Current high-impact types of security incidents

  • Google Releases Security Updates for Chrome
    by CISA on June 4, 2020 at 2:25 pm

    Original release date: June 4, 2020<br/><p>Google has released Chrome version 83.0.4103.97 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.</p> <p>The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the <a href="https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop.html">Chrome Release</a> and apply the necessary updates.</p> <div class="field field--name-body field--type-text-with-summary field--label-hidden field--item"><p class="privacy-and-terms">This product is provided subject to this <a href="https://www.us-cert.gov/privacy/notification">Notification</a> and this <a href="https://www.dhs.gov/privacy-policy">Privacy &amp; Use</a> policy.</p> </div>

  • Cisco Releases Security Updates for Multiple Products
    by CISA on June 4, 2020 at 2:22 pm

    Original release date: June 4, 2020<br/><p>Cisco has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.</p> <p>The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Cisco <a href="https://tools.cisco.com/security/center/publicationListing.x?product=Cisco&amp;sort=-day_sir#~Vulnerabilities">security advisories page</a> and apply the necessary updates.</p> <div class="field field--name-body field--type-text-with-summary field--label-hidden field--item"><p class="privacy-and-terms">This product is provided subject to this <a href="https://www.us-cert.gov/privacy/notification">Notification</a> and this <a href="https://www.dhs.gov/privacy-policy">Privacy &amp; Use</a> policy.</p> </div>

  • Mozilla Releases Security Updates for Firefox and Firefox ESR
    by CISA on June 3, 2020 at 2:57 pm

    Original release date: June 3, 2020<br/><p>Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system.</p> <p>The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisories for <a href="https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/">Firefox 77</a> and <a href="https://www.mozilla.org/en-US/security/advisories/mfsa2020-21/">Firefox ESR 68.9</a> and apply the necessary updates.</p> <div class="field field--name-body field--type-text-with-summary field--label-hidden field--item"><p class="privacy-and-terms">This product is provided subject to this <a href="https://www.us-cert.gov/privacy/notification">Notification</a> and this <a href="https://www.dhs.gov/privacy-policy">Privacy &amp; Use</a> policy.</p> </div>

  • Cisco Releases Security Updates for NX-OS Software
    by CISA on June 2, 2020 at 3:07 pm

    Original release date: June 2, 2020<br/><p>Cisco has released security updates to address a vulnerability in NX-OS Software. A remote attacker could exploit this vulnerability to cause a denial-of-service condition.</p> <p>The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ipip-dos-kCT9X4">Cisco Security Advisory</a> and apply the necessary updates or workarounds.</p> <div class="field field--name-body field--type-text-with-summary field--label-hidden field--item"><p class="privacy-and-terms">This product is provided subject to this <a href="https://www.us-cert.gov/privacy/notification">Notification</a> and this <a href="https://www.dhs.gov/privacy-policy">Privacy &amp; Use</a> policy.</p> </div>

  • Apple Releases Security Updates
    by CISA on June 2, 2020 at 2:51 pm

    Original release date: June 2, 2020<br/><p>Apple has released security updates to address a vulnerability in multiple products. An attacker could exploit this vulnerability to take control of an affected system.</p> <p>The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates:</p> <ul> <li><a href="https://support.apple.com/en-us/HT211215">macOS Catalina 10.15.5 Supplemental Update, Security Update 2020-003 High Sierra</a></li> <li><a href="https://www.us-cert.gov https://support.apple.com/en-us/HT211216">tvOS 13.4.6 for Apple TV 4K and Apple TV HD</a></li> <li><a href="https://www.us-cert.gov https://support.apple.com/en-us/HT211217">watchOS 6.2.6 for Apple Watch Series 1 and later</a></li> <li><a href="https://support.apple.com/en-us/HT211214">iOS 13.5.1 and iPadOS 13.5.1</a></li> </ul> <div class="field field--name-body field--type-text-with-summary field--label-hidden field--item"><p class="privacy-and-terms">This product is provided subject to this <a href="https://www.us-cert.gov/privacy/notification">Notification</a> and this <a href="https://www.dhs.gov/privacy-policy">Privacy &amp; Use</a> policy.</p> </div>

  • Hurricane-Related Scams
    by CISA on June 1, 2020 at 3:36 pm

    Original release date: June 1, 2020<br/><p>June 1 marks the official start of the 2020 Atlantic hurricane season. The Cybersecurity and Infrastructure Security Agency (CISA) warns users to remain on alert for malicious cyber activity targeting potential disaster victims and charitable donors following a hurricane. Fraudulent emails—often containing malicious links or attachments—are common after major natural disasters. Exercise caution in handling emails with hurricane-related subject lines, attachments, or hyperlinks. In addition, be wary of social media pleas, texts, or door-to-door solicitations relating to severe weather events.</p> <p>To avoid becoming victims of malicious activity, users and administrators should review the following resources and take preventative measures.</p> <ul> <li><a href="https://www.consumer.ftc.gov/features/dealing-weather-emergencies#stayingalert">Staying Alert to Disaster-related Scams</a></li> <li><a href="https://www.consumer.ftc.gov/articles/0074-giving-charity">Before Giving to a Charity</a></li> <li><a href="https://www.us-cert.gov/ncas/tips/ST06-003">Staying Safe on Social Networking Sites</a></li> <li><a href="https://www.us-cert.gov/ncas/tips/ST04-014">Avoiding Social Engineering and Phishing Attacks</a></li> <li><a href="https://www.us-cert.gov/ncas/tips/ST04-010 ">Using Caution with Email Attachments</a></li> </ul> <p>If you believe you have been a victim of cybercrime, file a complaint with the Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3) at <a href="http://www.ic3.gov/ ">www.ic3.gov</a>.</p> <div class="field field--name-body field--type-text-with-summary field--label-hidden field--item"><p class="privacy-and-terms">This product is provided subject to this <a href="https://www.us-cert.gov/privacy/notification">Notification</a> and this <a href="https://www.dhs.gov/privacy-policy">Privacy &amp; Use</a> policy.</p> </div>

