Original release date: July 8, 2020 VMware has released a security update to address a vulnerability in VeloCloud. An attacker could exploit this vulnerability to obtain sensitive information. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review VMware Security Advisory VMSA-2020-0016 and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy. from CISA Current Activity https://bit.ly/3gCHPfy via US-CERT Current Activity http://ift.tt/1Btyqkb Stay safe *”This link is provided for informational purposes only and does not represent an endorsement by or affiliation with the US-CERT (DHS)
Security
2064 posts
Original release date: July 8, 2020 Citrix has released security updates to address vulnerabilities in Citrix ADC (formerly known as NetScaler ADC), Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP appliance. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) recommends users and administrators review Citrix Security Bulletin CTX276688, as well as the Citrix blog post, Citrix provides context on Security Bulletin CTX276688, and apply the necessary updates as soon as possible. This product is provided subject to this Notification and this Privacy […]
Original release date: July 8, 2020 Citrix has released security updates to address vulnerabilities in Citrix ADC (formerly known as NetScaler ADC), Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP appliance. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) recommends users and administrators review Citrix Security Bulletin CTX276688, as well as the Citrix blog post, Citrix provides context on Security Bulletin CTX276688, and apply the necessary updates as soon as possible. This product is provided subject to this Notification and this Privacy […]
Original release date: July 7, 2020 The Cybersecurity and Infrastructure Security Agency (CISA) has released its five-year industrial control systems (ICS) strategy: Securing Industrial Control Systems: A Unified Initiative. The strategy—developed in collaboration with industry and government partners—lays out CISA’s plan to improve, unify, and focus the effort to secure ICS and protect critical infrastructure. CISA encourages users—including ICS and critical infrastructure partners—to review Securing Industrial Control Systems: A Unified Initiative for more information. This product is provided subject to this Notification and this Privacy & Use policy. from CISA Current Activity https://bit.ly/2O5FX2y via US-CERT Current Activity http://ift.tt/1Btyqkb Stay safe […]
Original release date: July 1, 2020 | Last revised: July 2, 2020 Summary This advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) and Pre-ATT&CK framework. See the ATT&CK for Enterprise and Pre-ATT&CK frameworks for referenced threat actor techniques. This advisory—written by the Cybersecurity Security and Infrastructure Security Agency (CISA) with contributions from the Federal Bureau of Investigation (FBI)—highlights risks associated with Tor, along with technical details and recommendations for mitigation. Cyber threat actors can use Tor software and network infrastructure for anonymity and obfuscation purposes to clandestinely conduct malicious cyber operations.[1],[2],[3] Tor (aka The Onion Router) is […]
Original release date: July 4, 2020 F5 has released a security advisory to address a remote code execution (RCE) vulnerability—CVE-2020-5902—in the BIG-IP Traffic Management User Interface (TMUI). An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the F5 advisory for CVE-2020-5902 and upgrade to the appropriate version. This product is provided subject to this Notification and this Privacy & Use policy. from CISA Current Activity https://bit.ly/2VXghK1 via US-CERT Current Activity http://ift.tt/1Btyqkb Stay safe *”This link is provided for informational purposes only and does […]
Original release date: July 3, 2020 The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Samba Security Announcements for CVE-2020-10730, CVE-2020-10745, CVE-2020-10760, and CVE-2020-14303 and apply the necessary updates and workarounds. This product is provided subject to this Notification and this Privacy & Use policy. from CISA Current Activity https://bit.ly/38xKNz0 via US-CERT Current Activity http://ift.tt/1Btyqkb Stay safe *”This link is provided for informational purposes only […]
Original release date: July 2, 2020 Cisco has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Cisco advisories and apply the necessary updates: Cisco Small Business Smart and Managed Switches Session Management Vulnerability cisco-sa-sbswitch-session-JZAS5jnY Small Business RV042 and RV042G Routers Cross-Site Scripting Vulnerability cisco-sa-sa-rv-routers-xss-K7Z5U6q3 Identity Services Engine Stored Cross-Site Scripting Vulnerabilities cisco-sa-mlt-ise-strd-xss-nqFhTtx7 Digital Network Architecture Center Information Disclosure Vulnerability cisco-sa-dnac-info-disc-6xsCyDYy Unified Customer Voice Portal Information Disclosure Vulnerability cisco-sa-cvp-info-dislosure-NZBEwj9V […]
Original release date: July 2, 2020 | Last revised: July 3, 2020 Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisories for Firefox 78, Firefox ESR 68.10, and Thunderbird 68.10.0 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy. from CISA Current Activity https://bit.ly/2DmcNdH via US-CERT Current Activity http://ift.tt/1Btyqkb Stay safe *”This link […]
Original release date: July 1, 2020 Microsoft has released security updates to address vulnerabilities in Windows 10 and Windows Server. These vulnerabilities could allow a remote attacker to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Microsoft security advisories for CVE-2020-1425 and CVE-2020-1457 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy. from CISA Current Activity https://bit.ly/2O3Y20Y via US-CERT Current Activity http://ift.tt/1Btyqkb Stay safe *”This link is provided for informational purposes only and does not represent an endorsement […]