Security Updates
Contact us for more information

System Protection

12/10/19:

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s December 2019 Security Update Summary and Deployment Information and apply the necessary updates.

Google has released security updates for Chrome version 79.0.3945.79 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release and apply the necessary updates.

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Apple security pages for the following products and apply the necessary updates:

Intel has released security updates to address vulnerabilities in multiple products. An authenticated attacker with local access could exploit some of these vulnerabilities to gain escalation of privileges. We encourage users and administrators to review the following Intel advisories and apply the necessary updates and recommended mitigations:

Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the following Adobe Security Bulletins and apply the necessary updates.


Cybersecurity Services:

Threat Assessment      Vulnerability Management     Detection & Defense     Incident Response     Compliance     Cybersecurity Training


Learn about Advanced Cybersecurity in Business Systems such as Microsoft Dynamics 365 / Dynamics NAV, Azure Cloud, Dynamics CRM, Office 365 / SharePoint & Intuit QuickBooks Enterprise.


12/6/19:

VMware has released security updates to address a vulnerability in ESXi and Horizon DaaS. An attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review VMware Security Advisory VMSA-2019-0022 and apply the necessary updates and workarounds.

12/5/19:

Microsoft has released a Security Advisory to address an issue in Windows Hello for Business (WHfB). An attacker could exploit this issue on devices that were affected by CVE-2017-15361, also known as Return of Coppersmith’s Attack (ROCA), to take control of an affected system. We encourage users and administrators to review Microsoft Security Advisories ADV190026 and ADV170012 and apply the recommended mitigations.

12/4/19:

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Mozilla Security Advisories for Firefox 71 and Firefox ESR 68.3.

11/12/19:

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s November 2019 Security Update Summary and Deployment Information and apply the necessary updates.

VMware has released security updates to address vulnerabilities in ESXi, Workstation, and Fusion. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review VMware Security Advisories VMSA-2019-0020 and VMSA-2019-0021 and apply the necessary updates.

10/31/19:

Google has released Chrome version 78.0.3904.87 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. One of these vulnerabilities (CVE-2019-13720) was detected in exploits in the wild. We encourage users and administrators to review the Chrome Release and apply the necessary updates.

10/30/19:

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Apple security pages for the following products and apply the necessary updates:

10/23/19:

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourages user and administrators to review the Mozilla Security Advisories for Firefox 70 and Firefox ESR 68.2.

Google has released Chrome version 78.0.3904.70 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release and apply the necessary updates.

10/17/19:

Cisco has released security updates to address vulnerabilities in Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities see the Cisco Security Advisories page. We encourage users and administrators to review the following Cisco Advisories and apply the necessary updates:

10/16/19:

VMware has released a security update to address a vulnerability affecting Harbor Container Registry for Pivotal Cloud Foundry (PCF). An attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review VMware Security Advisory VMSA-2019-0016 and apply the necessary update.

10/15/19:

WordPress 5.2.3 and prior versions are affected by multiple vulnerabilities. An attacker could exploit some of these vulnerabilities to take control of an affected website. We encourage users and administrators to review the WordPress Security Release and upgrade to WordPress 5.2.4.

Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the following Adobe Security Bulletins and apply the necessary updates:

Oracle has released its Critical Patch Update for October 2019 to address 219 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Oracle October 2019 Critical Patch Update and apply the necessary updates.

10/11/19:

Google has released Chrome version 77.0.3865.120 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release and apply the necessary updates.

10/9/19:

Intel has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to gain an escalation of privileges on a previously infected machine. We encourage users and administrators to review the following Intel advisories and apply the necessary updates:

10/8/19:

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Apple security pages for the following products and apply the necessary updates:

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s October 2019 Security Update Summary and Deployment Information and apply the necessary updates.

10/3/19:

Cisco has released security updates to address vulnerabilities affecting multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Cisco Event Response page and apply the necessary updates.

Microsoft has re-released security updates to address a vulnerability in Microsoft software. A remote attacker could exploit this vulnerability to take control of an affected system. Updates are now available automatically via Windows Update or Windows Server Update Services. We encourage users and administrators to review Microsoft Security Advisory for CVE-2019-1367 and apply the necessary updates.

