Tuesday, March 19, 2019

Mozilla Releases Security Updates for Firefox

Original release date: March 19, 2019Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA)...

Microsoft Ending Support for Windows 7

Original release date: March 19, 2019All software products have a life-cycle. After January 14, 2020, Microsoft will no longer provide security updates or support for PCs running the Windows 7 operating system. After this date, this product will no...

Now Available: Recording of Chinese Malicious Cyber Activity Briefing

Original release date: March 19, 2019The Cybersecurity and Infrastructure Security Agency (CISA) has posted the February 14, 2019, Awareness Briefing on Chinese Malicious Cyber Activity. This webinar provides background and mitigation techniques on Chinese malicious cyber activity targeting managed...

SB19-077: Vulnerability Summary for the Week of March 11, 2019

Original release date: March 18, 2019 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD...

New Zealand-Related Scams and Malware Campaigns

Original release date: March 15, 2019In the wake of the recent New Zealand mosque shooting, the Cybersecurity and Infrastructure Security Agency (CISA) advises users to watch out for possible malicious cyber activity seeking to capitalize on this tragic event....

Intel Releases Security Advisories on Multiple Products

Original release date: March 15, 2019Intel has released security updates and recommendations to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA)...

VMware Releases Security Updates for Workstation and Horizon

Original release date: March 15, 2019VMware has released security updates to address vulnerabilities affecting Workstation 14 and 15, and Horizon 6 and 7. An attacker could exploit some of these vulnerabilities to take control of an affected system.  The...

Microsoft Releases Security Update for Azure Linux Guest Agent

Original release date: March 14, 2019Microsoft has released an update to address a vulnerability in Azure Linux Guest Agent. An attacker could exploit this vulnerability to obtain access to sensitive information.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users...

MS-ISAC Releases Security Primer on TrickBot Malware

Original release date: March 14, 2019The Multi-State Information Sharing and Analysis Center (MS-ISAC) has released a security primer on TrickBot malware. TrickBot is a modular banking Trojan that targets users’ financial information and acts as a dropper for other...

WordPress Releases Security Update

Original release date: March 14, 2019WordPress 5.1 and prior versions are affected by a vulnerability. An attacker could exploit this vulnerability to take control of an affected website.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to...

Cisco Releases Security Updates

Original release date: March 13, 2019Cisco has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to cause a denial-of-service condition.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and...

Google Releases Security Updates for Chrome

Original release date: March 13, 2019Google has released Chrome version 73.0.3683.75 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that an attacker could exploit to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA)...

Microsoft Releases March 2019 Security Updates

Original release date: March 12, 2019Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages...

Adobe Releases Security Updates

Original release date: March 12, 2019Adobe has released security updates to address vulnerabilities in Adobe Photoshop CC and Adobe Digital Editions. An attacker could exploit these vulnerabilities to take control of an affected system.The Cybersecurity and Infrastructure Security Agency...

SB19-070: Vulnerability Summary for the Week of March 4, 2019

Original release date: March 11, 2019 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD...

Google Releases Security Updates for Chrome

Original release date: March 07, 2019Google has released Chrome version 72.0.3626.122 for most Chrome OS devices. This version addresses a vulnerability that a remote attacker could exploit to take control of an affected system. This vulnerability was detected in...

ICSJWG Spring Meeting and Call for Abstracts (Deadline Extended)

Original release date: March 07, 2019The Industrial Control Systems Joint Working Group (ICSJWG)—a collaborative and coordinating body operating under the Critical Infrastructure Partnership Advisory Council (CIPAC) framework—will hold the 2019 ICSJWG Spring Meeting in Kansas City, MO, April 23–25,...

Cisco Releases Security Updates

Original release date: March 06, 2019Cisco has released multiple security updates to address vulnerabilities in various Cisco products. An attacker could exploit some of those vulnerabilities to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA)...

IRS Launches ‘Dirty Dozen’ Campaign on Tax Scams

Original release date: March 04, 2019The Internal Revenue Service (IRS) has launched its annual awareness campaign on the 12 most prevalent tax scams, known as the “Dirty Dozen.” As part of the campaign, IRS will highlight one scam each...

SB19-063: Vulnerability Summary for the Week of February 25, 2019

Original release date: March 04, 2019 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD...
SC Magazine

Norwegian aluminum producer Norsk Hydro hit by an unspecified cyberattack

Norwegian aluminum producer Norsk Hydro was hit by a cyber attack which began Monday evening and escalated into the night. The Norwegian National Security Authority (NSM) declined to comment on what type of attack it was but said the extent...
SC Magazine

Glitch exposes Sprint customer data to other users

A bug has allowed some Sprint customers to see the personal data of other customers from their online accounts. The information visible includes names, cell phone numbers as well as calls made by other users and, and a Tech Crunch report cited...

6 Ways Mature DevOps Teams Are Killing It in Security

New survey shows where "elite" DevOps organizations are better able to incorporate security into application security.
The Register

Ransomware drops the Lillehammer on Norsk Hydro: Aluminium giant forced into manual mode after systems scrambled

Norway the power and metals wrangler could have seen this one coming Norwegian power and metals giant Norsk Hydro is battling an extensive ransomware infection on its computers.…

Old Tech Spills Digital Dirt on Past Owners

Researcher buys old computers, flash drives, phones and hard drives and finds only two properly wiped devices out of 85 examined.