News


Security News, Updates and Vulnerabilities, posted here from around the web. Including US-CERT Cyber Security Bulletin & Microsoft Technet

 

Drupal Releases Critical Security Updates

Original release date: April 25, 2018 Drupal has released critical updates addressing a vulnerability in Drupal 8.x and 7.x. A remote attacker could exploit this vulnerability to take control of an affected system. NCCIC encourages users and administrators to review Drupal’s Security Advisory and apply the necessary updates. This product is provided subject to this Notification […]

Posted in News, Security, Updates, Vulnerability | Tagged , | Comments Off on Drupal Releases Critical Security Updates

Apple Releases Multiple Security Updates

Original release date: April 24, 2018 Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review Apple security pages for the following products and apply the necessary updates: Safari 11.1 macOS High […]

Posted in News, Security, Updates, Vulnerability | Tagged , | Comments Off on Apple Releases Multiple Security Updates

EUD Security Guidance: Windows 10 – 1709

About this guidance This guidance has been updated to cover the 1709 “Fall Creators Update” of Windows 10 Enterprise. It builds on the previous 1703 “Creators Update” guidance. Testing was performed on a Windows Hardware Certified device, running Windows 10 Enterprise. The hardware was a Dell Latitude, managed with Active Directory on Server 2016. This guidance is not applicable to Windows devices […]

Posted in NCSC, News, Security, Updates | Tagged , | Comments Off on EUD Security Guidance: Windows 10 – 1709

Windows 10 1607 not supported after 10th April 2018

As mentioned in a previous post, Microsoft’s support model has changed in Windows 10. Most customers are on an 18 Month supported version window. The next version to be out of support is 1607. This was a surprise to a recent Cyber Essentials Plus customer and seems to have missed the IT provider also. The […]

Posted in Blog, Cyber Essentials, IASME, Information Assurance, Microsoft, Security, Update, Updates, windows | Comments Off on Windows 10 1607 not supported after 10th April 2018

Drupal Releases Security Updates

Original release date: April 18, 2018 Drupal has released updates addressing a vulnerability in Drupal 8 and 7. A remote attacker could exploit this vulnerability to gain access to sensitive information. NCCIC encourages users and administrators to review the Drupal Security Advisory for additional information and apply the necessary updates. This product is provided subject […]

Posted in News, Security, Updates, Vulnerability | Tagged , | Comments Off on Drupal Releases Security Updates

Cisco Releases Security Updates for Multiple Products

Original release date: April 18, 2018 Cisco has released several updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates: Cisco WebEx Clients Remote Code […]

Posted in News, Security, Updates, Vulnerability | Tagged , | Comments Off on Cisco Releases Security Updates for Multiple Products

Google Releases Security Update for Chrome

Original release date: April 18, 2018 Google has released Chrome version 66.0.3359.117 for Windows, Mac, and Linux. This version addresses vulnerabilities that a remote attacker could exploit to take control of an affected system. NCCIC encourages users and administrators to review the Chrome Releases page and apply the necessary update. This product is provided subject […]

Posted in News, Security, Updates, Vulnerability | Tagged , | Comments Off on Google Releases Security Update for Chrome

Oracle Releases April 2018 Security Bulletin

Original release date: April 17, 2018 Oracle has released its Critical Patch Update for April 2018 to address 254 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the Oracle April 2018 Critical Patch Update and apply […]

Posted in News, Security, Updates, Vulnerability | Tagged , | Comments Off on Oracle Releases April 2018 Security Bulletin

Russian state-sponsored cyber actors targeting network infrastructure devices

Introduction This joint Technical Alert (TA) or advisory is the result of analytic efforts between the Department of Homeland Security (DHS), the Federal Bureau of Investigation (FBI), and the United Kingdom’s National Cyber Security Centre (NCSC). It provides information on the worldwide cyber exploitation of network infrastructure devices (e.g. routers, switches, firewalls, Network-based Intrusion Detection System […]

Posted in News, Security, Update, Vulnerability | Tagged , | Comments Off on Russian state-sponsored cyber actors targeting network infrastructure devices

Russian state-sponsored cyber actors targeting network infrastructure devices

Introduction This joint Technical Alert (TA) or advisory is the result of analytic efforts between the Department of Homeland Security (DHS), the Federal Bureau of Investigation (FBI), and the United Kingdom’s National Cyber Security Centre (NCSC). It provides information on the worldwide cyber exploitation of network infrastructure devices (e.g. routers, switches, firewalls, Network-based Intrusion Detection System […]

Posted in News, Security, Update, Vulnerability | Tagged , | Comments Off on Russian state-sponsored cyber actors targeting network infrastructure devices