9/27/19:

Apple has released security updates to address a vulnerability in multiple products. A remote attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review the Apple security pages for the following products and apply the necessary updates:

9/25/19:

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit one of these vulnerabilities to obtain access to sensitive information. We encourage users and administrators to review Apple’s security updates page and apply the necessary updates for the following products: iOS 13.1 and iPadOS 13.1, Safari 13.0.1 & tvOS 13.

VMware has released security updates to address vulnerabilities in Cloud Foundation and Harbor Container Registry for Pivotal Cloud Foundry. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review VMware Security Advisory VMSA-2019-0015 and apply the necessary updates and workarounds.

Adobe has released security updates to address vulnerabilities in ColdFusion. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Adobe Security Bulletin APSB19-47 and apply the necessary updates.

9/23/19:

Microsoft has released out-of-band security updates to address vulnerabilities in Microsoft software. A remote attacker could exploit of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft Security Advisories for CVE-2019-1367, CVE-2019-1255, and Microsoft’s Cumulative security update for Internet Explorer and apply the necessary updates.

9/20/19:

VMware has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review VMware Security Advisory VMSA-2019-0014 and apply the necessary updates.

 


Cybersecurity Services:

Threat Assessment      Vulnerability Management     Detection & Defense     Incident Response     Compliance     Cybersecurity Training


Learn about Advanced Cybersecurity in Business Systems such as Microsoft Dynamics 365 / Dynamics NAV, Azure Cloud, Dynamics CRM, Office 365 / SharePoint & Intuit QuickBooks Enterprise.


 

 

9/19/19:

Google has released Chrome 77.0.3865.90 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker can exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release and apply the necessary updates.

9/10/19:

Google has released Chrome version 77.0.3865.75 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Releases page and apply the necessary updates.

Intel has released security updates to address vulnerabilities in multiple products. An attacker could exploit one of these vulnerabilities to gain an escalation of privileges on a previously infected machine. We encourage users and administrators to review Intel’s Security Advisories INTEL-SA-00290 and INTEL-SA-00285 and apply the necessary updates.

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. We encourage users and administrators to review Microsoft’s September 2019 Security Update Summary and Deployment Information and apply the necessary updates.

Adobe has released security updates to address vulnerabilities affecting Flash Player and Application Manager. We encourage users and administrators to review Adobe Security Bulletins APSB19-45 and APSB19-46 and apply the necessary updates.

9/6/19:

WordPress Releases Security Update. WordPress 5.2.2 and prior versions are affected by multiple vulnerabilities. We encourage users and administrators to review the WordPress Security and Maintenance Release and upgrade to WordPress 5.2.3.

9/5/19:

Cisco has released security updates to address vulnerabilities affecting Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the following Cisco Advisories and apply the necessary updates:

9/4/19:

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Mozilla Security Advisories for Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9.

8/29/19:

Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the following Cisco advisories and apply the necessary updates:

8/27/19:

Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Apple security pages for the following products and apply the necessary updates:

Google has released Chrome version 76.0.3809.132 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take control of an affected system. We encourages users and administrators to review the Chrome Release page and apply the necessary updates.

8/22/19:

Cisco has released security updates to address vulnerabilities in Cisco Integrated Management Controller (IMC) Supervisor, Unified Computing System (UCS) Director, and UCS Director Express for Big Data. We encourage users and administrators to review the following Cisco Security Advisories and apply the necessary updates:

8/14/19:

Microsoft has released security updates to address two remote code execution vulnerabilities, CVE-2019-1181 and CVE-2019-1182, in the following operating systems:

  • Windows 7 SP1; Windows Server 2008 R2 SP1; Windows Server 2012; Windows 8.1; Windows Server 2012 R2 & Windows 10

An attacker could exploit these vulnerabilities to take control of an affected system. Similar to CVE-2019-0708—dubbed BlueKeep—these vulnerabilities are considered “wormable” because malware exploiting these vulnerabilities on a system could propagate to other vulnerable systems. We encourage users and users and administrators to review the following resources and apply the necessary updates:

8/13/19:

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s August 2019 Security Update Summary and Deployment Information and apply the necessary updates.

Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit these vulnerabilities to take control of an affected system. We encourage users and administrators to review the following Adobe Security Bulletins and apply the necessary updates:

Intel has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to gain an escalation of privileges on a previously infected machine. We encourage users and administrators to review the following Intel advisories and apply the necessary updates:

8/8/19:

Google has released Chrome version 76.0.3809.100 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release and apply the necessary updates.

Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the following Cisco Security Advisories and apply the necessary updates:

8/3/19:

VMware has released a security advisory to address vulnerabilities affecting multiple products. An attacker could exploit one of these vulnerabilities to take control of an affected system. We encourage users and administrators to review VMware Security Advisory VMSA-2019-0012 and apply the necessary updates and workarounds.

8/1/19:

Cisco has released security updates to address a vulnerability in Cisco Nexus 9000 Series Fabric Switches. An attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review the Cisco Security Advisory and apply the necessary updates.

7/31/19:

Google has released Chrome version 76.0.3809.87 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release and apply the necessary updates.

7/22/19:

Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Apple security pages for the following products and apply the necessary updates:

7/17/19:

Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the following advisories and apply the necessary updates:

7/16/19:

Microsoft has released updates to address a vulnerability in PowerShell Core versions 6.1 and 6.2. An attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review the Microsoft Security Advisory and apply the necessary updates.

Oracle has released its Critical Patch Update for July 2019 to address 319 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourages users and administrators to review the Oracle July 2019 Critical Patch Update and apply the necessary updates.

7/15/19:

Google has released Chrome 75.0.3770.142 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker can exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release and apply the necessary updates.

7/10/19:

Cisco has released security updates to address a vulnerability in Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software. A remote attacker could exploit this vulnerability to cause a denial-of-service condition. We encourage users and administrators to review the Cisco Security Advisory and apply the necessary updates.

Juniper Networks has released security updates to address multiple vulnerabilities in various products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Juniper Security Advisories webpage and apply the necessary updates.

7/9/19:

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s July 2019 Security Update Summary and Deployment Information and apply the necessary updates.

Intel has released security updates to address vulnerabilities in Intel Solid State Drives for Data Centers and Intel Processor Diagnostic Tool. An attacker could exploit these vulnerabilities to gain an escalation of privileges on a previously infected machine. We encourages users and administrators to review Intel Security Advisories INTEL-SA-00267 and INTEL-SA-00268 and apply the necessary updates.

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Mozilla Security Advisory for Firefox 68 and Firefox ESR 60.8 and apply the necessary updates.

Adobe has released security updates to address vulnerabilities affecting Bridge CC, Experience Manager, and Dreamweaver. An attacker could exploit one of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Adobe Security Bulletins APSB19-37, APSB19-38, and APSB19-40 and apply the necessary updates.

7/3/19:

Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the following advisories and apply the necessary updates

7/2/19:

VMware has released a security advisory to address vulnerabilities affecting multiple products. An attacker could exploit these vulnerabilities to cause a denial-of-service condition. We encourage users and administrators to review the VMware Security Advisory VMSA-2019-0009 and apply mitigations or patches, when available.

6/27/19:

Google has released Chrome OS version 75.0.3770.102 for Chrome devices. This version addresses multiple vulnerabilities that an attacker could exploit to obtain sensitive information. We encourage users and administrators to review the Google Chrome blog entry and apply the necessary updates.

6/26/19:

Cisco has released security updates to address vulnerabilities in Cisco Data Center Network Manager (DCNM). A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the following advisories and apply the necessary updates:

6/21/19:

Dell has released a security advisory to address a vulnerability in Dell SupportAssist software. An attacker could exploit this vulnerability to access sensitive information. We encourage users and administrators to review Dell Security Advisory DSA-2019-084 and apply the necessary update.

6/20/19:

Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review the Mozilla Security Advisory for Firefox 67.0.4 and Firefox ESR 60.7.2 and apply the necessary updates.

Microsoft has released an update to address a vulnerability in Outlook for Android. An attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review the Microsoft Security Advisory and apply the necessary update.

Apple releases security updates to address vulnerabilities in AirPort Express, AirPort Extreme, and AirPort Time Capsule wireless routers with 802.11n. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Apple security page for AirPort Base Station Firmware Update 7.8.1 and apply the necessary updates.