  • VMware Releases Security Updates for Multiple Products
    by CISA on May 29, 2020 at 2:02 pm

    Original release date: May 29, 2020<br/><p>VMware has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit one of these vulnerabilities to take control of an affected system.</p> <p>The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the VMware Security Advisory <a href="https://www.vmware.com/security/advisories/VMSA-2020-0011.html">VMSA-2020-0011</a> and apply the necessary updates.</p> <div class="field field--name-body field--type-text-with-summary field--label-hidden field--item"><p class="privacy-and-terms">This product is provided subject to this <a href="https://www.us-cert.gov/privacy/notification">Notification</a> and this <a href="https://www.dhs.gov/privacy-policy">Privacy &amp; Use</a> policy.</p> </div>

  • Cisco Releases Security Updates for CML and VIRL-PE
    by CISA on May 29, 2020 at 1:59 pm

    Original release date: May 29, 2020<br/><p>Cisco has released security updates to address SaltStack FrameWork vulnerabilities in Cisco Modeling Labs Corporate Edition (CML) and Virtual Internet Routing Lab Personal Edition (VIRL-PE). A remote attacker could exploit these vulnerabilities to take control of an affected system.</p> <p>The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-salt-2vx545AG">Cisco Security Advisory</a> and apply the necessary updates or workaround.</p> <p>&nbsp;</p> <div class="field field--name-body field--type-text-with-summary field--label-hidden field--item"><p class="privacy-and-terms">This product is provided subject to this <a href="https://www.us-cert.gov/privacy/notification">Notification</a> and this <a href="https://www.dhs.gov/privacy-policy">Privacy &amp; Use</a> policy.</p> </div>

  • NSA Releases Advisory on Sandworm Actors Exploiting an Exim Vulnerability
    by CISA on May 28, 2020 at 7:12 pm

    Original release date: May 28, 2020<br/><p>The National Security Agency (NSA) has released a cybersecurity advisory on Russian advanced persistent threat (APT) group Sandworm exploiting a vulnerability—CVE-2019-10149—in Exim Mail Transfer Agent (MTA) software. An unauthenticated remote attacker can use this vulnerability to send a specially crafted email to execute commands with root privileges, allowing the attacker to install programs, modify data, and create new accounts.</p> <p>Although Exim released a <a href="https://www.exim.org/static/doc/security/CVE-2019-10149.txt">security update</a> for the MTA vulnerability in June 2019, Sandworm cyber actors have been exploiting this vulnerability in unpatched Exim servers since at least August 2019 according NSA’s advisory, which provides indicators of compromise and mitigations to detect and block exploit attempts.</p> <p>The Cybersecurity and Infrastructure Security Agency (CISA) encourages administrators and users to upgrade to the latest version of Exim and review NSA’s <a href="https://media.defense.gov/2020/May/28/2002306626/-1/-1/0/CSA%20Sandworm%20Actors%20Exploiting%20Vulnerability%20in%20Exim%20Transfer%20Agent%2020200528.pdf">Advisory: Exim Mail Transfer Agent Actively Exploited by Russian GRU Cyber Actors</a> and Exim’s page on <a href="https://www.exim.org/static/doc/security/CVE-2019-10149.txt">CVE-2019-10149</a> for more information.</p> <div class="field field--name-body field--type-text-with-summary field--label-hidden field--item"><p class="privacy-and-terms">This product is provided subject to this <a href="https://www.us-cert.gov/privacy/notification">Notification</a> and this <a href="https://www.dhs.gov/privacy-policy">Privacy &amp; Use</a> policy.</p> </div>

  • Apple Releases Security Updates
    by CISA on May 27, 2020 at 2:37 pm

    Original release date: May 27, 2020<br/><p>Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.</p> <p>The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates:</p> <ul> <li><a href="https://support.apple.com/en-us/HT211170">macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra</a></li> <li><a href="https://support.apple.com/en-us/HT211186">Windows Migration Assistant 2.2.0.0</a></li> <li><a href="https://support.apple.com/kb/HT211177">Safari 13.1.1</a></li> <li><a href="https://support.apple.com/kb/HT211179">iCloud for Windows 11.2</a></li> <li><a href="https://support.apple.com/kb/HT211181">iCloud for Windows 7.19</a></li> </ul> <div class="field field--name-body field--type-text-with-summary field--label-hidden field--item"><p class="privacy-and-terms">This product is provided subject to this <a href="https://www.us-cert.gov/privacy/notification">Notification</a> and this <a href="https://www.dhs.gov/privacy-policy">Privacy &amp; Use</a> policy.</p> </div>