Saturday, July 20, 2019

Canadian Centre for Cyber Security Releases Advisory on Fileless Malware

Original release date: July 18, 2019The Canadian Centre for Cyber Security (CCCS) has released an advisory on an Astaroth fileless malware campaign affecting Microsoft Windows. Astaroth resides solely in memory, and an attacker can use it and other fileless...

WaterISAC Releases Cybersecurity Fundamentals

Original release date: July 17, 2019The Water Information Sharing and Analysis Center (WaterISAC) recently released an updated cybersecurity fundamentals guide for water and wastewater utilities. The guide includes cybersecurity best practices, grouped into 15 categories, to help sector utilities...

Drupal Releases Security Update

Original release date: July 17, 2019Drupal has released a security update to address a vulnerability in Drupal Core. An attacker could exploit this vulnerability to take control of an affected website. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users...

NCSC Releases 2019 Active Cyber Defence Report

Original release date: July 16, 2019The United Kingdom’s National Cyber Security Centre (NCSC) has released their 2019 Active Cyber Defence (ACD) report, which provides an analysis of program outcomes throughout 2018. NCSC’s ACD program—stood up in 2016—seeks to reduce...

Microsoft Releases Security Updates for PowerShell Core

Original release date: July 16, 2019Microsoft has released updates to address a vulnerability in PowerShell Core versions 6.1 and 6.2. An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA)...

Oracle Releases July 2019 Security Bulletin

Original release date: July 16, 2019Oracle has released its Critical Patch Update for July 2019 to address 319 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity...

DHS Webinar: Cybersecurity Threats to the Healthcare Sector

Original release date: July 16, 2019The Department of Homeland Security (DHS) and the American Hospital Association (AHA) are conducting a webinar focused on current cybersecurity threats to the healthcare sector. The webinar will be held on Wednesday, July 17,...

IRS Releases Six Cybersecurity Safeguards

Original release date: July 16, 2019The Internal Revenue Service (IRS) has issued a news release outlining six cybersecurity safeguards to protect computers, email, and sensitive data. The recommendations are part of the Taxes. Security. Together. Checklist, which the IRS...

Google Releases Security Updates for Chrome

Original release date: July 15, 2019Google has released Chrome 75.0.3770.142 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker can exploit to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages...

Vulnerability Summary for the Week of July 8, 2019

Original release date: July 15, 2019  The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit the NIST NVD...

NCSC Releases Advisory on Ongoing DNS Hijacking Campaign

Original release date: July 12, 2019The United Kingdom’s National Cyber Security Centre (NCSC) has released an advisory about an ongoing Domain Name System (DNS) hijacking campaign. The advisory details risks and mitigations for organizations to defend against this campaign,...

Atlassian Releases Security Updates for Jira

Original release date: July 11, 2019Atlassian has released security updates to address a vulnerability affecting Jira Server and Jira Data Center. A remote attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security...

Juniper Networks Releases Multiple Security Updates

Original release date: July 10, 2019Juniper Networks has released security updates to address multiple vulnerabilities in various products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency...

Microsoft Releases July 2019 Security Updates

Original release date: July 9, 2019Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages...

Intel Releases Security Updates

Original release date: July 9, 2019<br/><p>Intel has released security updates to address vulnerabilities in Intel Solid State Drives for Data Centers and Intel Processor Diagnostic Tool. An attacker could exploit these vulnerabilities to gain an escalation of privileges on...

Adobe Releases Security Updates

Original release date: July 9, 2019Adobe has released security updates to address vulnerabilities affecting Bridge CC, Experience Manager, and Dreamweaver. An attacker could exploit one of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security...

Privacy and Mobile Device Apps

Original release date: July 9, 2019What are the risks associated with mobile device apps? Applications (apps) on your smartphone or other mobile devices can be convenient tools to access the news, get directions, pick up a ride share, or play...

U.S. Coast Guard Releases Cybersecurity Measures for Commercial Vessels

Original release date: July 8, 2019The U.S. Coast Guard has released a Safety Alert with recommended cybersecurity best practices for commercial vessels. With a dynamic cybersecurity threat landscape and growing reliance on technology to support vessels, the maritime community...

Vulnerability Summary for the Week of July 1, 2019

Original release date: July 8, 2019The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the bulletin may not yet...

ACSC Releases Updated Essential Eight Maturity Model

Original release date: July 5, 2019The Australian Cyber Security Centre (ACSC) has released updates to its Essential Eight Maturity Model. The model assists organizations in determining the maturity of their implementation of the Essential Eight—ACSC’s list of the top...

Cisco Patches Critical Flaw in Vision Dynamic Signage Director

Cisco this week released a security patch for the Vision Dynamic Signage Director, to address a Critical vulnerability that could allow attackers to execute arbitrary actions on the local system.  Tracked as CVE-2019-1917, the vulnerability was found in the REST...

The Great Hack: the film that goes behind the scenes of the Facebook data scandal

This week, a Netflix documentary on Cambridge Analytica sheds light on one of the most complex scandals of our time. Carole Cadwalladr, who broke the story and appears in the film, looks at the fallout – and finds ‘surveillance...
SecurityWeek

Scotland Yard Twitter and Emails Hacked

London's Metropolitan Police apologised Saturday after its Twitter, emails and news pages were targeted by hackers and began pumping out a series of bizarre messages. read more

Browser Extensions Scraped Data From Millions of People

Slack passwords, NSO spyware, and more of the week's top security news.
ZDNet

Hackers breach FSB contractor, expose Tor deanonymization project and more

SyTech, the hacked company, was working on research projects for the FSB, Russia's intelligence service.