6/19/19:

Oracle has released a security alert to address a vulnerability in WebLogic. A remote attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild. We encourage users and administrators to review the Oracle Security Alert and apply the necessary updates.

Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review and apply the necessary updates.

6/18/19:

Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild. We encourage users and administrators to review the Mozilla Security Advisory for Firefox 67.0.3 and Firefox ESR 60.7.1 and apply the necessary updates.

6/13/19:

Mozilla has released a security update to address vulnerabilities in Thunderbird. We encourage users and administrators to review the Mozilla Security Advisory for Thunderbird 60.7.1 and apply the necessary update.

Google has released Chrome 75.0.3770.90 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker can exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release and apply the necessary updates.

6/12/19:

Cisco has released a security update to address a vulnerability in Cisco IOS XE. A remote attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review the Cisco Security Advisory and apply the necessary update.

6/11/9:

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s June 2019 Security Update Summary and Deployment Information and apply the necessary updates.

Adobe has released security updates to address vulnerabilities affecting ColdFusion, Adobe Campaign, and Adobe Flash Player. An attacker could exploit some these vulnerabilities to take control of an affected system. We encourage users and administrators to review Adobe Security Bulletins APSB19-27, APSB19-28, and APSB19-30 and apply the necessary updates.

6/6/19:

VMware has released security updates to address vulnerabilities affecting Tools 10 and Workstation 15. An attacker could exploit one of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the VMware Security Advisory VMSA-2019-0009 and apply the necessary updates.

6/5/19:

Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the following Cisco advisories and apply the necessary updates:

6/4/19:

Google has released Chrome version 75.0.3770.80 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release and apply the necessary update.

The National Security Agency (NSA) has released a cybersecurity advisory for CVE-2019-0708—a vulnerability dubbed BlueKeep. Although Microsoft has issued a patch, potentially millions of machines are still unpatched and remain vulnerable. We encourage users and administrators to review NSA’s news release and advisory, Microsoft Security Response Center’s “A Reminder to Update Your Systems to Prevent a Worm“, and Microsoft Customer Guidance for CVE-2019-0708.

CISA recommends patching the affected operating systems:

5/30/19:

Apple has released AirPort Base Station Firmware Update 7.91 to address vulnerabilities in AirPort Extreme and AirPort Time Capsule wireless routers. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Apple security page for AirPort Base Station Firmware Update 7.9.1 and apply the necessary updates.

5/21/19:

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Mozilla Security Advisories for Firefox 67 and Firefox ESR 60.7 and apply the necessary updates.

5/16/19:

Microsoft has released security updates to address a remote code execution vulnerability in the following in-support and out-of-support operating systems:

  • In-support systems: Windows 7, Windows Server 2008 R2, and Windows Server 2008
  • Out-of-support systems: Windows 2003 and Windows XP

A remote attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review the Microsoft Security Advisory and Microsoft Customer Guidance for CVE-2019-0708 and apply the necessary updates.

5/15/19:

Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Cisco Security Advisories page and apply the necessary updates.

5/14/19:

VMware has released security updates to address vulnerabilities in vCenter Server, ESXi, Workstation, and Fusion. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review VMware Security Advisories VMSA-2019-0007 and VMSA-2019-0008 and apply the necessary updates.

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s May 2019 Security Update Summary and Deployment Information and apply the necessary updates.

Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Adobe Security Bulletins APSB19-29, APSB19-26, and APSB19-18 and apply the necessary updates.

Intel has released security updates and recommendations to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Intel Product Security Center Advisories page, apply the necessary mitigations, and refer to vendors for appropriate patches, when available.

Facebook has released a security advisory to address a vulnerability in WhatsApp. A remote attacker could exploit this vulnerability to take control of an affected device. We encourage users to review the Facebook Security Advisory for CVE-2019-3568 and upgrade to the appropriate WhatsApp version on their smart phones.

Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Apple security pages for the following products and apply the necessary updates:

5/13/19:

Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the following Cisco Security Advisories and apply the necessary updates:

5/7/19:

Cisco has released a security update to address a vulnerability in Cisco Elastic Services Controller. A remote attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review the Cisco Security Advisory and apply the necessary update.

