Cyber Security Information Portal
Google Releases Security Updates for Chrome 10/29/2021 10:42 AM EDT Original release date: October 29, 2021 Google has released Chrome version 95.0.4638.69 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. Some of these vulnerabilities have been detected in exploits in the wild. …
Continue reading “Google Releases Security Updates for Chrome”
GoCD Authentication Vulnerability 10/29/2021 10:05 AM EDT Original release date: October 29, 2021 GoCD has released a security update to address a critical authentication vulnerability in GoCD versions 20.6.0 through 21.2.0. GoCD is an open-source Continuous Integration and Continuous Delivery system. A remote attacker could exploit this vulnerability to obtain sensitive information. CISA encourages users …
NSA-CISA Series on Securing 5G Cloud Infrastructures 10/28/2021 01:13 PM EDT Original release date: October 28, 2021 The National Security Agency (NSA) and CISA have published the first of a four-part series, Security Guidance for 5G Cloud Infrastructures. Security Guidance for 5G Cloud Infrastructures – Part I: Prevent and Detect Lateral Movement provides recommendations for …
Continue reading “NSA-CISA Series on Securing 5G Cloud Infrastructures”
ISC Releases Security Advisory for BIND 10/28/2021 12:05 PM EDT Original release date: October 28, 2021 The Internet Systems Consortium (ISC) has released a security advisory that addresses a vulnerability affecting multiple versions of the ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit this vulnerability to cause a denial-of-service condition. CISA encourages …
Cisco Releases Security Updates for Multiple Products 10/28/2021 12:08 PM EDT Original release date: October 28, 2021 Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisory CISA …
Continue reading “Cisco Releases Security Updates for Multiple Products”
2021 CWE Most Important Hardware Weaknesses 10/28/2021 10:00 AM EDT Original release date: October 28, 2021 The Homeland Security Systems Engineering and Development Institute, sponsored by the Department of Homeland Security and operated by MITRE, has released the 2021 Common Weakness Enumeration (CWE) Most Important Hardware Weaknesses List. The 2021 Hardware List is a compilation …
Continue reading “2021 CWE Most Important Hardware Weaknesses”
FBI Releases Indicators of Compromise Associated with Ranzy Locker Ransomware 10/27/2021 11:29 AM EDT Original release date: October 27, 2021 The Federal Bureau of Investigation (FBI) has released a Flash report detailing indicators of compromise (IOCs) associated with attacks using Ranzy Locker, a ransomware variant first identified targeting victims in the United States in late …
Continue reading “FBI Releases Indicators of Compromise Associated with Ranzy Locker Ransomware”
Adobe Releases Security Updates for Multiple Products 10/27/2021 11:14 AM EDT Original release date: October 27, 2021 Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Adobe’s Security Bulletins and …
Continue reading “Adobe Releases Security Updates for Multiple Products”
Apple Releases Security Updates for Multiple Products 10/27/2021 11:10 AM EDT Original release date: October 27, 2021 Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Apple security pages for …
Continue reading “Apple Releases Security Updates for Multiple Products”
NOBELIUM Attacks on Cloud Services and other Technologies 10/25/2021 02:44 PM EDT Original release date: October 25, 2021 Microsoft has released a blog on NOBELIUM attacks on cloud services and other technologies. CISA urges users and administrators to review [NOBELIUM targeting delegated administrative privileges to facilitate broader attacks] and apply the necessary mitigations. This product …
Continue reading “NOBELIUM Attacks on Cloud Services and other Technologies”