Cyber Security Information Portal
NSA Releases Guidance on Securing Wireless Devices While in Public 07/30/2021 07:02 AM EDT Original release date: July 30, 2021 The National Security Agency (NSA) has released an information sheet with guidance on securing wireless devices while in public for National Security System, Department of Defense, and Defense Industrial Base teleworkers, as well as the …
Continue reading “NSA Releases Guidance on Securing Wireless Devices While in Public”
CISA Announces Vulnerability Disclosure Policy (VDP) Platform 07/30/2021 07:04 AM EDT Original release date: July 30, 2021 CISA has announced the establishment of its Vulnerability Disclosure Policy (VDP) Platform for the federal civilian enterprise, which will allow the Federal Civilian Executive Branch to coordinate with the civilian security research community in a streamlined fashion. The …
Continue reading “CISA Announces Vulnerability Disclosure Policy (VDP) Platform”
Top Routinely Exploited Vulnerabilities 07/28/2021 08:00 AM EDT Original release date: July 28, 2021 CISA, the Australian Cyber Security Centre (ACSC), the United Kingdom’s National Cyber Security Centre (NCSC), and the U.S. Federal Bureau of Investigation (FBI) have released the Joint Cybersecurity Advisory Top Routinely Exploited Vulnerabilities, which details the top vulnerabilities routinely exploited by …
CISA Releases Security Advisory for Geutebruck Devices 07/27/2021 12:05 PM EDT Original release date: July 27, 2021 CISA has released an Industrial Control Systems (ICS) advisory detailing multiple vulnerabilities in multiple Geutebruck G-CAM E2 series devices and Encoder G-Code versions. A remote attacker could exploit some of these vulnerabilities to take control of an affected …
Continue reading “CISA Releases Security Advisory for Geutebruck Devices”
Microsoft Releases Guidance for Mitigating PetitPotam NTLM Relay Attacks 07/27/2021 07:03 AM EDT Original release date: July 27, 2021 On July 23, Microsoft released KB5005413: Mitigating NTLM Relay Attacks on Active Directory Certificate Services (AD CS) to address a NTLM Relay Attack named PetitPotam. CISA encourages users and administrators to review KB5005413 and apply the necessary mitigations. …
Continue reading “Microsoft Releases Guidance for Mitigating PetitPotam NTLM Relay Attacks”
Apple Releases Security Updates 07/27/2021 07:05 AM EDT Original release date: July 27, 2021 Apple has released security updates to address a vulnerability in multiple products. An attacker could exploit this vulnerability to take control of an affected device. CISA encourages users and administrators to review the security update page for the following products and …
Vulnerability Summary for the Week of July 19, 2021 07/26/2021 06:44 AM EDT Original release date: July 26, 2021 High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info dlink — dir-3040_firmware A hard-coded password vulnerability exists in the Libcli Test Environment functionality of D-LINK DIR-3040 1.13B03. A specially crafted network …
Continue reading “Vulnerability Summary for the Week of July 19, 2021”
Drupal Releases Security Updates 07/22/2021 10:00 AM EDT Original release date: July 22, 2021 Drupal has released security updates to address a critical third-party-library vulnerability that could affect Drupal 7, 8.9, 9.1, and 9.2. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review the …
Cisco Releases Security Updates 07/22/2021 10:01 AM EDT Original release date: July 22, 2021 Cisco has released security updates to address multiple vulnerabilities in Intersight Virtual Appliance. An attacker could exploit these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. CISA encourages users and …
2021 CWE Top 25 Most Dangerous Software Weaknesses 07/21/2021 01:07 PM EDT Original release date: July 21, 2021 The Homeland Security Systems Engineering and Development Institute, sponsored by the Department of Homeland Security and operated by MITRE, has released the 2021 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses list. The Top 25 uses …
Continue reading “2021 CWE Top 25 Most Dangerous Software Weaknesses”