1-855-474-1700 - Call Now to Speak to a Client Account Manager
1-855-474-1700

Cyber Security Updates


CISA Current Activity https://www.us-cert.gov/ncas/current-activity.xml A regularly updated summary of the most frequent, high-impact security incidents currently being reported to the US-CERT. en Building Resilience to Foreign Interference, Misinformation Activities https://www.us-cert.gov/ncas/current-activity/2019/07/22/building-resilience-foreign-interference-misinformation-activities Original release date: July 22, 2019<br/><p>As part of the effort to <a href="https://www.dhs.gov/cisa/protect2020">#Protect2020</a>, the Cybersecurity and Infrastructure Security Agency (CISA) is working with national partners to build resilience to foreign interferences, particularly information activities (e.g., disinformation, misinformation). The Department of Homeland Security (DHS) views foreign interference as malign actions taken by foreign governments or actors designed to sow discord, manipulate public discourse, discredit the electoral system, bias the development of policy, or disrupt markets for the purpose of undermining the interests of the United States and its allies.</p> <p>Responding to foreign interference requires a whole of society approach—CISA has made available the following <a href="https://www.dhs.gov/publication/foreign-interference">foreign interference resources</a> to #Protect2020:</p> <ul> <li><a href="https://www.dhs.gov/sites/default/files/publications/19_0717_cisa_the-war-on-pineapple-understanding-foreign-interference-in-5-steps_0.pdf">The War on Pineapple: Understanding Foreign Interference in 5 Steps</a></li> <li><a href="https://www.dhs.gov/sites/default/files/publications/19_0717_cisa_foreign-influence-taxonomy.pdf">Foreign Interference Taxonomy</a></li> <li><a href="https://www.dhs.gov/sites/default/files/publications/19_0717_cisa_social-media-bots-overview.pdf">Social Media Bots Overview</a></li> </ul> <div class="field field--name-body field--type-text-with-summary field--label-hidden field--item"><p class="privacy-and-terms">This product is provided subject to this <a href="https://www.us-cert.gov/privacy/notification">Notification</a> and this <a href="https://www.dhs.gov/privacy-policy">Privacy &amp; Use</a> policy.</p> </div> Tue, 23 Jul 2019 00:48:10 +0000 CISA 12607 at https://www.us-cert.gov 5G Wireless Network Risk Factors https://www.us-cert.gov/ncas/current-activity/2019/07/22/5g-wireless-network-risk-factors Original release date: July 22, 2019<br/><p>The Cybersecurity and Infrastructure Security Agency (CISA) has released an infographic on 5G wireless network risk factors. Although 5G technology will bring capacity, reliability, and security improvements, it may also introduce supply chain, deployment, network security, and competition and choice vulnerabilities. These vulnerabilities may affect the security and resilience of 5G networks.</p> <p>CISA encourages users and administrators to review the <a href="https://www.dhs.gov/publication/5g-infographic?topics=all">CISA 5G infographic</a> to better understand the risks associated with 5G wireless networks.</p> <div class="field field--name-body field--type-text-with-summary field--label-hidden field--item"><p class="privacy-and-terms">This product is provided subject to this <a href="https://www.us-cert.gov/privacy/notification">Notification</a> and this <a href="https://www.dhs.gov/privacy-policy">Privacy &amp; Use</a> policy.</p> </div> Mon, 22 Jul 2019 20:12:22 +0000 CISA 12604 at https://www.us-cert.gov Apple Releases Multiple Security Updates https://www.us-cert.gov/ncas/current-activity/2019/07/22/apple-releases-multiple-security-updates Original release date: July 22, 2019<br/><p>Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.</p> <p>The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates:</p> <ul> <li><a href="https://support.apple.com/en-us/HT210346">iOS 12.4</a></li> <li><a href="https://support.apple.com/en-us/HT210351">tvOS 12.4 </a></li> <li><a href="https://support.apple.com/en-us/HT210355">Safari 12.1.2</a></li> <li><a href="https://support.apple.com/en-us/HT210348">macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra</a></li> <li><a href="https://support.apple.com/en-us/HT210353">watchOS 5.3</a></li> </ul> <div class="field field--name-body field--type-text-with-summary field--label-hidden field--item"><p class="privacy-and-terms">This product is provided subject to this <a href="https://www.us-cert.gov/privacy/notification">Notification</a> and this <a href="https://www.dhs.gov/privacy-policy">Privacy &amp; Use</a> policy.