Security Updates
Contact us for more information

System Protection

7/17/19:

Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the following advisories and apply the necessary updates:

7/16/19:

Microsoft has released updates to address a vulnerability in PowerShell Core versions 6.1 and 6.2. An attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review the Microsoft Security Advisory and apply the necessary updates.

Oracle has released its Critical Patch Update for July 2019 to address 319 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourages users and administrators to review the Oracle July 2019 Critical Patch Update and apply the necessary updates.

7/15/19:

Google has released Chrome 75.0.3770.142 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker can exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release and apply the necessary updates.

7/10/19:

Cisco has released security updates to address a vulnerability in Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software. A remote attacker could exploit this vulnerability to cause a denial-of-service condition. We encourage users and administrators to review the Cisco Security Advisory and apply the necessary updates.

Juniper Networks has released security updates to address multiple vulnerabilities in various products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Juniper Security Advisories webpage and apply the necessary updates.

7/9/19:

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s July 2019 Security Update Summary and Deployment Information and apply the necessary updates.

Intel has released security updates to address vulnerabilities in Intel Solid State Drives for Data Centers and Intel Processor Diagnostic Tool. An attacker could exploit these vulnerabilities to gain an escalation of privileges on a previously infected machine. We encourages users and administrators to review Intel Security Advisories INTEL-SA-00267 and INTEL-SA-00268 and apply the necessary updates.

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Mozilla Security Advisory for Firefox 68 and Firefox ESR 60.8 and apply the necessary updates.

Adobe has released security updates to address vulnerabilities affecting Bridge CC, Experience Manager, and Dreamweaver. An attacker could exploit one of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Adobe Security Bulletins APSB19-37, APSB19-38, and APSB19-40 and apply the necessary updates.


Cybersecurity Services:

Threat Assessment      Vulnerability Management     Detection & Defense     Incident Response     Compliance     Cybersecurity Training


Learn about Advanced Cybersecurity in Business Systems such as Microsoft Dynamics 365 / Dynamics NAV, Azure Cloud, Dynamics CRM, Office 365 / SharePoint, and Intuit QuickBooks Enterprise.


7/3/19:

Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the following advisories and apply the necessary updates

7/2/19:

VMware has released a security advisory to address vulnerabilities affecting multiple products. An attacker could exploit these vulnerabilities to cause a denial-of-service condition. We encourage users and administrators to review the VMware Security Advisory VMSA-2019-0009 and apply mitigations or patches, when available.

6/27/19:

Google has released Chrome OS version 75.0.3770.102 for Chrome devices. This version addresses multiple vulnerabilities that an attacker could exploit to obtain sensitive information. We encourage users and administrators to review the Google Chrome blog entry and apply the necessary updates.

6/26/19:

Cisco has released security updates to address vulnerabilities in Cisco Data Center Network Manager (DCNM). A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the following advisories and apply the necessary updates:

6/21/19:

Dell has released a security advisory to address a vulnerability in Dell SupportAssist software. An attacker could exploit this vulnerability to access sensitive information. We encourage users and administrators to review Dell Security Advisory DSA-2019-084 and apply the necessary update.

6/20/19:

Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review the Mozilla Security Advisory for Firefox 67.0.4 and Firefox ESR 60.7.2 and apply the necessary updates.

Microsoft has released an update to address a vulnerability in Outlook for Android. An attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review the Microsoft Security Advisory and apply the necessary update.

Apple releases security updates to address vulnerabilities in AirPort Express, AirPort Extreme, and AirPort Time Capsule wireless routers with 802.11n. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Apple security page for AirPort Base Station Firmware Update 7.8.1 and apply the necessary updates.

6/19/19:

Oracle has released a security alert to address a vulnerability in WebLogic. A remote attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild. We encourage users and administrators to review the Oracle Security Alert and apply the necessary updates.

Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review and apply the necessary updates.

6/18/19:

Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild. We encourage users and administrators to review the Mozilla Security Advisory for Firefox 67.0.3 and Firefox ESR 60.7.1 and apply the necessary updates.

6/13/19:

Mozilla has released a security update to address vulnerabilities in Thunderbird. We encourage users and administrators to review the Mozilla Security Advisory for Thunderbird 60.7.1 and apply the necessary update.

