Security Updates

System Protection

8/22/18:

The Federal Trade Commission has released an alert on Bitcoin blackmail scams. In these schemes, scammers threaten victims with public disclosure of their “secret” unless they send a payment in Bitcoin. NCCIC encourages users and administrators to refer to the FTC Alert and a related FBI press release for more information.

Adobe has released security updates to address vulnerabilities in Adobe Photoshop CC. An attacker could exploit these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review Adobe Security Bulletin APSB18-28 and apply the necessary updates.

8/15/18:

Cisco has released updates to address vulnerabilities affecting Cisco products. A remote attacker could exploit these vulnerabilities to cause a denial-of-service situation. NCCIC encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates: Web Security Appliance Web Proxy Memory Exhaustion Denial-of-Service Vulnerability cisco-sa-20180815-wsa-dos; Unified Communications Manager IM & Presence Service Denial-of-Service Vulnerability cisco-sa-20180815-ucmimps-dos.

8/14/18:

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review Microsoft’s August 2018 Security Update Summary and Deployment Information and apply the necessary updates.

7/24/18:

Google has released Chrome version 68.0.3440.75 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. NCCIC encourages users and administrators to review the Chrome Releases page and apply the necessary update.

6/13/18:

Apple has released a security update to address vulnerabilities in Xcode. An attacker could exploit one of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review Apple’s security page for Xcode 9.4.1 and apply the necessary update.

5/13/18:

Mozilla has released a security update to address vulnerabilities in Thunderbird. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the Mozilla Security Advisory for Thunderbird 52.8 and apply the necessary update.

4/17/18:

Oracle has released its Critical Patch Update for April 2018 to address 254 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the Oracle April 2018 Critical Patch Update and apply the necessary updates.

4/10/18:

Adobe has released security updates to address vulnerabilities in Adobe PhoneGap Push Plugin, Adobe Digital Editions, Adobe InDesign, Adobe Experience Manager, and Adobe Flash Player. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review Adobe Security Bulletins APSB18-15, APSB18-13, APSB18-11, APSB18-10, and APSB18-08, and apply the necessary updates.

3/21/18:

Citrix has released security updates to address vulnerabilities in its XenServer. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review the Citrix Security Bulletin CTX232655 and apply the necessary updates.

1/30/18 – 2/2/18:

The Internet Crime Complaint Center (IC3) has released an alert on impersonation scams. In these schemes, scammers send emails impersonating IC3 to trick recipients into providing personally identifiable information or downloading malicious files. Users should use caution when reviewing unsolicited messages. Please refer to the IC3 Alert here.

Mozilla has released a security update to address a vulnerability in Firefox.

Cisco has released software updates to address a vulnerability in its IOS XR Software Release 5.3.4 for the Cisco Aggregation Services Router (ASR) 9000 Series. You can review the Cisco Security Advisory here.

The Federal Trade Commission (FTC) has released an article addressing scams targeting online daters. In this type of fraud, cyber criminals target victims, gain their confidence, and trick them into sending money. To stay safer online, review the FTC article on Online Dating Scams.

1/23/18:

Mozilla has released security updates to address vulnerabilities in Firefox ESR and Firefox 58.

Apple has released security updates to address vulnerabilities in multiple products: Safari 11.0.3, watchOS 4.2.2, iOS 11.2.5, macOS High Sierra 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, and tvOS 11.2.5.

1/12/18:

VMware Releases Security Updates for Workstation and Fusion.


Learn about Advanced User Security in Microsoft Dynamics NAV 2018 and Intuit QuickBooks Enterprise 2018:

Microsoft Dynamics NAVIntuit QuickBooks Enterprise

1/9/18:

Microsoft Releases January 2018 Security Updates for the following software: Internet Explorer, Windows, Office, .NET Framework, SQL Server and more.

12/12/17:

Microsoft has released December updates to address vulnerabilities in Microsoft software.

12/7/17:

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR.

12/6/17:

Microsoft has released updates to address a vulnerability in Microsoft Malware Protection Engine affecting multiple products.

Apple has released security updates to address vulnerabilities in multiple products:

Google has released Chrome version 63.0.3239.84 for Windows, Mac, and Linux.

Threat Assessment      Vulnerability Management     Detection & Defense     Incident Response     Compliance     Cybersecurity Training

11/29/17:

Mozilla has released a security update to address multiple vulnerabilities in Firefox 57.

11/29/17:

Cisco has released security updates to address vulnerabilities in its WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files.

11/20/17:

Symantec has released an update to address a vulnerability in the Symantec Management Console.

11/16/17:

Oracle has released a security alert to address multiple vulnerabilities in Oracle Tuxedo.

11/15/17:

Cisco has released a security update to address a vulnerability in its Voice Operating System software platform. Exploitation of this vulnerability could allow a remote attacker to take control of an affected system.

11/14/17:

Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. Deployment information can be found here.

Mozilla has released security updates to address multiple vulnerabilities in Firefox 57 and ESR 52.5. An attacker could exploit these vulnerabilities to take control of an affected system.

Adobe has released security updates to address vulnerabilities in Flash Player, Photoshop CC, Adobe Connect, DNG Converter, InDesign, Digital Editions, Shockwave Player, and Experience Manager. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. The Security Bulletins are: APSB17-33, APSB17-34, APSB17-35, APSB17-37, APSB17-38, APSB17-39, APSB17-40, and APSB17-41.

11/6/17:

Google has released Chrome version 62.0.3202.89 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.