Current high-impact types of security incidents

  • Cisco Releases Security Updates
    by CISA on February 20, 2020 at 3:55 pm

    Original release date: February 20, 2020Cisco has released security updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Cisco advisories and apply the necessary updates: Smart Software Manager On-Prem Static Credential Vulnerability cisco-sa-on-prem-static-cred-sL8rDs8 Unified Contact Center Express Privilege Escalation Vulnerability cisco-sa-uccx-privesc-Zd7bvwyf Multiple Cisco UCS-Based Products UEFI Secure Boot Bypass Vulnerability cisco-sa-20200219-ucs-boot-bypass Email Security Appliance and Content Security Management Appliance Denial-of-Service Vulnerability cisco-sa-20200219-esa-sma-dos Email Security Appliance Denial-of-Service Vulnerability cisco-sa-20200219-esa-dos Data Center Network Manager Privilege Escalation Vulnerability cisco-sa-20200219-dcnm-priv-esc Data Center Network Manager Cross-Site Request Forgery Vulnerability cisco-sa-20200219-dcnm-csrf This product is provided subject to this Notification and this Privacy & Use policy.

  • Adobe Releases Security Updates for After Effects and Media Encoder
    by CISA on February 20, 2020 at 3:42 pm

    Original release date: February 20, 2020Adobe has released security updates to address vulnerabilities in After Effects and Media Encoder. An attacker could exploit these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Adobe Security Bulletins APSB20-09 and APSB20-10 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

  • VMware Releases Security Updates for vRealize Operations for Horizon Adapter
    by CISA on February 19, 2020 at 6:30 pm

    Original release date: February 19, 2020VMware has released security updates to address multiple vulnerabilities in vRealize Operations for Horizon Adapter. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review VMware Security Advisory VMSA-2020-0003 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

  • Be Cautious of Romance Scams
    by CISA on February 14, 2020 at 3:39 pm

    Original release date: February 14, 2020This Valentine’s Day, the Cybersecurity and Infrastructure Security Agency (CISA) reminds users to be wary of internet romance scams. Cyber criminals partaking in this type of fraud target victims, gain their confidence, and convince them to transfer funds. When online dating, use caution and never send gifts or money to someone you have not met in person. CISA encourages online daters to review the Federal Trade Commission’s alert It’s not true love if they ask for money and watch the FTC video Online Romance Imposter Scams. For more information review CISA’s Tip on Staying Safe on Social Networking Sites. If you believe you have been a victim of a romance scam, file a report with: The online dating site, The Federal Trade Commission, and The Federal Bureau of Investigation's Internet Crime Complaint Center. This product is provided subject to this Notification and this Privacy & Use policy.

  • North Korean Malicious Cyber Activity
    by CISA on February 14, 2020 at 12:40 pm

    Original release date: February 14, 2020The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Defense (DoD) have identified the following malware variants used by the North Korean government. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA. HOPLIGHT (update) BISTROMATH SLICKSHOES HOTCROISSANT ARTFULPIE BUFFETLINE CROWDEDFLOUNDER CISA encourages users and administrators to review the Malware Analysis Reports for each malware variant listed above and the North Korean Malicious Cyber Activity page for more information.     This product is provided subject to this Notification and this Privacy & Use policy.

  • New SchoolSafety.gov Provides Cyber Guidance for K-12 Schools
    by CISA on February 12, 2020 at 3:59 pm

    Original release date: February 12, 2020 | Last revised: February 13, 2020The Federal School Safety Clearinghouse just launched its website: SchoolSafety.gov. This website—a collaboration between the Department of Homeland Security and the U.S. Departments of Education, Justice, and Health and Human Services—features a fact sheet on Cyber Safety Considerations for K-12 Schools and School Districts. The factsheet provides guidance to educators, administrators, parents, and law enforcement officials on various online threats to students, including cyberbullying, ransomware, and online predation. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users to read Cyber Safety Considerations for K-12 Schools and School Districts and to visit SchoolSafety.gov to learn more about all the resources available. Refer to CISA’s Tips on Keeping Children Safe Online and Dealing with Cyberbullies for additional best practices. This product is provided subject to this Notification and this Privacy & Use policy.

  • FBI Releases IC3 2019 Internet Crime Report
    by CISA on February 12, 2020 at 3:58 pm

    Original release date: February 12, 2020 | Last revised: February 13, 2020The Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (IC3) has released the 2019 Internet Crime Report, which includes statistics based on data reported by the public through the IC3 website. The top three crimes types reported by victims in 2019 were phishing/vishing/smishing/pharming, non-payment/non-delivery, and extortion. FBI urges users to continue reporting complaints at www.ic3.gov to help law enforcement better combat cybercrime. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users to review the FBI press release and CISA’s Tip on Avoiding Social Engineering and Phishing Attacks for more information. This product is provided subject to this Notification and this Privacy & Use policy.

  • Microsoft Releases February 2020 Security Updates
    by CISA on February 11, 2020 at 8:12 pm

    Original release date: February 11, 2020Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft’s February 2020 Security Update Summary and Deployment Information and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

  • Intel Releases Security Updates
    by CISA on February 11, 2020 at 7:14 pm

    Original release date: February 11, 2020Intel has released security updates to address vulnerabilities in multiple products. An attacker could exploit these vulnerabilities to gain escalation of privileges. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Intel advisories and apply the necessary updates: RWC3 Advisory INTEL-SA-00341 MPSS Advisory INTEL-SA-00340 RWC2 Advisory INTEL-SA-00339 SGX SDK Advisory INTEL-SA-00336 CSME Advisory INTEL-SA-00307 Renesas Electronics USB 3.0 Driver Advisory INTEL-SA-00273 This product is provided subject to this Notification and this Privacy & Use policy.

  • Adobe Releases Security Updates for Multiple Products
    by CISA on February 11, 2020 at 4:16 pm

    Original release date: February 11, 2020Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates: Framemaker APSB20-04 Acrobat and Reader APSB20-05 Flash Player APSB20-06 Digital Editions APSB20-07 Experience Manager APSB20-08 This product is provided subject to this Notification and this Privacy & Use policy.