Saturday, January 16, 2021

NSA Releases Guidance on Encrypted DNS in Enterprise Environments  

Original release date: January 15, 2021The National Security Agency (NSA) has released an information sheet with guidance on adopting encrypted Domain Name System (DNS) over Hypertext Transfer Protocol over Transport Layer Security (HTTPS), referred to as DNS over HTTPS...

Apache Releases Security Advisory for Tomcat

Original release date: January 15, 2021The Apache Software Foundation has released a security advisory to address a vulnerability affecting multiple versions of Apache Tomcat. An attacker could exploit this vulnerability to obtain sensitive information.    CISA encourages users and administrators...

RCE Vulnerability Affecting Microsoft Defender

Original release date: January 14, 2021Microsoft has released a security advisory to address a remote code execution vulnerability, CVE-2021-1647, in Microsoft Defender. A remote attacker can exploit this vulnerability to take control of an affected system. This vulnerability was...

Cisco Releases Security Updates for Multiple Products

Original release date: January 14, 2021Cisco has released security updates to address vulnerabilities in Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities see...

Juniper Networks Releases Security Updates for Multiple Products

Original release date: January 14, 2021Juniper Networks has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to cause take control of an affected system. CISA encourages users and administrators to review...

Strengthening Security Configurations to Defend Against Attackers Targeting Cloud Services

Original release date: January 13, 2021Background These types of attacks frequently occurred when victim organizations’ employees worked remotely and used a mixture of corporate laptops and personal devices to access their respective cloud services. Despite the use of security tools,...

Attackers Exploit Poor Cyber Hygiene to Compromise Cloud Security Environments

Original release date: January 13, 2021CISA is aware of several recent successful cyberattacks against various organizations’ cloud services. Threat actors used a variety of tactics and techniques, including phishing and brute force logins, to attempt to exploit weaknesses in...

Microsoft Releases January 2021 Security Updates

Original release date: January 12, 2021Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s...

NSA Cybersecurity Directorate Releases 2020 Year in Review

Original release date: January 12, 2021The National Security Agency (NSA) Cybersecurity Directorate has released its 2020 Year in Review, outlining key milestones and mission outcomes achieved during NSA Cybersecurity’s first full year of existence. Highlights include NSA Cybersecurity’s contributions...

Mozilla Releases Security Update for Thunderbird

Original release date: January 12, 2021Mozilla has released a security update to address a vulnerability in Thunderbird. An attacker could exploit this vulnerability to take control of an affected system.   CISA encourages users and administrators to review the Mozilla...

Adobe Releases Security Updates for Multiple Products

Original release date: January 12, 2021Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the...

SAP Releases January 2021 Security Updates

Original release date: January 12, 2021SAP has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the SAP...

Microsoft Releases Security Updates for Edge

Original release date: January 11, 2021Microsoft has released a security update to address multiple vulnerabilities in Edge (Chromium-based). An attacker could exploit some of these vulnerabilities to take control of an affected system.   CISA encourages users and administrators to...

Vulnerability Summary for the Week of January 4, 2021

Original release date: January 11, 2021 The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated...

CISA Releases New Alert on Post-Compromise Threat Activity in Microsoft Cloud Environments and Tools to Help Detect This Activity

Original release date: January 8, 2021CISA has evidence of post-compromise advanced persistent threat (APT) activity in the cloud environment. Specifically, CISA has seen an APT actor using compromised applications in a victim’s Microsoft 365 (M365)/Azure environment and using additional...

Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments

Original release date: January 8, 2021This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. This Alert is a companion alert to AA20-252A: Advanced...

MS-ISAC Releases Cybersecurity Advisory on Zyxel Firewall and AP Controllers

Original release date: January 8, 2021The Multi-State Information Sharing and Analysis Center (MS-ISAC) has released an advisory on a vulnerability in Zyxel Firewall and AP Controllers. A remote attacker could exploit this vulnerability to take control of an affected...

MS-ISAC Releases Cybersecurity Advisory on Zyxel Firewalls and AP Controllers

Original release date: January 8, 2021The Multi-State Information Sharing and Analysis Center (MS-ISAC) has released an advisory on a vulnerability in Zyxel firewalls and AP controllers. A remote attacker could exploit this vulnerability to take control of an affected system. CISA...

Mozilla Releases Security Updates for Firefox, Firefox for Android, and Firefox ESR

Original release date: January 7, 2021Mozilla has released security updates to address a vulnerability in Firefox, Firefox for Android, and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system.   CISA encourages users and...

Google Releases Security Updates for Chrome

Original release date: January 7, 2021Google has released Chrome version 87.0.4280.141 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the...
The Hacker News

Joker's Stash, The Largest Carding Marketplace, Announces Shutdown

Joker's Stash, the largest dark web marketplace notorious for selling compromised payment card data, has announced plans to shut down its operations on February 15, 2021. In a message board post on a Russian-language underground cybercrime forum, the operator of...
ZDNet

Iconic BugTraq security mailing list shuts down after 27 years

BugTraq launched in November 1993 and it was one of the first mailing lists dedicated to disclosing vulnerabilities.

Weekly Update 226

Presently sponsored by: 1Password is a secure password manager and digital wallet that keeps you safe onlineA little bit of a change of pace this week with the video being solely on the events unfolding around removing content, people...
SC Magazine

FIN11 e-crime group shifted to CL0P ransomware and big game hunting

The financially motivated FIN11, which increasingly incorporated CL0P ransomware into their operations in 2020, appeared to rely on low-effort volume techniques like spamming malware for initial entry, but put a substantial amount of effort into each follow-up compromise. “Several...
ZDNet

Joker's Stash, the internet's largest carding forum, is shutting down

Joker's Stash to shut down on February 15, 2021.