Google has released Chrome 75.0.3770.90 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker can exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release and apply the necessary updates.

6/12/19:

Cisco has released a security update to address a vulnerability in Cisco IOS XE. A remote attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review the Cisco Security Advisory and apply the necessary update.

6/11/9:

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s June 2019 Security Update Summary and Deployment Information and apply the necessary updates.

Adobe has released security updates to address vulnerabilities affecting ColdFusion, Adobe Campaign, and Adobe Flash Player. An attacker could exploit some these vulnerabilities to take control of an affected system. We encourage users and administrators to review Adobe Security Bulletins APSB19-27, APSB19-28, and APSB19-30 and apply the necessary updates.

6/6/19:

VMware has released security updates to address vulnerabilities affecting Tools 10 and Workstation 15. An attacker could exploit one of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the VMware Security Advisory VMSA-2019-0009 and apply the necessary updates.

6/5/19:

Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the following Cisco advisories and apply the necessary updates:

6/4/19:

Google has released Chrome version 75.0.3770.80 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release and apply the necessary update.

The National Security Agency (NSA) has released a cybersecurity advisory for CVE-2019-0708—a vulnerability dubbed BlueKeep. Although Microsoft has issued a patch, potentially millions of machines are still unpatched and remain vulnerable. We encourage users and administrators to review NSA’s news release and advisory, Microsoft Security Response Center’s “A Reminder to Update Your Systems to Prevent a Worm“, and Microsoft Customer Guidance for CVE-2019-0708.

CISA recommends patching the affected operating systems:

5/30/19:

Apple has released AirPort Base Station Firmware Update 7.91 to address vulnerabilities in AirPort Extreme and AirPort Time Capsule wireless routers. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Apple security page for AirPort Base Station Firmware Update 7.9.1 and apply the necessary updates.

5/21/19:

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Mozilla Security Advisories for Firefox 67 and Firefox ESR 60.7 and apply the necessary updates.

5/16/19:

Microsoft has released security updates to address a remote code execution vulnerability in the following in-support and out-of-support operating systems:

  • In-support systems: Windows 7, Windows Server 2008 R2, and Windows Server 2008
  • Out-of-support systems: Windows 2003 and Windows XP

A remote attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review the Microsoft Security Advisory and Microsoft Customer Guidance for CVE-2019-0708 and apply the necessary updates.

5/15/19:

Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Cisco Security Advisories page and apply the necessary updates.

5/14/19:

VMware has released security updates to address vulnerabilities in vCenter Server, ESXi, Workstation, and Fusion. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review VMware Security Advisories VMSA-2019-0007 and VMSA-2019-0008 and apply the necessary updates.

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s May 2019 Security Update Summary and Deployment Information and apply the necessary updates.

Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Adobe Security Bulletins APSB19-29, APSB19-26, and APSB19-18 and apply the necessary updates.

Intel has released security updates and recommendations to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Intel Product Security Center Advisories page, apply the necessary mitigations, and refer to vendors for appropriate patches, when available.

Facebook has released a security advisory to address a vulnerability in WhatsApp. A remote attacker could exploit this vulnerability to take control of an affected device. We encourage users to review the Facebook Security Advisory for CVE-2019-3568 and upgrade to the appropriate WhatsApp version on their smart phones.

Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Apple security pages for the following products and apply the necessary updates:

5/13/19:

Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the following Cisco Security Advisories and apply the necessary updates:

5/7/19:

Cisco has released a security update to address a vulnerability in Cisco Elastic Services Controller. A remote attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review the Cisco Security Advisory and apply the necessary update.

5/1/19:

Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Cisco Security Advisory page and apply the necessary updates.

4/30/19:

Google has released Chrome version 74.0.3729.131 for Windows, Mac, and Linux. This version addresses two vulnerabilities, one of which an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release and apply the necessary updates.

4/26/19:

Oracle has released a security alert to address a vulnerability in WebLogic. A remote attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review the Oracle Security Alert for more information and apply the necessary updates.

4/23/19:

Google has released Chrome version 74.0.3729.108 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release and apply the necessary update.

4/17/19:

Cisco has released a security update to address a vulnerability in Cisco IOS XR. A remote attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review the Cisco Security Advisory and apply the necessary update.

