Current high-impact types of security incidents

  • Reminder: Safeguard Websites from Cyberattacks
    by CISA on January 21, 2020 at 6:02 pm

    Original release date: January 21, 2020Protect personal and organizational public-facing websites from defacement, data breaches, and other types of cyberattacks by following cybersecurity best practices. The Cybersecurity and Information Security Agency (CISA) encourages users and administrators to review CISA’s updated Tip on Website Security and take the necessary steps to protect against website attacks.    For more information, review: CISA Insight: Enhance Email and Web Security,   National Institute of Standards and Technology (NIST) Special Publication (SP) 800-44: Guidelines on Securing Public Web Servers, and   NIST SP 800-95: Guide to Secure Web Services. This product is provided subject to this Notification and this Privacy & Use policy.

  • Samba Releases Security Updates
    by CISA on January 21, 2020 at 4:11 pm

    Original release date: January 21, 2020The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit one of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Samba Security Announcements for CVE-2019-14902, CVE-2019-14907, and CVE-2019-19344 and apply the necessary updates and workarounds.   This product is provided subject to this Notification and this Privacy & Use policy.

  • Citrix Adds SD-WAN WANOP, Updated Mitigations to CVE-2019-19781 Advisory
    by CISA on January 18, 2020 at 2:34 am

    Original release date: January 17, 2020Citrix has released an article with updates on CVE-2019-19781, a vulnerability affecting Citrix Application Delivery Controller (ADC) and Citrix Gateway. This vulnerability also affects Citrix SD-WAN WANOP product versions 10.2.6 and version 11.0.3. The article includes updated mitigations for Citrix ADC and Citrix Gateway Release 12.1 build 50.28. An attacker could exploit CVE-2019-19781 to take control of an affected system. Citrix plans to begin releasing security updates for affected software starting January 20, 2020. The Cybersecurity and Infrastructure Security Agency (CISA) recommends users and administrators: Review the Citrix article on updates on Citrix ADC, Citrix Gateway vulnerability, published January 17, 2020; See Citrix Security Bulletin CTX267027 – Vulnerability in Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP appliance; Apply the recommended mitigations in CTX267679 – Mitigation Steps for CVE-2019-19781; and Verify the successful application of the above mitigations by using the tool in CTX269180 – CVE-2019-19781 – Verification ToolTest. This product is provided subject to this Notification and this Privacy & Use policy.

  • Microsoft Releases Security Advisory on Internet Explorer Vulnerability
    by CISA on January 18, 2020 at 1:55 am

    Original release date: January 17, 2020Microsoft has released a security advisory to address a critical vulnerability in Internet Explorer. A remote attacker could exploit this vulnerability to take control of an affected system. According to the advisory, “Microsoft is aware of limited targeted attacks.” The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft’s Advisory ADV20001 and CERT/CC's Vulnerability Note VU#338824 for more information, implement workarounds, and apply updates when available. Consider using Microsoft Edge or an alternate browser until patches are made available. This product is provided subject to this Notification and this Privacy & Use policy.

  • Google Releases Security Updates for Chrome
    by CISA on January 17, 2020 at 3:52 pm

    Original release date: January 17, 2020Google has released Chrome version 79.0.3945.130 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome Release and apply the necessary updates.     This product is provided subject to this Notification and this Privacy & Use policy.

  • Oracle Releases January 2020 Security Bulletin
    by CISA on January 14, 2020 at 10:01 pm

    Original release date: January 14, 2020Oracle has released its Critical Patch Update for January 2020 containing 334 new security patches to address vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Oracle January 2020 Critical Patch Update and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

  • Adobe Releases Security Updates
    by CISA on January 14, 2020 at 9:57 pm

    Original release date: January 14, 2020Adobe has released security updates to address vulnerabilities in Illustrator CC and Experience Manager. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Adobe Security Bulletins APSB20-03 and APSB20-01 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

  • VMware Releases Security Update
    by CISA on January 14, 2020 at 9:53 pm

    Original release date: January 14, 2020VMware has released a security update to address a vulnerability in VMware Tools. An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review VMware Security Advisory VMSA-2020-0002 and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.

  • Intel Releases Security Updates
    by CISA on January 14, 2020 at 8:41 pm

    Original release date: January 14, 2020Intel has released security updates to address vulnerabilities in multiple products. An authenticated attacker with local access could exploit some of these vulnerabilities to gain escalation of privileges. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Intel advisories and apply the necessary updates: SNMP Subagent Stand-Alone Advisory for Windows INTEL-SA-00300 Chipset Device Software Advisory INTEL-SA-00306 RWC 3 for Windows Advisory INTEL-SA-00308 Processor Graphics Advisory INTEL-SA-00314 VTune Amplifier for Windows Advisory INTEL-SA-00325 DAAL Advisory INTEL-SA-00332 This product is provided subject to this Notification and this Privacy & Use policy.

  • Microsoft Releases January 2020 Security Updates
    by CISA on January 14, 2020 at 8:32 pm

    Original release date: January 14, 2020Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft’s January 2020 Security Update Summary and Deployment Information and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.