release date: May 20, 2020The Internet Systems Consortium (ISC) has released security advisories that addresses vulnerabilities affecting multiple versions of ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition. The...

Adobe Releases Security Updates

Original release date: May 20, 2020Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit these vulnerabilities to obtain sensitive information. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the...

Google Releases Security Updates for Chrome

Original release date: May 20, 2020Google has released Chrome version 83.0.4103.61 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages...

VMware Releases Security Update for Cloud Director

Original release date: May 20, 2020VMware has released security updates to address a vulnerability in VMware Cloud Director (formerly known as vCloud Director). A remote attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and...

Microsoft Releases Security Advisory for Windows DNS Servers

Original release date: May 20, 2020Microsoft has released a security advisory that addresses a vulnerability affecting Windows DNS Servers. An attacker could exploit this vulnerability to cause a denial-of-service condition. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and...

Vulnerability Summary for the Week of May 11, 2020

Original release date: May 18, 2020 The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated...

CISA-FBI Joint Announcement on PRC Targeting of COVID-19 Research Organizations

Original release date: May 13, 2020The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have jointly released a Public Service Announcement on the People’s Republic of China’s targeting of COVID-19 research organizations. CISA and...

Microsoft Releases May 2020 Security Updates

Original release date: May 12, 2020Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages...

Adobe Releases Security Updates

Original release date: May 12, 2020Adobe has released security updates to address vulnerabilities affecting Adobe DNG Software Development Kit, Acrobat, and Reader. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity...

MIFR-10121050-1.v2

Original release date: May 12, 2020   Notification This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained herein. The DHS does not endorse...

MIFR-10079683-1.v2

Original release date: May 12, 2020   Notification This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained herein. The DHS does not endorse...

MIFR-10079682-1.v2

Original release date: May 12, 2020   Notification This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained herein. The DHS does not endorse...

Burn-In: The Book For Our Times

Peter Singer and August Cole have delivered a summer block buster just in time.
The Register

eBay users spot the online auction house port-scanning their PCs. Um… is that OK?

Fraud is a big issue for etailer, but there are privacy and consent concerns too Users visiting eBay have spotted that the website runs port scans against their computer, using the localhost address to inspect what may be running...
SecurityWeek

FTC Settles With Canadian Smart Lock Maker Over Security Practices

The Federal Trade Commission (FTC) has approved a settlement with Canadian smart lock maker Tapplock, which allegedly falsely claimed that its devices were designed to be “unbreakable.” read more
The Security Ledger

Spotlight Podcast: Securing the Enterprise’s New Normal

In this spotlight edition of the podcast, sponsored by Trusted Computing Group* Steve Hanna joins us to talk about COVID 19 and the security risks that go along with the "new normal" that has emerged out of the pandemic....

New iOS Jailbreak Tool Works on iPhone Models iOS 11 to iOS 13.5

Latest version of UnC0ver uses unpatched zero-day exploit to take complete control of devices, even those running iOS 13.5.