Friday, November 15, 2019

NCSC-NZ Releases Annual Cyber Threat Report

Original release date: November 14, 2019The New Zealand National Cyber Security Centre (NCSC-NZ) has released their annual report detailing cyber threats and incidents affecting New Zealand from July 2018 to June 2019. During this period, NCSC-NZ recorded an increase...

VMware Releases Security Updates

Original release date: November 12, 2019VMware has released security updates to address vulnerabilities in ESXi, Workstation, and Fusion. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA)...

Adobe Releases Security Updates

Original release date: November 12, 2019Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages...

Intel Releases Security Updates

Original release date: November 12, 2019Intel has released security updates to address vulnerabilities in multiple products. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Intel advisories and apply the necessary updates: BMC Advisory...

Microsoft Releases November 2019 Security Updates

Original release date: November 12, 2019Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages...

Vulnerability Summary for the Week of November 4, 2019

Original release date: November 11, 2019 | Last revised: November 12, 2019The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS...

Holiday Shopping, Phishing, and Malware Scams

Original release date: November 8, 2019As this holiday season approaches, the Cybersecurity and Infrastructure Security Agency (CISA) encourages users to be aware of potential holiday scams and malicious cyber campaigns, particularly when browsing or shopping online. Cyber actors may...

Cisco Releases Security Updates

Original release date: November 7, 2019Cisco has released security updates to address vulnerabilities in Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities see...

CISA Launches “Cyber Essentials” for Small Businesses and Small SLTT Governments

Original release date: November 6, 2019The Cybersecurity and Infrastructure Security Agency (CISA) has launched Cyber Essentials, an effort to assist small organizations in understanding and addressing cybersecurity risks. Developed in partnership with small businesses and small state, local, tribal,...

U.S. Cyber Command Shares Seven New Malware Samples

Original release date: November 6, 2019U.S. Cyber Command has released seven malware samples to the malware aggregation tool and repository, VirusTotal. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review U.S. Cyber Command’s VirusTotal page...

CSET Version 9.2 Now Available

Original release date: November 4, 2019The Cybersecurity and Infrastructure Security Agency (CISA) has released version 9.2 of its Cyber Security Evaluation Tool (CSET). CSET is a desktop software tool that guides asset owners and operators through a consistent process...

Vulnerability Summary for the Week of October 28, 2019

Original release date: November 4, 2019The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated...

National Critical Infrastructure Security and Resilience Month

Original release date: November 1, 2019November is National Critical Infrastructure Security and Resilience Month. The Nation’s critical infrastructure (CI) relies on a highly interdependent environment, in which physical and cyber systems converge. CI plays a vital role in keeping...

Google Releases Security Updates for Chrome

Original release date: October 31, 2019Google has released Chrome version 78.0.3904.87 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. One of these vulnerabilities (CVE-2019-13720) was detected...

North Korean Malicious Cyber Activity

Original release date: October 31, 2019The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Defense (DoD) have identified a Trojan malware variant—referred to as HOPLIGHT—used by the North Korean government. The...

MAR-10135536-8 – North Korean Trojan: HOPLIGHT

Original release date: October 31, 2019 Notification This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained herein. The DHS does not endorse...

MS-ISAC Releases EOS Software Report List

Original release date: October 30, 2019The Multi-State Information Sharing and Analysis Center (MS-ISAC) has released an end-of-support (EOS) software report list. Software that has reached its EOS date no longer receives security updates and patches from the vendor and...

MS-ISAC Releases Advisory on PHP Vulnerabilities

Original release date: October 30, 2019The Multi-State Information Sharing & Analysis Center (MS-ISAC) has released an advisory on multiple Hypertext Preprocessor (PHP) vulnerabilities. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity...

Apple Releases Security Updates

Original release date: October 30, 2019Content: Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages...

Microsoft Reports Global Cyberattacks on Sporting and Anti-Doping Organizations from Russian Espionage Actors

Original release date: October 29, 2019Microsoft publicly released information revealing an uptick in cyberattacks globally targeting anti-doping authorities and sporting organizations. The Microsoft Threat Intelligence Center (MSTIC) routinely tracks malicious activity originating from the Russian advanced persistent threat (APT)...
SecurityWeek

LINE Launches Public Bug Bounty Program on HackerOne

Japan-based communications company LINE Corporation today announced the launch of a public bug bounty program on hacker-powered pentest and bug bounty platform HackerOne. Launched in 2011, LINE has grown to become one of the largest social platforms in the world,...
The Register

Try as they might, ransomware crooks can’t hide their tells when playing hands

Sophos sees common behavior across various infections Common behaviors shared across all families of ransomware are helping security vendors better spot and isolate attacks.…
ZDNet

Google Chrome experiment crashes browser tabs, impacts companies worldwide

In what looks to be the Chrome team's biggest misstep, companies report massive outages caused by unannounced Chrome experiment.
SC Magazine

Threat actor impersonates German, Italian and American gov’t agencies to spread malware

Since October, a threat actor has been impersonating governmental agencies in phishing emails designed to infect American, German and Italian organizations with various forms of malware, including the Cobalt Strike backdoor, Maze ransomware and the IcedID banking trojan. Business and...
ZDNet

GitHub launches ‘Security Lab’ to help secure open source ecosystem

Fourteen companies unite get together to search, find, and fix security flaws in GitHub-hosted open source projects.