</p> </div> Mon, 22 Jul 2019 19:47:07 +0000 CISA 12601 at https://www.us-cert.gov Canadian Centre for Cyber Security Releases Advisory on Fileless Malware https://www.us-cert.gov/ncas/current-activity/2019/07/18/canadian-centre-cyber-security-releases-advisory-fileless-malware Original release date: July 18, 2019<br/><p>The Canadian Centre for Cyber Security (CCCS) has released an advisory on an Astaroth fileless malware campaign affecting Microsoft Windows. Astaroth resides solely in memory, and an attacker can use it and other fileless malware to steal information, such as credentials and keystrokes, and obtain other sensitive data.<br /> &nbsp;<br /> The Cybersecurity and Infrastructure Security Agency (CISA) encourages administrators to review CCCS’s <a href="https://cyber.gc.ca/en/alerts/fileless-malware-advisory">Fileless Malware Advisory</a> for potential infection vectors and recommended mitigations and refer to CISA’s Tip on <a href="https://www.us-cert.gov/ncas/tips/ST18-271">Protecting Against Malicious Code</a>.<br /> &nbsp;</p> <div class="field field--name-body field--type-text-with-summary field--label-hidden field--item"><p class="privacy-and-terms">This product is provided subject to this <a href="https://www.us-cert.gov/privacy/notification">Notification</a> and this <a href="https://www.dhs.gov/privacy-policy">Privacy &amp; Use</a> policy.</p> </div> Fri, 19 Jul 2019 00:57:46 +0000 CISA 12592 at https://www.us-cert.gov WaterISAC Releases Cybersecurity Fundamentals https://www.us-cert.gov/ncas/current-activity/2019/07/17/waterisac-releases-cybersecurity-fundamentals Original release date: July 17, 2019<br/><p>The Water Information Sharing and Analysis Center (WaterISAC) recently released an updated cybersecurity fundamentals guide for water and wastewater utilities. The guide includes cybersecurity best practices, grouped into 15 categories, to help sector utilities reduce exploitable weaknesses and attacks. WaterISAC is a CISA partner focused on protecting Water and Wastewater Systems Sector utilities from all hazards.</p> <p>The Cybersecurity and Infrastructure Security Agency (CISA) encourages sector utilities and critical infrastructure owners and operators to review WaterISAC's <a href="https://www.waterisac.org/fundamentals">15 Cybersecurity Fundamentals for Water and Wastewater Utilities</a> for more information.</p> <div class="field field--name-body field--type-text-with-summary field--label-hidden field--item"><p class="privacy-and-terms">This product is provided subject to this <a href="https://www.us-cert.gov/privacy/notification">Notification</a> and this <a href="https://www.dhs.gov/privacy-policy">Privacy &amp; Use</a> policy.</p> </div> Thu, 18 Jul 2019 01:10:44 +0000 CISA 12589 at https://www.us-cert.gov Drupal Releases Security Update https://www.us-cert.gov/ncas/current-activity/2019/07/17/drupal-releases-security-update Original release date: July 17, 2019<br/><p>Drupal has released a security update to address a vulnerability in Drupal Core. An attacker could exploit this vulnerability to take control of an affected website.</p> <p>The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Drupal’s security advisory <a href="https://www.drupal.org/sa-core-2019-008">SA-CORE-2019-008</a> and apply the necessary update.<br /> &nbsp;</p> <div class="field field--name-body field--type-text-with-summary field--label-hidden field--item"><p class="privacy-and-terms">This product is provided subject to this <a href="https://www.us-cert.gov/privacy/notification">Notification</a> and this <a href="https://www.dhs.gov/privacy-policy">Privacy &amp; Use</a> policy.</p> </div> Wed, 17 Jul 2019 19:20:29 +0000 CISA 12587 at https://www.us-cert.gov Cisco Releases Security Updates for Multiple Products https://www.us-cert.gov/ncas/current-activity/2019/07/17/cisco-releases-security-updates-multiple-products Original release date: July 17, 2019<br/><p>Cisco has released security updates to address vulnerabilities in <a href="https://tools.cisco.com/security/center/publicationListing.x">multiple Cisco products</a>. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.</p> <p>The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following advisories and apply the necessary updates:</p> <ul> <li>Cisco Vision Dynamic Signage Director REST API Authentication Bypass Vulnerability <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190717-cvdsd-wmauth">cisco-sa-20190717-cvdsd-wmauth</a></li> <li>FindIT Network Management Software Static Credentials Vulnerability <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190717-cfnm-statcred">cisco-sa-20190717-cfnm-statcred</a></li> <li>IOS Access Points Software 802.11r Fast Transition Denial-of-Service Vulnerability <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190717-aironet-dos">cisco-sa-20190717-aironet-dos</a></li> </ul> <div class="field field--name-body field--type-text-with-summary field--label-hidden field--item"><p class="privacy-and-terms">This product is provided subject to this <a href="https://www.us-cert.gov/privacy/notification">Notification</a> and this <a href="https://www.dhs.gov/privacy-policy">Privacy &amp; Use</a> policy.</p> </div> Wed, 17 Jul 2019 19:15:43 +0000 CISA 12584 at https://www.us-cert.gov NCSC Releases 2019 Active Cyber Defence Report https://www.us-cert.gov/ncas/current-activity/2019/07/16/ncsc-releases-2019-active-cyber-defence-report Original release date: July 16, 2019<br/><p>The United Kingdom’s National Cyber Security Centre (NCSC) has released their 2019 Active Cyber Defence (ACD) report, which provides an analysis of program outcomes throughout 2018. NCSC’s ACD program—stood up in 2016—seeks to reduce harm from commodity cyberattacks against the United Kingdom.</p> <p>The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review <a href="https://www.ncsc.gov.uk/report/active-cyber-defence-report-2019">NCSC’s report</a> for more information.</p> <div class="field field--name-body field--type-text-with-summary field--label-hidden field--item"><p class="privacy-and-terms">This product is provided subject to this <a href="https://www.us-cert.gov/privacy/notification">Notification</a> and this <a href="https://www.dhs.gov/privacy-policy">Privacy &amp; Use</a> policy.</p> </div> Wed, 17 Jul 2019 00:27:19 +0000 CISA 12582 at https://www.us-cert.gov Microsoft Releases Security Updates for PowerShell Core https://www.us-cert.gov/ncas/current-activity/2019/07/16/microsoft-releases-security-updates-powershell-core Original release date: July 16, 2019<br/><p>Microsoft has released updates to address a vulnerability in PowerShell Core versions 6.1 and 6.2. An attacker could exploit this vulnerability to take control of an affected system.</p> <p>The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the <a href="https://github.com/PowerShell/PowerShell/security/advisories/GHSA-5frh-8cmj-gc59">Microsoft Security Advisory</a> and apply the necessary updates.</p> <div class="field field--name-body field--type-text-with-summary field--label-hidden field--item"><p class="privacy-and-terms">This product is provided subject to this <a href="https://www.us-cert.gov/privacy/notification">Notification</a> and this <a href="https://www.dhs.gov/privacy-policy">Privacy &amp; Use</a> policy.</p> </div> Tue, 16 Jul 2019 23:25:42 +0000 CISA 12581 at https://www.us-cert.gov Oracle Releases July 2019 Security Bulletin https://www.us-cert.gov/ncas/current-activity/2019/07/16/oracle-releases-july-2019-security-bulletin Original release date: July 16, 2019<br/><p>Oracle has released its Critical Patch Update for July 2019 to address 319 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.</p> <p>The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Oracle <a href="https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html">July 2019 Critical Patch Update </a>and apply the necessary updates.</p> <div class="field field--name-body field--type-text-with-summary field--label-hidden field--item"><p class="privacy-and-terms">This product is provided subject to this <a href="https://www.us-cert.gov/privacy/notification">Notification</a> and this <a href="https://www.dhs.gov/privacy-policy">Privacy &amp; Use</a> policy.</p> </div> Tue, 16 Jul 2019 23:12:05 +0000 CISA 12580 at https://www.us-cert.gov