5/1/19:

Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Cisco Security Advisory page and apply the necessary updates.

4/30/19:

Google has released Chrome version 74.0.3729.131 for Windows, Mac, and Linux. This version addresses two vulnerabilities, one of which an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release and apply the necessary updates.

4/26/19:

Oracle has released a security alert to address a vulnerability in WebLogic. A remote attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review the Oracle Security Alert for more information and apply the necessary updates.

4/23/19:

Google has released Chrome version 74.0.3729.108 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Release and apply the necessary update.

4/17/19:

Cisco has released a security update to address a vulnerability in Cisco IOS XR. A remote attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review the Cisco Security Advisory and apply the necessary update.

4/16/19:

Oracle has released its Critical Patch Update for April 2019 to address 297 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Oracle April 2019 Critical Patch Update and apply the necessary updates.

4/12/19:

VMware has released security updates to address vulnerabilities in ESXi, Workstation, and Fusion. An attacker could exploit some of these vulnerabilities to obtain sensitive information. We encourage users and administrators to review VMware Security Advisory VMSA-2019-0006 and apply the necessary updates.

4/9/19:

Adobe has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Adobe Security Bulletins and Advisories page and apply the necessary updates.

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s April 2019 Security Update Summary and Deployment Information and apply the necessary updates.

Intel has released security updates and recommendations to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the following Intel Security Advisories and apply the necessary updates and mitigations:

4/4/19:

The Apache Software Foundation has released Apache HTTP Server version 2.4.39 to address multiple vulnerabilities. An attacker could exploit one of these vulnerabilities to take control of an affected system.  We encourage users and administrators to review the Apache HTTP Server 2.4 vulnerabilities page and apply the necessary updates.

3/29/19:

VMware has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the VMware Security Advisories VMSA-2019-0004 and VMSA-2019-0005 and apply the necessary updates.

3/28/19:

Cisco has released a security update to address a vulnerability in Cisco IOS XE. An attacker could exploit this vulnerability to obtain sensitive information. We encourage users and administrators to review the Cisco Security Advisory and apply the necessary update.

3/27/19:

Cisco has released several security advisories to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Cisco Security Advisories and apply the necessary updates.

3/25/19:

Mozilla has released a security update to address vulnerabilities in Thunderbird. An attacker could exploit these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Mozilla Security Advisory for Thunderbird 60.6.1 and apply the necessary update.

Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Apple security pages for the following products and apply the necessary updates:

3/22/19:

Mozilla has released security updates to address vulnerabilities in Firefox. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Mozilla Security Advisories for Firefox 60.6.1 and Firefox 66.0.1 and apply the necessary updates.

3/20/19:

Cisco has released several security advisories to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the following Cisco Security Advisories and apply the necessary updates.

3/19/19:

Microsoft Ending Support for Windows 7 – After January 14, 2020, Microsoft will no longer provide security updates or support for PCs running the Windows 7 operating system. After this date, this product will no longer receive free Technical support for any issues, Software updates & Security updates or fixes. Computers running the Windows 7 operating system will continue to work even after support ends. However, using unsupported software may increase the risks from viruses and other security threats. We encourage users and administrators to upgrade to a currently supported operating system. For more information, see the Microsoft End of Support FAQ.

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system.We encourage users and administrators to review the Mozilla Security Advisories for Firefox ESR 60.6 and Firefox 66 and apply the necessary updates.

3/15/19:

Intel has released security updates and recommendations to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Intel Product Security Center Advisories page, apply the necessary mitigations, and refer to software vendors for appropriate patches, when available.

VMware has released security updates to address vulnerabilities affecting Workstation 14 and 15, and Horizon 6 and 7. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review VMware Security Advisories VMSA-2019-0002 and VMSA-2019-0003 and apply the necessary updates.

3/13/19:

Google has released Chrome version 73.0.3683.75 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that an attacker could exploit to take control of an affected system. We encurage users and administrators to review the Chrome Release and apply the necessary updates.

Cisco has released security updates to address vulnerabilities in Cisco products. A remote attacker could exploit one of these vulnerabilities to cause a denial-of-service condition. We encourage users and administrators to review the following Cisco Advisories and apply the necessary updates:

3/12/19:

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s March 2019 Security Update Summary and Deployment Information and apply the necessary updates.