4/16/19:

Oracle has released its Critical Patch Update for April 2019 to address 297 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Oracle April 2019 Critical Patch Update and apply the necessary updates.

4/12/19:

VMware has released security updates to address vulnerabilities in ESXi, Workstation, and Fusion. An attacker could exploit some of these vulnerabilities to obtain sensitive information. We encourage users and administrators to review VMware Security Advisory VMSA-2019-0006 and apply the necessary updates.

4/9/19:

Adobe has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Adobe Security Bulletins and Advisories page and apply the necessary updates.

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s April 2019 Security Update Summary and Deployment Information and apply the necessary updates.

Intel has released security updates and recommendations to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the following Intel Security Advisories and apply the necessary updates and mitigations:

4/4/19:

The Apache Software Foundation has released Apache HTTP Server version 2.4.39 to address multiple vulnerabilities. An attacker could exploit one of these vulnerabilities to take control of an affected system.  We encourage users and administrators to review the Apache HTTP Server 2.4 vulnerabilities page and apply the necessary updates.

3/29/19:

VMware has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the VMware Security Advisories VMSA-2019-0004 and VMSA-2019-0005 and apply the necessary updates.

3/28/19:

Cisco has released a security update to address a vulnerability in Cisco IOS XE. An attacker could exploit this vulnerability to obtain sensitive information. We encourage users and administrators to review the Cisco Security Advisory and apply the necessary update.

3/27/19:

Cisco has released several security advisories to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Cisco Security Advisories and apply the necessary updates.

3/25/19:

Mozilla has released a security update to address vulnerabilities in Thunderbird. An attacker could exploit these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Mozilla Security Advisory for Thunderbird 60.6.1 and apply the necessary update.

Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Apple security pages for the following products and apply the necessary updates:

3/22/19:

Mozilla has released security updates to address vulnerabilities in Firefox. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Mozilla Security Advisories for Firefox 60.6.1 and Firefox 66.0.1 and apply the necessary updates.

3/20/19:

Cisco has released several security advisories to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the following Cisco Security Advisories and apply the necessary updates.

3/19/19:

Microsoft Ending Support for Windows 7 – After January 14, 2020, Microsoft will no longer provide security updates or support for PCs running the Windows 7 operating system. After this date, this product will no longer receive free Technical support for any issues, Software updates & Security updates or fixes. Computers running the Windows 7 operating system will continue to work even after support ends. However, using unsupported software may increase the risks from viruses and other security threats. We encourage users and administrators to upgrade to a currently supported operating system. For more information, see the Microsoft End of Support FAQ.

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system.We encourage users and administrators to review the Mozilla Security Advisories for Firefox ESR 60.6 and Firefox 66 and apply the necessary updates.

3/15/19:

Intel has released security updates and recommendations to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Intel Product Security Center Advisories page, apply the necessary mitigations, and refer to software vendors for appropriate patches, when available.

VMware has released security updates to address vulnerabilities affecting Workstation 14 and 15, and Horizon 6 and 7. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review VMware Security Advisories VMSA-2019-0002 and VMSA-2019-0003 and apply the necessary updates.

3/13/19:

Google has released Chrome version 73.0.3683.75 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that an attacker could exploit to take control of an affected system. We encurage users and administrators to review the Chrome Release and apply the necessary updates.

Cisco has released security updates to address vulnerabilities in Cisco products. A remote attacker could exploit one of these vulnerabilities to cause a denial-of-service condition. We encourage users and administrators to review the following Cisco Advisories and apply the necessary updates:

3/12/19:

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s March 2019 Security Update Summary and Deployment Information and apply the necessary updates.

Adobe has released security updates to address vulnerabilities in Adobe Photoshop CC and Adobe Digital Editions. An attacker could exploit these vulnerabilities to take control of an affected system. We encourage users and administrators to review Adobe Security Bulletins APSB19-15 and APSB19-16 and apply the necessary updates.

3/7/19:

Google has released Chrome version 72.0.3626.121 for Windows, Mac, and Linux. This version addresses a vulnerability that a remote attacker could exploit to take control of an affected system. This vulnerability was detected in exploits in the wild. We encourage users and administrators to review the Google Chrome blog entry and apply the necessary updates.

