News

Security News, Updates and Vulnerabilities, posted here from around the web. Including US-CERT Cyber Security Bulletin & Microsoft Technet

 

Microsoft Releases November 2018 Security Updates

Original release date: November 13, 2018 Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review Microsoft’s November 2018 Security Update Summary and Deployment Information and apply the necessary updates. This […]

Posted in News, Security, Updates, Vulnerability | Tagged , | Comments Off on Microsoft Releases November 2018 Security Updates

Adobe Releases Security Updates

Original release date: November 13, 2018 Adobe has released security updates to address vulnerabilities in Flash Player, Adobe Acrobat and Reader, and Adobe Photoshop CC. An attacker could exploit these vulnerabilities to obtain access to sensitive information. NCCIC encourages users and administrators to review Adobe Security Bulletins APSB18-39, APSB18-40, and APSB18-43 and apply the necessary […]

Posted in News, Security, Updates, Vulnerability | Tagged , | Comments Off on Adobe Releases Security Updates

VMware Releases Security Updates

Original release date: November 09, 2018 VMware has released security updates to address vulnerabilities in ESXi, Workstation, and Fusion. An attacker could exploit these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the VMware Security Advisory VMSA-2018-0027 and apply the necessary updates. This product is provided subject to […]

Posted in News, Security, Updates, Vulnerability | Tagged , | Comments Off on VMware Releases Security Updates

NCCIC Releases Analysis Report on JexBoss

Original release date: November 08, 2018 NCCIC has released Analysis Report (AR) AR18-312A: JexBoss – JBoss Verify and EXploitation Tool. Cyber threat actors use JexBoss to remotely access victims’ systems. The report provides information on JexBoss’ capabilities, as well as suggestions for detection and mitigation. NCCIC encourages users and administrators to review AR18-312A for more […]

Posted in News, Security, Updates, Vulnerability | Tagged , | Comments Off on NCCIC Releases Analysis Report on JexBoss

Cisco Releases Security Updates

Original release date: November 07, 2018 Cisco has released security updates to address vulnerabilities affecting Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates: Cisco Stealthwatch Management Console Authentication Bypass […]

Posted in News, Security, Updates, Vulnerability | Tagged , | Comments Off on Cisco Releases Security Updates

Self-Encrypting Solid-State Drive Vulnerabilities

Original release date: November 06, 2018 NCCIC is aware of reports of vulnerabilities in the hardware encryption of certain self-encrypting solid-state drives. An attacker could exploit these vulnerabilities to obtain access to sensitive information. NCCIC encourages users and administrators to review Microsoft’s Security Advisory ADV180028 and Samsung’s Customer Notice regarding Samsung SSDs for more information […]

Posted in News, Security, Updates, Vulnerability | Tagged , | Comments Off on Self-Encrypting Solid-State Drive Vulnerabilities

Apache Releases Security Advisory for Apache Struts

Original release date: November 05, 2018 The Apache Software Foundation has released an advisory to address a vulnerable commons-fileupload library used in Apache Struts versions 2.3.36 and prior. A remote attacker could exploit this vulnerability to take control of an affected system. Struts versions from 2.5.12 are not affected. NCCIC encourages users and administrators of […]

Posted in News, Security, Updates, Vulnerability | Tagged , | Comments Off on Apache Releases Security Advisory for Apache Struts

Apache Releases Security Advisory for Apache Struts

Original release date: November 05, 2018 The Apache Software Foundation has released an advisory to address a vulnerable commons-fileupload library used in Apache Struts versions 2.3.36 and prior. A remote attacker could exploit this vulnerability to take control of an affected system. Struts versions from 2.5.12 are not affected. NCCIC encourages users and administrators of […]

Posted in News, Security, Updates, Vulnerability | Tagged , | Comments Off on Apache Releases Security Advisory for Apache Struts

Cisco Releases Security Advisory

Original release date: November 01, 2018 Cisco has released a security advisory to address a vulnerability affecting Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software. A remote attacker could exploit this vulnerability to cause a denial-of-service condition. NCCIC encourages users and administrators to review the Cisco Security Advisory and the CERT Coordination […]

Posted in News, Security, Updates, Vulnerability | Tagged , | Comments Off on Cisco Releases Security Advisory

November is National Critical Infrastructure Security and Resilience Month

Original release date: November 01, 2018 November is National Critical Infrastructure Security and Resilience Month. Critical Infrastructure (CI) is our Nation’s backbone; it is the physical and cyber systems and assets that are so vital to the United States that their incapacity or destruction would have a debilitating impact on our physical or economic security […]

Posted in News, Security, Updates, Vulnerability | Tagged , | Comments Off on November is National Critical Infrastructure Security and Resilience Month