Cyber Security Information Portal
CISA Updates Alert on Pulse Connect Secure 04/30/2021 10:07 AM EDT Original release date: April 30, 2021 CISA has updated Alert AA21-110A: Exploitation of Pulse Connect Secure Vulnerabilities, originally released April 20. This update adds a new Detection section providing information on Impossible Travel and Transport Layer Security (TLS) Fingerprinting that may be useful in …
Continue reading “CISA Updates Alert on Pulse Connect Secure”
Codecov Releases New Detections for Supply Chain Compromise 04/30/2021 11:00 AM EDT Original release date: April 30, 2021 CISA is aware of a compromise of the Codecov software supply chain in which a malicious threat actor made unauthorized alterations of Codecov’s Bash Uploader script, beginning on January 31, 2021. Upon discovering the compromise on April …
Continue reading “Codecov Releases New Detections for Supply Chain Compromise”
Samba Releases Security Updates 04/30/2021 10:27 AM EDT Original release date: April 30, 2021 The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Samba Security …
ISC Releases Security Advisory for BIND 04/29/2021 11:39 AM EDT Original release date: April 29, 2021 The Internet Systems Consortium (ISC) has released a security advisory that addresses a vulnerability affecting multiple versions of ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit this vulnerability to take control of an affected system. CISA …
Cisco Releases Security Updates for Multiple Products 04/29/2021 11:42 AM EDT Original release date: April 29, 2021 Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit one of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories …
Continue reading “Cisco Releases Security Updates for Multiple Products”
CISA Releases ICS Advisory on Real-Time Operating System Vulnerabilities 04/29/2021 12:00 PM EDT Original release date: April 29, 2021 CISA has released Industrial Control Systems Advisory ICSA-21-119-04 Multiple RTOS to provide notice of multiple vulnerabilities found in real-time operating systems (RTOS) and supporting libraries. Successful exploitation of these vulnerabilities could result in unexpected behavior such …
Continue reading “CISA Releases ICS Advisory on Real-Time Operating System Vulnerabilities”
Apple Releases Security Updates 04/27/2021 09:51 AM EDT Original release date: April 27, 2021 Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Apple security pages for the following products …
Google Releases Security Updates for Chrome 04/27/2021 09:50 AM EDT Original release date: April 27, 2021 Google has released Chrome version 90.0.4430.93 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the Chrome Release Note and …
Continue reading “Google Releases Security Updates for Chrome”
CISA and NIST Release New Interagency Resource: Defending Against Software Supply Chain Attacks 04/26/2021 08:07 AM EDT Original release date: April 26, 2021 A software supply chain attack—such as the recent SolarWinds Orion attack—occurs when a cyber threat actor infiltrates a software vendor’s network and employs malicious code to compromise the software before the vendor …
Vulnerability Summary for the Week of April 19, 2021 04/26/2021 07:37 AM EDT Original release date: April 26, 2021 High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info adobe — robohelp Adobe Robohelp version 2020.0.3 (and earlier) is affected by an uncontrolled search path element vulnerability that could lead to …
Continue reading “Vulnerability Summary for the Week of April 19, 2021”