3/6/19:

Cisco has released multiple security updates to address vulnerabilities in various Cisco products. An attacker could exploit some of those vulnerabilities to take control of an affected system. We encourage users and administrators to review the Cisco Security Advisories and apply the necessary updates.

3/1/19:

Adobe has released security updates to address a vulnerability in ColdFusion. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild. We encourage users and administrators to review Adobe Security Bulletin APSB19-14 and apply the necessary updates or mitigation.

2/27/19:

Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the following Cisco Advisories and apply the necessary updates:

2/21/19:

Adobe has released security updates to address a vulnerability in Adobe Acrobat and Reader. An attacker could exploit this vulnerability to obtain sensitive information. We encourage users and administrators to review Adobe Security Bulletin APSB19-13 and apply the necessary updates.

2/20/19:

Cisco has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Cisco Security Advisory and apply the necessary updates.

2/15/19:

VMware has released security updates to address a vulnerability affecting multiple VMware products. An attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review VMware Security Advisory VMSA-2019-0001 and apply the necessary updates.

2/14/19:

Mozilla has released a security update to address vulnerabilities in Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Mozilla Security Advisory for Thunderbird 60.5.1 and apply the necessary update.

2/12/19:

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s February 2019 Security Update Summary and Deployment Information and apply the necessary updates.

Adobe has released security updates to address vulnerabilities affecting Adobe Flash Player, Acrobat and Reader, ColdFusion, and Creative Cloud Desktop Application. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Adobe Security Bulletins, APSB19-06, APSB19-07, APSB19-10, and APSB19-11, and apply the necessary updates.

Cisco has released a security update to address a vulnerability in Network Assurance Engine. An attacker could exploit this vulnerability to obtain sensitive information. We encourage users and administrators to review the Cisco Security Advisory and apply the necessary update.

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Mozilla Security Advisories for Firefox 65.0.1 and Firefox ESR 60.5.1 and apply the necessary updates.

2/7/19:

Apple has released security updates to address vulnerabilities in multiple products, including the recently discovered FaceTime vulnerability. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Apple security pages for the following products and apply the necessary updates:

2/6/19:

Microsoft has released an advisory to address an elevation of privilege vulnerability in Microsoft Exchange Server. An attacker could exploit this vulnerability to take control of an affected system. We encourages users and administrators to review the Microsoft Security Advisory and the CERT Coordination Center’s Vulnerability Note VU#465632 and consider the workarounds until an update is available.

1/29/19:

Google has released Chrome version 72.0.3626.81 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Releases page and apply the necessary updates.

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Mozilla Security Advisories for Firefox 65 and Firefox ESR 60.5 and apply the necessary updates.

1/23/19:

Cisco has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Cisco Security Advisory page and apply the necessary updates.

1/22/19:

Adobe has released security updates to address vulnerabilities in Adobe Experience Manager. An attacker could exploit these vulnerabilities to obtain sensitive information. We encourage users and administrators to review Adobe Security Bulletins APSB19-03 and APSB19-09 and apply the necessary updates.

Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Apple Security Updates page and apply the necessary updates.

1/15/19:

Oracle has released its Critical Patch Update for January 2019 to address 284 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Oracle January 2019 Critical Patch Update and apply the necessary updates.

1/9/19:

Cisco has released security updates to address vulnerabilities in Cisco AsyncOS Software for Cisco Email Security Appliance. A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition. We encourage users and administrators to review the following Cisco Security Advisories and apply the necessary updates:

Cisco Email Security Appliance Memory Corruption Denial of Service Vulnerability [cisco-sa-20190109-esa-dos]
Cisco Email Security Appliance URL Filtering Denial of Service Vulnerability [cisco-sa-20190109-esa-url-dos]

1/8/19:

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s January 2019 Security Update Summary and Deployment Information and apply the necessary updates.

Adobe has released security updates to address vulnerabilities in Adobe Connect and Adobe Digital Editions. An attacker could exploit one of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Adobe Security Advisories APSB19-05 and APSB19-04, and apply the necessary updates.

1/4/19:

The CERT Coordination Center (CERT/CC) has released information on vulnerabilities affecting versions of Microsoft Windows and Windows Server. A remote attacker could exploit these vulnerabilities to take control of an affected system. We encourage users and administrators to review CERT/CC’s Vulnerability Notes VU#289907 and VU#531281 and Microsoft’s security advisories for CVE-2018-8611 and CVE-2018-8626 and apply the necessary updates.

