Saturday, November 17, 2018

Microsoft Releases November 2018 Security Updates

Original release date: November 13, 2018Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.NCCIC encourages users and administrators to review Microsoft’s...

Adobe Releases Security Updates

Original release date: November 13, 2018Adobe has released security updates to address vulnerabilities in Flash Player, Adobe Acrobat and Reader, and Adobe Photoshop CC. An attacker could exploit these vulnerabilities to obtain access to sensitive information.NCCIC encourages users and...

SB18-316: Vulnerability Summary for the Week of November 5, 2018

Original release date: November 12, 2018 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD...

VMware Releases Security Updates

Original release date: November 09, 2018VMware has released security updates to address vulnerabilities in ESXi, Workstation, and Fusion. An attacker could exploit these vulnerabilities to take control of an affected system.NCCIC encourages users and administrators to review the VMware...

NCCIC Releases Analysis Report on JexBoss

Original release date: November 08, 2018NCCIC has released Analysis Report (AR) AR18-312A: JexBoss - JBoss Verify and EXploitation Tool. Cyber threat actors use JexBoss to remotely access victims' systems. The report provides information on JexBoss' capabilities, as well as...

AR18-312A: JexBoss – JBoss Verify and EXploitation Tool

Original release date: November 08, 2018Summary JBoss Verify and EXploitation tool (JexBoss) is an open-source tool used by cybersecurity hunt teams (sometimes referred to as “red teams”) and auditors to conduct authorized security assessments. Threat actors...

Cisco Releases Security Updates

Original release date: November 07, 2018Cisco has released security updates to address vulnerabilities affecting Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system.NCCIC encourages users and administrators to review the following...

Self-Encrypting Solid-State Drive Vulnerabilities

Original release date: November 06, 2018NCCIC is aware of reports of vulnerabilities in the hardware encryption of certain self-encrypting solid-state drives. An attacker could exploit these vulnerabilities to obtain access to sensitive information.NCCIC encourages users and administrators to review...

Apache Releases Security Advisory for Apache Struts

Original release date: November 05, 2018The Apache Software Foundation has released an advisory to address a vulnerable commons-fileupload library used in Apache Struts versions 2.3.36 and prior. A remote attacker could exploit this vulnerability to take control of an...

SB18-309: Vulnerability Summary for the Week of October 29, 2018

Original release date: November 05, 2018 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD...

Cisco Releases Security Advisory

Original release date: November 01, 2018Cisco has released a security advisory to address a vulnerability affecting Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software. A remote attacker could exploit this vulnerability to cause a denial-of-service condition.NCCIC...

ST18-006: Website Security

Original release date: November 01, 2018 What is website security?Website security refers to the protection of personal and organizational public-facing websites from cyberattacks.Why should I care about website security?Cyberattacks against public-facing websites—regardless of size—are common. An attack to your website...

November is National Critical Infrastructure Security and Resilience Month

Original release date: November 01, 2018November is National Critical Infrastructure Security and Resilience Month. Critical Infrastructure (CI) is our Nation’s backbone; it is the physical and cyber systems and assets that are so vital to the United States that...

Mozilla Releases Security Update for Thunderbird ESR

Original release date: October 31, 2018Mozilla has released a security update to address vulnerabilities in Thunderbird ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system.NCCIC encourages users and administrators to review the...

Apache Releases Security Update for Apache Tomcat JK Connectors

Original release date: October 31, 2018The Apache Software Foundation has released a security update to address a vulnerability affecting Apache Tomcat JK Connectors 1.2.0 to 1.2.44. A remote attacker could exploit this vulnerability to obtain access to sensitive information.NCCIC...

Apple Releases Multiple Security Updates

Original release date: October 30, 2018Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.NCCIC encourages users and administrators to review the...

ST18-005: Proper Disposal of Electronic Devices

Original release date: October 30, 2018 Why is it important to dispose of electronic devices safely?In addition to effectively securing sensitive information on electronic devices, it is important to follow best practices for electronic device disposal. Computers, smartphones, and cameras...

National Cybersecurity Awareness Month: Staying Secure

Original release date: October 30, 2018National Cybersecurity Awareness Month is over, but your work securing your home and business systems and networks is not.NCCIC recommends users and administrators subscribe to NCCIC National Cyber Awareness System product notifications to keep...

18-005: Proper Disposal of Electronic Devices

Original release date: October 29, 2018 Why is it important to dispose of electronic devices safely?In addition to effectively securing sensitive information on electronic devices, it is important to follow best practices for electronic device disposal. Computers, smartphones, and cameras...

SB18-302: Vulnerability Summary for the Week of October 22, 2018

Original release date: October 29, 2018 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD...
SC Magazine

Instagram flaw exposes user passwords

A security flaw in Instagram’s recently released “Download Your Data” tool could have exposed some user passwords, the company reportedly told users. The tool, revealed by Instagram right before the GDPR regulation went into effect, is designed to let users...

Julian Assange Charges, Japan’s Top Cybersecurity Official, and More Security News This Week

Safer browsing, more bitcoin scams, and the rest of the week's top security news.
The Register

SMS 2FA database leak drama, MageCart mishaps, Black Friday badware, and more

Plus, why is Kaspersky Lab getting into chess? Roundup  What a week it has been: we had the creation of a new government agency, a meltdown flashback, and of course, Patch Tuesday.…
TechRepublic

Is retaining a cybersecurity attorney a good idea for your business?

Cybersecurity is so complicated that businesses, large and small, are retaining legal counsel specializing in security. Learn two more steps businesses should take before a cyberattack hits.

Machine Learning Can Create Fake ‘Master Key’ Fingerprints

Researchers have refined a technique to create so-called DeepMasterPrints, fake fingerprints designed to get past security.