News


Security News, Updates and Vulnerabilities, posted here from around the web. Including US-CERT Cyber Security Bulletin & Microsoft Technet

 

FTC Releases Article on Choosing VPN Apps for Mobile Phones

Original release date: February 22, 2018 The Federal Trade Commission (FTC) has issued guidance to consumers considering using a Virtual Private Network (VPN) for their mobile phones. Some mobile phone users choose to use VPNs to shield the information on their phones when using public Wi-Fi networks. NCCIC/US-CERT encourages consumers to review the FTC article […]

Posted in News, Security, Updates, Vulnerability | Tagged , | Comments Off on FTC Releases Article on Choosing VPN Apps for Mobile Phones

Drupal Releases Security Updates

Original release date: February 21, 2018 Drupal has released an advisory to address multiple vulnerabilities in Drupal 7.x and 8.4.x. An attacker could exploit one of these vulnerabilities to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review Drupal’s Security Advisory and upgrade to version 7.57 or 8.4.5. This product is […]

Posted in News, Security, Updates, Vulnerability | Tagged , | Comments Off on Drupal Releases Security Updates

IC3 Issues Alert on Increase in W-2 Phishing Campaigns

Original release date: February 21, 2018 The Internet Crime Complaint Center (IC3) has issued an alert on the increase in W-2-related phishing campaigns. Fraudsters often use tax-related phishing emails to get victims to provide personally identifiable information, click on a malicious link, or pay a ransom. NCCIC/US-CERT encourages taxpayers to review the IC3 Alert and […]

Posted in News, Security, Updates, Vulnerability | Tagged , | Comments Off on IC3 Issues Alert on Increase in W-2 Phishing Campaigns

Cisco Releases Security Updates for Multiple Products

Original release date: February 21, 2018 Cisco has released several updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates: Cisco Unified Communications Domain Manager […]

Posted in News, Security, Updates, Vulnerability | Tagged , | Comments Off on Cisco Releases Security Updates for Multiple Products

EUD Security Guidance: Samsung devices with Knox Workspace

About this guidance  This guidance is for Samsung Devices with Knox 2.8 and higher. It was tested on Samsung Galaxy S8 devices with Samsung SDS EMM as the Mobile Device Management (MDM) server. It’s important to remember that this guidance has been conceived as a way to satisfy the 12 End User Device Security Principles. As such, it consists of recommendations and should not be seen as a set […]

Posted in NCSC, News, Security, Updates | Tagged , | Comments Off on EUD Security Guidance: Samsung devices with Knox Workspace

Microsoft Releases February 2018 Security Updates

Original release date: February 13, 2018 Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review Microsoft’s February 2018 Security Update Summary and Deployment Information and apply the necessary updates. This product is […]

Posted in News, Security, Updates, Vulnerability | Tagged , | Comments Off on Microsoft Releases February 2018 Security Updates

Adobe Releases Security Updates

Original release date: February 13, 2018 Adobe has released security updates to address vulnerabilities in Adobe Experience Manager. A remote attacker could exploit these vulnerabilities to take control of an affected system.                   NCCIC/US-CERT encourages users and administrators to review Adobe Security Bulletin APSB18-04 and apply the necessary updates. This product is provided subject to this […]

Posted in News, Security, Updates, Vulnerability | Tagged , | Comments Off on Adobe Releases Security Updates

North Korean Malicious Cyber Activity

Original release date: February 13, 2018 The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have identified Trojan malware variants—referred to as HARDRAIN and BADCALL—used by the North Korean government. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA. NCCIC/US-CERT encourages users and administrators […]

Posted in News, Security, Updates, Vulnerability | Tagged , | Comments Off on North Korean Malicious Cyber Activity

NCSC advice: Malicious software used to illegally mine cryptocurrency

The NCSC is aware of a compromise of the third-party JavaScript library ‘Browsealoud’ which happened on 11 February 2018. During the compromise, anyone who visited a website with the Browsealoud library embedded inadvertently ran mining code on their computer, helping to generate money for the attackers. No money was taken from users themselves, but the […]

Posted in NCSC, News, Security, Updates | Tagged , | Comments Off on NCSC advice: Malicious software used to illegally mine cryptocurrency

Preventing Lateral Movement

This guidance explains how system owners can prevent and detect lateral movement within their enterprise networks. It will help you to: improve the chances of spotting an intruder increase the difficulty for an attacker to reach their goal once inside your network Implementing the recommended security controls outlined below – including monitoring to detect the […]

Posted in NCSC, News, Security, Updates | Tagged , | Comments Off on Preventing Lateral Movement