1/3/19:

Adobe has released security updates to address vulnerabilities in Adobe Acrobat and Reader. An attacker could exploit these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Adobe Security Bulletin APSB19-02 and apply the necessary updates.

12/19/18:

Microsoft has released security updates to address a vulnerability in Internet Explorer 9, 10, and 11. An attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review the Microsoft Security Update Guide and the CERT Coordination Center’s Vulnerability Note VU#573168 and apply the necessary updates.

12/12/18:

Google has released Chrome Version 71.0.3578.98 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Releases page and apply the necessary updates.

12/11/18:

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker could exploit some of these vulnerabilities to obtain access to sensitive information. We encourage users and administrators to review Microsoft’s December 2018 Security Update Summary and Deployment Information and apply the necessary updates.

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Mozilla Security Advisories for Firefox 64 and Firefox ESR 60.4 and apply the necessary updates.

Adobe has released security updates to address vulnerabilities in Adobe Acrobat and Reader. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Adobe Security Bulletin APSB18-41 and apply the necessary updates.

12/6/18:

Adobe has released security updates to address vulnerabilities in Adobe Flash Player and Adobe Flash Player installer. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Adobe Security Bulletin APSB18-42 and apply the necessary updates.

12/5/18:

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Apple security pages for the following products and apply the necessary updates:

12/4/18:

Google has released Chrome version 71.0.3578.80 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Releases page and apply the necessary updates.

11/28/18:

Cisco has released a security update to address a vulnerability in Cisco Prime License Manager. A remote attacker could exploit this vulnerability to obtain sensitive information. We encourage users and administrators to review the Cisco Security Advisory and apply the necessary update.

11/22/18:

VMware has released security updates to address a vulnerability in Workstation and Fusion. An attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review VMware Security Advisory VMSA-2018-0030 and apply the necessary updates.

11/20/18:

Adobe has released security updates to address a vulnerability in Adobe Flash Player. An attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review Adobe Security Bulletin APSB18-44 and apply the necessary updates.

11/13/18:

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s November 2018 Security Update Summary and Deployment Information and apply the necessary updates.

11/7/18:

Cisco has released security updates to address vulnerabilities affecting Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the following Cisco Security Advisories and apply the necessary updates:

10/31/18:

Mozilla has released a security update to address vulnerabilities in Thunderbird ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Mozilla Security Advisory for Thunderbird ESR 60.3 and apply the necessary update.

10/24/18:

Mozilla has released a security update to address vulnerabilities in Thunderbird ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Mozilla Security Advisory for Thunderbird ESR 60.3 and apply the necessary update.

10/19/18:

Microsoft has released a security update to address a vulnerability in the Yammer desktop application. A remote attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review the Microsoft Security Advisory and apply the necessary update.

10/17/18:

Cisco has released security updates to address multiple vulnerabilities affecting Cisco products. An attacker could exploit one of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Cisco Security Advisories and Alerts webpage and apply the necessary updates.

10/16/18:

The Federal Bureau of Investigation (FBI) has released an article on building a digital defense against phishing scams targeting electronically deposited paychecks. In these schemes, scammers use phishing emails to direct employees to fraudulent websites and collect their work credentials. Scammers then use victims’ credentials to replace legitimate direct deposit information with their own account details. We encourage users to review the FBI Article and NCCIC Tip on Avoiding Social Engineering and Phishing Attacks for more information. If you believe you have been a victim of these scams, report it to the FBI’s Internet Crime Complaint Center at www.ic3.gov.

Oracle has released its Critical Patch Update for October 2018 to address 301 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Oracle October 2018 Critical Patch Update and apply the necessary updates.

VMware has released security updates to address a vulnerability in ESXi, Workstation, and Fusion. An attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review VMware Security Advisory VMSA-2018-0026 and apply the necessary updates.

Google has released Chrome version 70.0.3538.67 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. we encourage users and administrators to review the Chrome Releases page and apply the necessary update.

10/12/18:

The Multi-State Information Sharing & Analysis Center (MS-ISAC) has released an advisory on multiple Hypertext Preprocessor (PHP) vulnerabilities. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review MS-ISAC Advisory 2018-113 and the PHP Downloads page and apply the necessary updates.

