VMware Releases Security Updates for Workstation, Fusion

Original release date: January 11, 2018 VMware has released security updates to address vulnerabilities in VMware Workstation and Fusion. An attacker could exploit these vulnerabilities to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review the VMware Security Advisory VMSA-2018-0005 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy. Source: https://www.us-cert.gov

January 12, 2018
Read More >>

Juniper Networks Releases Security Updates

Original release date: January 11, 2018 Juniper Networks has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review the following Juniper Security Advisories and apply necessary updates: ScreenOS: Etherleak vulnerability found on ScreenOS device (CVE-2018-0014) Junos Space Security Director and Log Collector: Multiple vulnerabilities resolved in 17.2R1 release…

January 11, 2018
Read More >>

Microsoft Releases January 2018 Security Updates

Original release date: January 09, 2018 Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review Microsoft’s January 2018 Security Update Summary and Deployment Information and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy. Source: https://www.us-cert.gov

January 10, 2018
Read More >>

Adobe Releases Security Updates for Flash Player

Original release date: January 09, 2018 Adobe has released security updates to address a vulnerability in Flash Player. A remote attacker could exploit this vulnerability to obtain sensitive information.                  NCCIC/US-CERT encourages users and administrators to review Adobe Security Bulletin APSB18-01 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy. Source: https://www.us-cert.gov

January 10, 2018
Read More >>

MS-ISAC Releases Advisory on PHP Vulnerabilities

Original release date: January 09, 2018 The Multi-State Information Sharing & Analysis Center (MS-ISAC) has released an advisory on multiple Hypertext Preprocessor (PHP) vulnerabilities. An attacker could exploit one of these vulnerabilities to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review MS-ISAC Advisory 2018-003 and the PHP Downloads page and apply the necessary updates. This product is provided subject to this Notification and this Privacy…

January 9, 2018
Read More >>

Meltdown and Spectre Side-Channel Vulnerabilities

Original release date: January 03, 2018 US-CERT is aware of a set of security vulnerabilities—known as Meltdown and Spectre—that affect modern computer processors. Exploitation of these vulnerabilities could allow an attacker to obtain access to sensitive information. Users and administrators are encouraged to review Vulnerability Note VU#584653, Microsoft’s Advisory, and Mozilla’s blog post for additional information and refer to their OS vendor for appropriate patches. US-CERT is not aware of any…

January 4, 2018
Read More >>

Mozilla Releases Security Update for Thunderbird

Original release date: December 25, 2017 Mozilla has released a security update to address multiple vulnerabilities in Thunderbird. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review the Mozilla Security Advisory for Thunderbird 52.5.2 and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy. Source: https://www.us-cert.gov

December 26, 2017
Read More >>

North Korean Malicious Cyber Activity

Original release date: December 21, 2017 The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have identified Trojan malware variants—referred to as BANKSHOT—used by the North Korean government. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA. US-CERT encourages users and administrators to review Malware Analysis Report (MAR) 10135536-B and the US-CERT page on HIDDEN COBRA – North Korean…

December 21, 2017
Read More >>

Apple Releases Security Updates for iOS and tvOS

Original release date: December 13, 2017 Apple has released security updates to address a HomeKit vulnerability in iOS and tvOS. A remote attacker could exploit this vulnerability to take control of affected HomeKit-connected devices. US-CERT encourages users and administrators to review Apple security pages for iOS 11.2.1 and tvOS 11.2.1 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy. Source:…

December 14, 2017
Read More >>

Transport Layer Security (TLS) Vulnerability

Original release date: December 13, 2017 CERT Coordination Center (CERT/CC) has released information on a Transport Layer Security (TLS) vulnerability. Exploitation of this vulnerability could allow an attacker to access sensitive information. The TLS vulnerability is also known as Return of Bleichenbacher’s Oracle Threat (ROBOT). ROBOT allows an attacker to obtain the RSA key necessary to decrypt TLS traffic under certain conditions. Mitigations include installing updates to affected products as…

December 13, 2017
Read More >>