US CERT: Current Activity

Subscribe to US CERT: Current Activity hírcsatorna
A regularly updated summary of the most frequent, high-impact security incidents currently being reported to the US-CERT.
Frissítve: 1 óra 18 perc
2020. augusztus 11.

SAP Releases August 2020 Security Updates

Original release date: August 11, 2020<br/><p>SAP has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. This includes a cross-site scripting vulnerability (CVE-2020-6284) in NetWeaver (Knowledge Management)</p> <p>The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the <a href="https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345">SAP Security Notes</a> and apply the necessary updates.</p> <div class="field field--name-body field--type-text-with-summary field--label-hidden field--item"><p class="privacy-and-terms">This product is provided subject to this <a href="https://us-cert.cisa.gov/privacy/notification">Notification</a> and this <a href="https://www.dhs.gov/privacy-policy">Privacy &amp; Use</a> policy.</p> </div>
2020. augusztus 11.

Microsoft Addresses RCE and Spoofing Vulnerabilities Under Active Exploitation

Original release date: August 11, 2020<br/><p>Microsoft has released security updates to address two vulnerabilities—CVE-2020-1380 and CVE-2020-1464—that are being actively exploited. CVE-2020-1380 is a remote code execution vulnerability affecting Internet Explorer 11, and CVE-2020-1464 is a spoofing vulnerability that affects multiple Windows products. An attacker could exploit these vulnerabilities to take control of an affected system.</p> <p>The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft’s Security Advisories for <a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1380 ">CVE-2020-1380</a> and <a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1464 ">CVE-2020-1464</a> and apply the necessary updates.</p> <div class="field field--name-body field--type-text-with-summary field--label-hidden field--item"><p class="privacy-and-terms">This product is provided subject to this <a href="https://us-cert.cisa.gov/privacy/notification">Notification</a> and this <a href="https://www.dhs.gov/privacy-policy">Privacy &amp; Use</a> policy.</p> </div>
2020. augusztus 11.

Microsoft Releases August 2020 Security Updates

Original release date: August 11, 2020<br/><p>Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.</p> <p>The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft’s August 2020 <a href="https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Aug">Security Update Summary</a> and <a href="https://support.microsoft.com/en-us/help/20200811/security-update-deployment-information-august-11-2020">Deployment Information</a> and apply the necessary updates.</p> <div class="field field--name-body field--type-text-with-summary field--label-hidden field--item"><p class="privacy-and-terms">This product is provided subject to this <a href="https://us-cert.cisa.gov/privacy/notification">Notification</a> and this <a href="https://www.dhs.gov/privacy-policy">Privacy &amp; Use</a> policy.</p> </div>
2020. augusztus 11.

CIS Releases 2019 Year in Review

Original release date: August 11, 2020<br/><p>The Center for Internet Security (CIS) has released its <a href="https://www.cisecurity.org/white-papers/2019-center-for-internet-security-year-in-review/">2019 Year in Review</a>. CIS is home to the Multi-State Information Sharing &amp; Analysis Center (MS-ISAC), a Cybersecurity and Infrastructure Security Agency (CISA) partner focused on cyber threat prevention, protection, response, and recovery for U.S. state, local, tribal, and territorial government entities. The review highlights CIS's role in improving cyber defense and MS-ISAC's advances in membership, monitoring, cyber education, and information sharing with partners.</p> <div class="field field--name-body field--type-text-with-summary field--label-hidden field--item"><p class="privacy-and-terms">This product is provided subject to this <a href="https://us-cert.cisa.gov/privacy/notification">Notification</a> and this <a href="https://www.dhs.gov/privacy-policy">Privacy &amp; Use</a> policy.</p> </div>
2020. augusztus 11.

Adobe Releases Security Updates

Original release date: August 11, 2020

Adobe has released security updates to address vulnerabilities affecting Adobe Acrobat, Reader, and Lightroom. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Adobe Security Bulletin APSB20-48 and APSB20-51 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

2020. augusztus 11.

Google Releases Security Updates for Chrome

Original release date: August 11, 2020

Google has released Chrome version 84.0.4147.125 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome Release and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

2020. augusztus 11.

Apple Releases Security Updates for iCloud for Windows

Original release date: August 11, 2020

Apple has released security updates to address vulnerabilities in iCloud for Windows 7.20 (for Windows 7 and later) and 11.3 (for Windows 10 and later). An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apple security pages for iCloud 7.20 and iCloud 11.3 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

2020. augusztus 6.