Adobe has released security updates to address vulnerabilities in Adobe Photoshop CC and Adobe Digital Editions. An attacker could exploit these vulnerabilities to take control of an affected system. We encourage users and administrators to review Adobe Security Bulletins APSB19-15 and APSB19-16 and apply the necessary updates.

3/7/19:

Google has released Chrome version 72.0.3626.121 for Windows, Mac, and Linux. This version addresses a vulnerability that a remote attacker could exploit to take control of an affected system. This vulnerability was detected in exploits in the wild. We encourage users and administrators to review the Google Chrome blog entry and apply the necessary updates.

3/6/19:

Cisco has released multiple security updates to address vulnerabilities in various Cisco products. An attacker could exploit some of those vulnerabilities to take control of an affected system. We encourage users and administrators to review the Cisco Security Advisories and apply the necessary updates.

3/1/19:

Adobe has released security updates to address a vulnerability in ColdFusion. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild. We encourage users and administrators to review Adobe Security Bulletin APSB19-14 and apply the necessary updates or mitigation.

2/27/19:

Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the following Cisco Advisories and apply the necessary updates:

2/21/19:

Adobe has released security updates to address a vulnerability in Adobe Acrobat and Reader. An attacker could exploit this vulnerability to obtain sensitive information. We encourage users and administrators to review Adobe Security Bulletin APSB19-13 and apply the necessary updates.

2/20/19:

Cisco has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Cisco Security Advisory and apply the necessary updates.

2/15/19:

VMware has released security updates to address a vulnerability affecting multiple VMware products. An attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review VMware Security Advisory VMSA-2019-0001 and apply the necessary updates.

2/14/19:

Mozilla has released a security update to address vulnerabilities in Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Mozilla Security Advisory for Thunderbird 60.5.1 and apply the necessary update.

2/12/19:

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s February 2019 Security Update Summary and Deployment Information and apply the necessary updates.

Adobe has released security updates to address vulnerabilities affecting Adobe Flash Player, Acrobat and Reader, ColdFusion, and Creative Cloud Desktop Application. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Adobe Security Bulletins, APSB19-06, APSB19-07, APSB19-10, and APSB19-11, and apply the necessary updates.

Cisco has released a security update to address a vulnerability in Network Assurance Engine. An attacker could exploit this vulnerability to obtain sensitive information. We encourage users and administrators to review the Cisco Security Advisory and apply the necessary update.

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Mozilla Security Advisories for Firefox 65.0.1 and Firefox ESR 60.5.1 and apply the necessary updates.

2/7/19:

Apple has released security updates to address vulnerabilities in multiple products, including the recently discovered FaceTime vulnerability. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Apple security pages for the following products and apply the necessary updates:

2/6/19:

Microsoft has released an advisory to address an elevation of privilege vulnerability in Microsoft Exchange Server. An attacker could exploit this vulnerability to take control of an affected system. We encourages users and administrators to review the Microsoft Security Advisory and the CERT Coordination Center’s Vulnerability Note VU#465632 and consider the workarounds until an update is available.

1/29/19:

Google has released Chrome version 72.0.3626.81 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Releases page and apply the necessary updates.

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Mozilla Security Advisories for Firefox 65 and Firefox ESR 60.5 and apply the necessary updates.

1/23/19:

Cisco has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Cisco Security Advisory page and apply the necessary updates.

1/22/19:

Adobe has released security updates to address vulnerabilities in Adobe Experience Manager. An attacker could exploit these vulnerabilities to obtain sensitive information. We encourage users and administrators to review Adobe Security Bulletins APSB19-03 and APSB19-09 and apply the necessary updates.

Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Apple Security Updates page and apply the necessary updates.

1/15/19:

Oracle has released its Critical Patch Update for January 2019 to address 284 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Oracle January 2019 Critical Patch Update and apply the necessary updates.

1/9/19:

Cisco has released security updates to address vulnerabilities in Cisco AsyncOS Software for Cisco Email Security Appliance. A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition. We encourage users and administrators to review the following Cisco Security Advisories and apply the necessary updates:

Cisco Email Security Appliance Memory Corruption Denial of Service Vulnerability [cisco-sa-20190109-esa-dos]
Cisco Email Security Appliance URL Filtering Denial of Service Vulnerability [cisco-sa-20190109-esa-url-dos]

1/8/19:

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s January 2019 Security Update Summary and Deployment Information and apply the necessary updates.

