1-855-474-1700 - Call Now to Speak to a Client Account Manager
1-855-474-1700

Cyber Security Updates


US-CERT Current Activity https://www.us-cert.gov/ncas/current-activity.xml A regularly updated summary of the most frequent, high-impact security incidents currently being reported to the US-CERT. en Microsoft Releases November 2018 Security Updates https://www.us-cert.gov/ncas/current-activity/2018/11/13/Microsoft-Releases-November-2018-Security-Updates

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review Microsoft’s November 2018 Security Update Summary and Deployment Information and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.


]]>
Tue, 13 Nov 2018 23:24:13 +0000 US-CERT 11862 at https://www.us-cert.gov
Adobe Releases Security Updates https://www.us-cert.gov/ncas/current-activity/2018/11/13/Adobe-Releases-Security-Updates

Adobe has released security updates to address vulnerabilities in Flash Player, Adobe Acrobat and Reader, and Adobe Photoshop CC. An attacker could exploit these vulnerabilities to obtain access to sensitive information.

NCCIC encourages users and administrators to review Adobe Security Bulletins APSB18-39, APSB18-40, and APSB18-43 and apply the necessary updates.

 


This product is provided subject to this Notification and this Privacy & Use policy.


]]>
Tue, 13 Nov 2018 17:40:16 +0000 US-CERT 11861 at https://www.us-cert.gov
VMware Releases Security Updates https://www.us-cert.gov/ncas/current-activity/2018/11/09/VMware-Releases-Security-Updates

VMware has released security updates to address vulnerabilities in ESXi, Workstation, and Fusion. An attacker could exploit these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review the VMware Security Advisory VMSA-2018-0027 and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.


]]>
Fri, 09 Nov 2018 18:59:56 +0000 US-CERT 11853 at https://www.us-cert.gov
NCCIC Releases Analysis Report on JexBoss https://www.us-cert.gov/ncas/current-activity/2018/11/08/NCCIC-Releases-Analysis-Report-JexBoss

NCCIC has released Analysis Report (AR) AR18-312A: JexBoss - JBoss Verify and EXploitation Tool. Cyber threat actors use JexBoss to remotely access victims' systems. The report provides information on JexBoss' capabilities, as well as suggestions for detection and mitigation.

NCCIC encourages users and administrators to review AR18-312A for more information.


This product is provided subject to this Notification and this Privacy & Use policy.


]]>
Thu, 08 Nov 2018 20:43:05 +0000 US-CERT 11850 at https://www.us-cert.gov
Cisco Releases Security Updates https://www.us-cert.gov/ncas/current-activity/2018/11/07/Cisco-Releases-Security-Updates

Cisco has released security updates to address vulnerabilities affecting Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:


This product is provided subject to this Notification and this Privacy & Use policy.


]]>
Wed, 07 Nov 2018 17:42:46 +0000 US-CERT 11845 at https://www.us-cert.gov
Self-Encrypting Solid-State Drive Vulnerabilities https://www.us-cert.gov/ncas/current-activity/2018/11/06/Self-Encrypting-Solid-State-Drive-Vulnerabilities

NCCIC is aware of reports of vulnerabilities in the hardware encryption of certain self-encrypting solid-state drives. An attacker could exploit these vulnerabilities to obtain access to sensitive information.

NCCIC encourages users and administrators to review Vulnerability Note VU# 395981, Microsoft's Security Advisory ADV180028, and Samsung's Customer Notice regarding Samsung SSDs for more information and refer to vendors for appropriate patches and recommendations, when available.


This product is provided subject to this Notification and this Privacy & Use policy.


]]>
Wed, 07 Nov 2018 00:17:34 +0000 US-CERT 11844 at https://www.us-cert.gov
Apache Releases Security Advisory for Apache Struts https://www.us-cert.gov/ncas/current-activity/2018/11/05/Apache-Releases-Security-Advisory-Apache-Struts

The Apache Software Foundation has released an advisory to address a vulnerable commons-fileupload library used in Apache Struts versions 2.3.36 and prior. A remote attacker could exploit this vulnerability to take control of an affected system. Struts versions from 2.5.12 are not affected.

NCCIC encourages users and administrators of Apache Struts versions 2.3.36 and prior to review the Apache security advisory for CVE-2016-1000031 and upgrade to the latest released version of Commons FileUpload library, which is currently 1.3.3.


This product is provided subject to this Notification and this Privacy & Use policy.


]]>
Mon, 05 Nov 2018 19:34:10 +0000 US-CERT 11837 at https://www.us-cert.gov
Cisco Releases Security Advisory https://www.us-cert.gov/ncas/current-activity/2018/11/01/Cisco-Releases-Security-Advisory

Cisco has released a security advisory to address a vulnerability affecting Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software. A remote attacker could exploit this vulnerability to cause a denial-of-service condition.

NCCIC encourages users and administrators to review the Cisco Security Advisory and the CERT Coordination Center's Vulnerability Note VU# 339704 and apply the necessary mitigations until patches are made available. 


This product is provided subject to this Notification and this Privacy & Use policy.


]]>
Thu, 01 Nov 2018 23:43:15 +0000 US-CERT 11822 at https://www.us-cert.gov
November is National Critical Infrastructure Security and Resilience Month https://www.us-cert.gov/ncas/current-activity/2018/11/01/November-National-Critical-Infrastructure-Security-and-Resilience

November is National Critical Infrastructure Security and Resilience Month. Critical Infrastructure (CI) is our Nation’s backbone; it is the physical and cyber systems and assets that are so vital to the United States that their incapacity or destruction would have a debilitating impact on our physical or economic security or public health or safety.

Everyone is involved in the mission to protect CI. Users and administrators can help by using cybersecurity best practices, reporting cybersecurity incidents and phishing attempts, and submitting malware for review. Keeping your systems secured can help NCCIC identify cyber threats and inform the CI community.

NCCIC encourages CI owners and operators to review the DHS CI resource page for information on available resources and training. NCCIC also encourages CI owners and operators to visit the Critical Infrastructure Cyber Community Voluntary Program (C3VP) page for information on the C3VP program. 


This product is provided subject to this Notification and this Privacy & Use policy.


]]>
Thu, 01 Nov 2018 11:03:56 +0000 US-CERT 11817 at https://www.us-cert.gov
Mozilla Releases Security Update for Thunderbird ESR https://www.us-cert.gov/ncas/current-activity/2018/10/31/Mozilla-Releases-Security-Update-Thunderbird-ESR

Mozilla has released a security update to address vulnerabilities in Thunderbird ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review the Mozilla Security Advisory for Thunderbird ESR 60.3 and apply the necessary update.


This product is provided subject to this Notification and this Privacy & Use policy.


]]>
Thu, 01 Nov 2018 01:07:09 +0000 US-CERT 11814 at https://www.us-cert.gov