NIST Releases Report on Managing IoT Risks

The National Institute of Standards and Technology (NIST) has released the Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks report. The publication—the first in a planned series on IoT—aims to help federal agencies and other organizations manage the cybersecurity and privacy risks associated with individual IoT devices. The Cybersecurity and Infrastructure Security Agency (CISA) encourages information security and privacy practitioners to review NISTIR 8228 for more information…

June 27, 2019
Read More >>

Cisco Releases Security Updates for Data Center Network Manager

Cisco has released security updates to address vulnerabilities in Cisco Data Center Network Manager (DCNM). A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following advisories and apply the necessary updates: Source: https://www.us-cert.gov

June 26, 2019
Read More >>

CISA Statement on Iranian Cybersecurity Threats

Cybersecurity and Infrastructure Security Agency (CISA) Director Christopher C. Krebs has released a statement in response to the recent rise in malicious cyber activity—including spear phishing and brute force attacks—by Iranian regime actors and proxies. CISA encourages users and administrators to review the CISA Statement on Iranian Cybersecurity Threats and tips and best practices for staying safe online, including the following: •    Avoiding Social Engineering and Phishing Attacks•    Password Spraying…

June 24, 2019
Read More >>

Dell Releases Security Advisory for Dell SupportAssist

Original release date: June 21, 2019 Dell has released a security advisory to address a vulnerability in Dell SupportAssist software. An attacker could exploit this vulnerability to access sensitive information. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Dell Security Advisory DSA-2019-084 and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy. Source: https://www.us-cert.gov

June 21, 2019
Read More >>

Apache Releases Security Advisory for Apache Tomcat

Original release date: June 20, 2019 Apache has released a security advisory to address a vulnerability in Apache Tomcat. An attacker could exploit this vulnerability to cause a denial-of-service condition. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apache security advisory for CVE-2019-10072 and upgrade to the appropriate version. This product is provided subject to this Notification and this Privacy & Use policy. Source:…

June 21, 2019
Read More >>

Apple Releases Security Updates for AirPort 802.11n Wi-Fi Base Stations

Original release date: June 20, 2019 Apple releases security updates to address vulnerabilities in AirPort Express, AirPort Extreme, and AirPort Time Capsule wireless routers with 802.11n. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourage users and administrators to review the Apple security page for AirPort Base Station Firmware Update 7.8.1 and apply the necessary…

June 21, 2019
Read More >>

Multiple Vulnerabilities Affecting Linux, FreeBSD Kernels

Original release date: June 20, 2019 The CERT Coordination Center (CERT/CC) has released information on TCP networking vulnerabilities affecting Linux and FreeBSD kernels. A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review CERT/CC Vulnerability Note VU#905115 for more information and refer to vendors for updates. This product is provided subject to this Notification and this…

June 21, 2019
Read More >>

Microsoft Releases Outlook for Android Security Update

Original release date: June 20, 2019 Microsoft has released an update to address a vulnerability in Outlook for Android. An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Microsoft Security Advisory and apply the necessary update.  This product is provided subject to this Notification and this Privacy & Use policy. Source: https://www.us-cert.gov

June 21, 2019
Read More >>

Oracle Releases Security Advisory for WebLogic

Original release date: June 19, 2019 Oracle has released a security alert to address a vulnerability in WebLogic. A remote attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Oracle Security Alert and apply the necessary updates. This product is provided subject to this…

June 19, 2019
Read More >>

DHS Email Phishing Scam

Original release date: June 18, 2019 The Cybersecurity and Infrastructure Security Agency (CISA) is aware of an email phishing scam that tricks users into clicking on malicious attachments that look like legitimate Department of Homeland Security (DHS) notifications. The email campaign uses a spoofed email address to appear like a National Cyber Awareness System (NCAS) alert and lure targeted recipients into downloading malware through a malicious attachment. CISA encourages users…

June 19, 2019
Read More >>