News


Security News, Updates and Vulnerabilities, posted here from around the web. Including US-CERT Cyber Security Bulletin & Microsoft Technet

 

FTC, Partners Help Small Businesses Stop Scams

Original release date: June 18, 2018 The Federal Trade Commission (FTC) has launched Operation Main Street, an effort with the Better Business Bureau (BBB) and law enforcement to educate small business owners on how to stop scams targeting their businesses. Accordingly, FTC released Scams and Your Small Business, a guide for businesses detailing how to […]

Posted in News, Security, Updates, Vulnerability | Tagged , | Comments Off on FTC, Partners Help Small Businesses Stop Scams

Multi-factor authentication for online services

This guidance describes how to use multi-factor authentication (MFA) to mitigate against password guessing and theft, including brute force attacks. MFA can also be called two-step verification or 2-factor authentication (2FA). This guidance is primarily for senior decision makers in larger organisations, and administrators responsible for implementing access to online and enterprise services that requires users to authenticate to […]

Posted in NCSC, News, Security, Updates | Tagged , | Comments Off on Multi-factor authentication for online services

North Korean Malicious Cyber Activity

Original release date: June 14, 2018 The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have identified Trojan malware variants—referred to as TYPEFRAME—used by the North Korean government. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA. US-CERT encourages users and administrators to review […]

Posted in News, Security, Updates, Vulnerability | Tagged , | Comments Off on North Korean Malicious Cyber Activity

ISC Releases Security Advisory for BIND

Original release date: June 13, 2018 The Internet Systems Consortium (ISC) has released a security advisory that addresses a vulnerability affecting multiple versions of ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit this vulnerability to obtain sensitive information. NCCIC encourages users and administrators to review the ISC Knowledge Base Article AA-01616 and […]

Posted in News, Security, Updates, Vulnerability | Tagged , | Comments Off on ISC Releases Security Advisory for BIND

Intel Releases Security Advisory on Lazy FP State Restore Vulnerability

Original release date: June 13, 2018 Intel has released recommendations to address a vulnerability—dubbed Lazy FP state restore—affecting Intel Core-based microprocessors. An attacker could exploit this vulnerability to obtain access to sensitive information. NCCIC encourages users and administrators to review Intel’s Security Advisory INTEL-SA-00145, apply the necessary mitigations, and refer to software vendors for appropriate […]

Posted in News, Security, Updates, Vulnerability | Tagged , | Comments Off on Intel Releases Security Advisory on Lazy FP State Restore Vulnerability

Apple Releases Security Update for Xcode

Original release date: June 13, 2018 Apple has released a security update to address vulnerabilities in Xcode. An attacker could exploit one of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review Apple’s security page for Xcode 9.4.1 and apply the necessary update. This product is provided subject […]

Posted in News, Security, Updates, Vulnerability | Tagged , | Comments Off on Apple Releases Security Update for Xcode

NCSC advice for Dixons Carphone plc customers

Who is this guidance for? Customers of Dixons Carphone plc, who the NCSC is working with to investigate a data breach.   Overview On 13 June 2018, Dixons Carphone plc announced that a review of their systems and data had shown unauthorised access to certain data held by the company. Dixons Carphone has reported that […]

Posted in NCSC, News, Security, Updates | Tagged , | Comments Off on NCSC advice for Dixons Carphone plc customers

Google Releases Security Update for Chrome

Original release date: June 13, 2018 Google has released Chrome version 67.0.3396.87 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take control of an affected system. NCCIC encourages users and administrators to review the Chrome Release page and apply the necessary update. This product is provided subject […]

Posted in News, Security, Updates, Vulnerability | Tagged , | Comments Off on Google Releases Security Update for Chrome

Microsoft Releases June 2018 Security Updates

Original release date: June 12, 2018 Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review Microsoft’s June 2018 Security Update Summary and Deployment Information and apply the necessary updates. This product […]

Posted in News, Security, Updates, Vulnerability | Tagged , | Comments Off on Microsoft Releases June 2018 Security Updates

VMware Releases Security Update

Original release date: June 12, 2018 VMware has released a security update to address a vulnerability in VMware AirWatch Agent. A remote attacker could exploit this vulnerability to take control of an affected system. NCCIC encourages users and administrators to review the VMware Security Advisory VMSA-2018-0015 and apply the necessary update. This product is provided […]

Posted in News, Security, Updates, Vulnerability | Tagged , | Comments Off on VMware Releases Security Update