Saturday, January 19, 2019

Drupal Releases Security Updates

Original release date: January 16, 2019Drupal has released security updates addressing vulnerabilities in Drupal 7.x, 8.5.x, and 8.6.x. A remote attacker could exploit these vulnerabilities to take control of an affected system.The National Cybersecurity and Communications Integration Center (NCCIC),...

Oracle Releases January 2019 Security Bulletin

Original release date: January 15, 2019Oracle has released its Critical Patch Update for January 2019 to address 284 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.The National...

SB19-014: Vulnerability Summary for the Week of January 7, 2019

Original release date: January 14, 2019 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD...

DNS Infrastructure Hijacking Campaign

Original release date: January 10, 2019The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), is aware of a global Domain Name System (DNS) infrastructure hijacking campaign. Using compromised credentials, an attacker...

Juniper Networks Releases Multiple Security Updates

Original release date: January 09, 2019Juniper Networks has released multiple security updates to address vulnerabilities in various Juniper products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The National Cybersecurity and...

Cisco Releases Security Updates

Original release date: January 09, 2019Cisco has released security updates to address vulnerabilities in Cisco AsyncOS Software for Cisco Email Security Appliance. A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition.  The National Cybersecurity and Communications Integration...

Microsoft Releases January 2019 Security Updates

Original release date: January 08, 2019Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.The National Cybersecurity and Communications Integration Center (NCCIC),...

Adobe Releases Security Updates

Original release date: January 08, 2019Adobe has released security updates to address vulnerabilities in Adobe Connect and Adobe Digital Editions. An attacker could exploit one of these vulnerabilities to take control of an affected system.The National Cybersecurity and Communications...

SB19-007: Vulnerability Summary for the Week of December 31, 2018

Original release date: January 07, 2019 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD...

CERT/CC Reports Critical Vulnerabilities in Microsoft Windows, Server

Original release date: January 04, 2019The CERT Coordination Center (CERT/CC) has released information on vulnerabilities affecting versions of Microsoft Windows and Windows Server. A remote attacker could exploit these vulnerabilities to take control of an affected system.The National Cybersecurity...

Adobe Releases Security Updates

Original release date: January 03, 2019Adobe has released security updates to address vulnerabilities in Adobe Acrobat and Reader. An attacker could exploit these vulnerabilities to take control of an affected system.The National Cybersecurity and Communications Integration Center (NCCIC), part...

SB18-365: Vulnerability Summary for the Week of December 24, 2018

Original release date: December 31, 2018 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD...

Securing New Devices

Original release date: December 28, 2018During the holidays, internet-connected devices also known as Internet of Things (IoT) are often popular gifts—such as smart TVs, watches, toys, phones, and tablets. This technology provides a level of convenience to our lives, but...

SB18-358: Vulnerability Summary for the Week of December 17, 2018

Original release date: December 24, 2018 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD...

Chinese Malicious Cyber Activity

Original release date: December 20, 2018The Department of Homeland Security (DHS) Cybersecurity and Infrastructure and Security Agency (CISA) released information on Chinese government malicious cyber activity targeting global information technology (IT) service providers—such as managed service providers and cloud...

Cisco Releases Security Updates

Original release date: December 19, 2018Cisco has released security updates to address a vulnerability in Adaptive Security Appliance. A remote attacker could exploit this vulnerability to take control of an affected system.The National Cybersecurity and Communications Integration Center (NCCIC),...

Microsoft Releases Security Updates

Original release date: December 19, 2018Microsoft has released security updates to address a vulnerability in Internet Explorer 9, 10, and 11. An attacker could exploit this vulnerability to take control of an affected system.The National Cybersecurity and Communications Integration...

AR18-352A: Quasar Open-Source Remote Administration Tool

Original release date: December 18, 2018Summary Quasar, a legitimate open-source remote administration tool (RAT), has been observed being used maliciously by Advanced Persistent Threat (APT) actors to facilitate network exploitation.This Analysis Report provides information on Quasar’s...

SB18-351: Vulnerability Summary for the Week of December 10, 2018

Original release date: December 17, 2018 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD...

Bomb Threats Emailed Around the World

Original release date: December 13, 2018The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Agency (CISA), is aware of a worldwide email campaign targeting businesses and organizations with bomb threats. The emails claim that...
ZDNet

Websites can steal browser data via extensions APIs

Researcher finds nearly 200 Chrome, Firefox, and Opera extensions vulnerable to attacks from malicious sites.
Security Affairs

6 Reasons We Need to Boost Cybersecurity Focus in 2019

Paying attention to cybersecurity is more important than ever in 2019. But, some companies are still unwilling to devote the necessary resources to securing their infrastructures against cyberattacks, and naive individuals think they’re immune to the tactics of cybercriminals,...
isBuzz

Fortnite Vulnerabilities Allow Hackers To Take Over Gamers’ Accounts, Data And In-Game Currency

Cybersecurity researchers today shared details of vulnerabilities that could have affected any player of the hugely popular online battle game, Fortnite. If exploited, the vulnerability would have given an attacker full access to a user’s account and their personal information  as well...

DNC Accuses Russia, ACLU Sues ICE, and More Security News This Week

Trump dominated security headlines this week, but there's plenty of other news to catch up on.
SecurityWeek

Bulgaria Extradites Russian Hacker to US: Embassy

Bulgaria has extradited a Russian indicted by a US court for mounting a complex hacking scheme to the United States, the Russian embassy in Washington said Saturday. read more