10/9/18:

Adobe has released security updates to address vulnerabilities in Adobe Digital Editions, Framemaker, and Technical Communications Suite. An attacker could exploit these vulnerabilities to take control of an affected system. We encourage users and administrators to review Adobe Security Bulletins APSB18-27, APSB18-37, and APSB18-38 and apply the necessary updates.

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s October 2018 Security Update Summary and Deployment Information and apply the necessary updates.

VMware has released a security advisory to address a vulnerability in ESXi, Workstation, and Fusion. An attacker could exploit this vulnerability to cause a denial-of-service condition. we encourage users and administrators to review VMware Security Advisory VMSA-2018-0025 and apply the necessary workarounds.

10/3/18:

Cisco has released security updates to address multiple vulnerabilities affecting Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Cisco Security Advisories and Alerts webpage and apply the necessary updates.

The Federal Trade Commission (FTC) has released an alert to provide Facebook users with recommended precautions against identity theft after the recent breach of the Facebook social media platform. We encourage users and administrators to review the FTC Alert and the NCCIC Tip on Preventing and Responding to Identity Theft. If you believe you are a victim of identity theft, visit the FTC’s identity theft website to make a report.

Cisco has released several updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Cisco Security Advisories and Alerts webpage and apply the necessary updates.

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. A remote attacker could exploit these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Mozilla Security Advisory for Firefox 62.0.3 and Firefox ESR 60.2.2 and apply the necessary updates.

9/26/18:

Cisco has released several updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Cisco Security Advisories and Alerts webpage and apply the necessary updates.

9/24/18:

Apple has released a security update to address multiple vulnerabilities in macOS Mojave 10.14. An attacker could exploit one of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Apple’s security page for macOS Mojave 10.14 and apply the necessary update.

9/21/18:

Cisco has released a security update to address a vulnerability in Cisco Video Surveillance Manager. A remote attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review the Cisco Security Advisory and apply the necessary update.

9/19/18:

Adobe has released security updates to address vulnerabilities in Adobe Acrobat and Reader. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Adobe Security Bulletin APSB-18-34 and apply the necessary updates.

9/17/18:

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Apple security pages for the following products and apply the necessary updates:

9/11/18:

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s September 2018 Security Update Summary and Deployment Information and apply the necessary updates.

Google has released Chrome version 69.0.3497.92 for Windows, Mac, and Linux. This version addresses vulnerabilities, one of which an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Releases page and apply the necessary update.

Adobe has released security updates to address vulnerabilities in Adobe Flash Player and ColdFusion. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Adobe Security Bulletins APSB18-31 and APSB18-33 and apply the necessary updates.

9/6/18:

VMware has released security updates to address vulnerabilities in VMware AirWatch Agent and Content Locker. An attacker could exploit these vulnerabilities to obtain access to sensitive information. We encourage users and administrators to review the VMware Security Advisory VMSA-2018-0023 and apply the necessary updates.

8/28/18:

VMware has released security updates to address vulnerabilities in VMware AirWatch Agent and Content Locker. An attacker could exploit these vulnerabilities to obtain access to sensitive information. We encourage users and administrators to review the VMware Security Advisory VMSA-2018-0023 and apply the necessary updates.

8/22/18:

The Federal Trade Commission has released an alert on Bitcoin blackmail scams. In these schemes, scammers threaten victims with public disclosure of their “secret” unless they send a payment in Bitcoin. NCCIC encourages users and administrators to refer to the FTC Alert and a related FBI press release for more information.

Adobe has released security updates to address vulnerabilities in Adobe Photoshop CC. An attacker could exploit these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review Adobe Security Bulletin APSB18-28 and apply the necessary updates.

8/15/18:

Cisco has released updates to address vulnerabilities affecting Cisco products. A remote attacker could exploit these vulnerabilities to cause a denial-of-service situation. NCCIC encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates: Web Security Appliance Web Proxy Memory Exhaustion Denial-of-Service Vulnerability cisco-sa-20180815-wsa-dos; Unified Communications Manager IM & Presence Service Denial-of-Service Vulnerability cisco-sa-20180815-ucmimps-dos.