Cisco Releases Security Updates for Multiple Products

Original release date: August 6, 2020

Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit one of these vulnerabilities to take obtain sensitive information.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Cisco Advisories and apply the necessary updates:

For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

This product is provided subject to this Notification and this Privacy & Use policy.

2020. augusztus 6.

NSA Releases Guidance on Limiting Location Data Exposure

Original release date: August 6, 2020

The National Security Agency (NSA) has released an information sheet with guidance on how to limit location data exposure for National Security System (NSS) / Department of Defense (DoD) system users, as well as the general public. NSA outlines mobile device geolocation services and provides recommendations on how to prevent the exposure of sensitive location information and reduce the amount of location data shared.  

The Cybersecurity and Infrastructure Security Agency (CISA) encourages administrators and users to review NSA's guidance on Limiting Location Data Exposure and CISA’s Security Tip on Privacy and Mobile Device Apps for information on protecting mobile location data.  

This product is provided subject to this Notification and this Privacy & Use policy.

2020. augusztus 5.

FBI Reports Increase in Online Shopping Scams

Original release date: August 5, 2020

The Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (I3C) has released an alert on a recent increase in online shopping scams. The scams direct victims to fraudulent websites via ads on social media platforms and popular online search engines’ shopping pages.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and consumers to review the IC3 Alert for indicators of fraud and tips to avoid being victimized, as well as CISA’s tip on Shopping Safely Online.

This product is provided subject to this Notification and this Privacy & Use policy.

2020. augusztus 3.

Chinese Malicious Cyber Activity

Original release date: August 3, 2020

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Defense (DoD) have identified a malware variant—referred as TAIDOOR—used by the Chinese government. In addition, U.S. Cyber Command has released the malware sample to the malware aggregation tool and repository, VirusTotal.

CISA encourages users and administrators to review Malware Analysis Report MAR-10292089-1.v1, U.S. Cyber Command’s VirusTotal page, and CISA’s Chinese Malicious Cyber Activity page for more information.

This product is provided subject to this Notification and this Privacy & Use policy.

2020. július 30.

Cisco Releases Security Updates for Multiple Products

Original release date: July 30, 2020

Cisco has released security updates to address vulnerabilities affecting multiple products. An unauthenticated, remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Cisco Advisories and apply the necessary updates. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

This product is provided subject to this Notification and this Privacy & Use policy.

2020. július 30.

GNU GRUB2 Vulnerability

Original release date: July 30, 2020

Free Software Foundation GNU Project's multiboot boot loader, GNU GRUB2, contains a vulnerability—CVE-2020-10713—that a local attacker could exploit to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the CERT Coordination Center’s Vulnerability Note VU#174059 for mitigations and to refer to operating system vendors for appropriate patches, when available.

This product is provided subject to this Notification and this Privacy & Use policy.

2020. július 29.

Adobe Releases Security Updated for Magento

Original release date: July 29, 2020

Adobe has released security updates to address vulnerabilities in Magento Commerce 2 (formerly known as Magento Enterprise Edition) and Magento Open Source 2 (formerly known as Magento Community Edition). An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Adobe Security Bulletin APSB20-47 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

2020. július 29.

Mozilla Releases Security Updates for Multiple Products

Original release date: July 29, 2020

Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Mozilla Security Advisories and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.

2020. július 28.

Google Releases Security Updates for Chrome

Original release date: July 28, 2020

Google has released Chrome version 84.0.4147.105 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome Release and apply the necessary updates.

 

This product is provided subject to this Notification and this Privacy & Use policy.

2020. július 23.

Cisco Releases Security Updates for ASA and FTD Software

Original release date: July 23, 2020

Cisco has released security updates to address a vulnerability in Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software Web Service. A remote attacker could exploit this vulnerability to obtain sensitive information.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Cisco Security Advisory cisco-sa-asaftd-ro-path-KJuQhB86 for more information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

2020. július 23.

Citrix Releases Security Updates for Workspace App for Windows

Original release date: July 23, 2020

Citrix has released security updates to address a vulnerability in Workspace app for Windows.  A remote attacker could exploit this vulnerability to take control of an affected system if Windows Server Message Block (SMB) is enabled.

The Cybersecurity and Infrastructure Security Agency (CISA) recommends users and administrators review Citrix Security Bulletin CTX277662 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

2020. július 22.

Adobe Releases Security Updates

Original release date: July 22, 2020

Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

2020. július 17.

Microsoft Releases Security Update for Edge

Original release date: July 17, 2020

Microsoft has released a security update to address a vulnerability in Edge (Chromium-based). An attacker could exploit this vulnerability to drop Dynamic Link Library (DLL) files and gain elevated privileges.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft’s Security Advisory for CVE-2020-1341 and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.