8/14/18:

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review Microsoft’s August 2018 Security Update Summary and Deployment Information and apply the necessary updates.

7/24/18:

Google has released Chrome version 68.0.3440.75 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. NCCIC encourages users and administrators to review the Chrome Releases page and apply the necessary update.

6/13/18:

Apple has released a security update to address vulnerabilities in Xcode. An attacker could exploit one of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review Apple’s security page for Xcode 9.4.1 and apply the necessary update.

5/13/18:

Mozilla has released a security update to address vulnerabilities in Thunderbird. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the Mozilla Security Advisory for Thunderbird 52.8 and apply the necessary update.

4/17/18:

Oracle has released its Critical Patch Update for April 2018 to address 254 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the Oracle April 2018 Critical Patch Update and apply the necessary updates.

4/10/18:

Adobe has released security updates to address vulnerabilities in Adobe PhoneGap Push Plugin, Adobe Digital Editions, Adobe InDesign, Adobe Experience Manager, and Adobe Flash Player. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review Adobe Security Bulletins APSB18-15, APSB18-13, APSB18-11, APSB18-10, and APSB18-08, and apply the necessary updates.

3/21/18:

Citrix has released security updates to address vulnerabilities in its XenServer. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review the Citrix Security Bulletin CTX232655 and apply the necessary updates.

1/30/18 – 2/2/18:

The Internet Crime Complaint Center (IC3) has released an alert on impersonation scams. In these schemes, scammers send emails impersonating IC3 to trick recipients into providing personally identifiable information or downloading malicious files. Users should use caution when reviewing unsolicited messages. Please refer to the IC3 Alert here.

Mozilla has released a security update to address a vulnerability in Firefox.

Cisco has released software updates to address a vulnerability in its IOS XR Software Release 5.3.4 for the Cisco Aggregation Services Router (ASR) 9000 Series. You can review the Cisco Security Advisory here.

The Federal Trade Commission (FTC) has released an article addressing scams targeting online daters. In this type of fraud, cyber criminals target victims, gain their confidence, and trick them into sending money. To stay safer online, review the FTC article on Online Dating Scams.

1/23/18:

Mozilla has released security updates to address vulnerabilities in Firefox ESR and Firefox 58.

Apple has released security updates to address vulnerabilities in multiple products: Safari 11.0.3, watchOS 4.2.2, iOS 11.2.5, macOS High Sierra 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, and tvOS 11.2.5.

1/12/18:

VMware Releases Security Updates for Workstation and Fusion.

1/9/18:

Microsoft Releases January 2018 Security Updates for the following software: Internet Explorer, Windows, Office, .NET Framework, SQL Server and more.

12/12/17:

Microsoft has released December updates to address vulnerabilities in Microsoft software.

12/7/17:

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR.

12/6/17:

Microsoft has released updates to address a vulnerability in Microsoft Malware Protection Engine affecting multiple products.

Apple has released security updates to address vulnerabilities in multiple products:

Google has released Chrome version 63.0.3239.84 for Windows, Mac, and Linux.

11/29/17:

Mozilla has released a security update to address multiple vulnerabilities in Firefox 57.

11/29/17:

Cisco has released security updates to address vulnerabilities in its WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files.

11/20/17:

Symantec has released an update to address a vulnerability in the Symantec Management Console.

11/16/17:

Oracle has released a security alert to address multiple vulnerabilities in Oracle Tuxedo.

11/15/17:

Cisco has released a security update to address a vulnerability in its Voice Operating System software platform. Exploitation of this vulnerability could allow a remote attacker to take control of an affected system.

11/14/17:

Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. Deployment information can be found here.

Mozilla has released security updates to address multiple vulnerabilities in Firefox 57 and ESR 52.5. An attacker could exploit these vulnerabilities to take control of an affected system.

Adobe has released security updates to address vulnerabilities in Flash Player, Photoshop CC, Adobe Connect, DNG Converter, InDesign, Digital Editions, Shockwave Player, and Experience Manager. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. The Security Bulletins are: APSB17-33, APSB17-34, APSB17-35, APSB17-37, APSB17-38, APSB17-39, APSB17-40, and APSB17-41.

11/6/17:

Google has released Chrome version 62.0.3202.89 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.