Adobe has released security updates to address vulnerabilities in Adobe Connect and Adobe Digital Editions. An attacker could exploit one of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Adobe Security Advisories APSB19-05 and APSB19-04, and apply the necessary updates.

1/4/19:

The CERT Coordination Center (CERT/CC) has released information on vulnerabilities affecting versions of Microsoft Windows and Windows Server. A remote attacker could exploit these vulnerabilities to take control of an affected system. We encourage users and administrators to review CERT/CC’s Vulnerability Notes VU#289907 and VU#531281 and Microsoft’s security advisories for CVE-2018-8611 and CVE-2018-8626 and apply the necessary updates.

1/3/19:

Adobe has released security updates to address vulnerabilities in Adobe Acrobat and Reader. An attacker could exploit these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Adobe Security Bulletin APSB19-02 and apply the necessary updates.

12/19/18:

Microsoft has released security updates to address a vulnerability in Internet Explorer 9, 10, and 11. An attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review the Microsoft Security Update Guide and the CERT Coordination Center’s Vulnerability Note VU#573168 and apply the necessary updates.

12/12/18:

Google has released Chrome Version 71.0.3578.98 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Releases page and apply the necessary updates.

12/11/18:

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker could exploit some of these vulnerabilities to obtain access to sensitive information. We encourage users and administrators to review Microsoft’s December 2018 Security Update Summary and Deployment Information and apply the necessary updates.

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Mozilla Security Advisories for Firefox 64 and Firefox ESR 60.4 and apply the necessary updates.

Adobe has released security updates to address vulnerabilities in Adobe Acrobat and Reader. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Adobe Security Bulletin APSB18-41 and apply the necessary updates.

12/6/18:

Adobe has released security updates to address vulnerabilities in Adobe Flash Player and Adobe Flash Player installer. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Adobe Security Bulletin APSB18-42 and apply the necessary updates.

12/5/18:

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Apple security pages for the following products and apply the necessary updates:

12/4/18:

Google has released Chrome version 71.0.3578.80 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Releases page and apply the necessary updates.

11/28/18:

Cisco has released a security update to address a vulnerability in Cisco Prime License Manager. A remote attacker could exploit this vulnerability to obtain sensitive information. We encourage users and administrators to review the Cisco Security Advisory and apply the necessary update.

11/22/18:

VMware has released security updates to address a vulnerability in Workstation and Fusion. An attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review VMware Security Advisory VMSA-2018-0030 and apply the necessary updates.

11/20/18:

Adobe has released security updates to address a vulnerability in Adobe Flash Player. An attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review Adobe Security Bulletin APSB18-44 and apply the necessary updates.

11/13/18:

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s November 2018 Security Update Summary and Deployment Information and apply the necessary updates.

11/7/18:

Cisco has released security updates to address vulnerabilities affecting Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the following Cisco Security Advisories and apply the necessary updates:

10/31/18:

Mozilla has released a security update to address vulnerabilities in Thunderbird ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Mozilla Security Advisory for Thunderbird ESR 60.3 and apply the necessary update.

10/24/18:

Mozilla has released a security update to address vulnerabilities in Thunderbird ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Mozilla Security Advisory for Thunderbird ESR 60.3 and apply the necessary update.

10/19/18:

Microsoft has released a security update to address a vulnerability in the Yammer desktop application. A remote attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review the Microsoft Security Advisory and apply the necessary update.

10/17/18:

Cisco has released security updates to address multiple vulnerabilities affecting Cisco products. An attacker could exploit one of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Cisco Security Advisories and Alerts webpage and apply the necessary updates.

10/16/18:

The Federal Bureau of Investigation (FBI) has released an article on building a digital defense against phishing scams targeting electronically deposited paychecks. In these schemes, scammers use phishing emails to direct employees to fraudulent websites and collect their work credentials. Scammers then use victims’ credentials to replace legitimate direct deposit information with their own account details. We encourage users to review the FBI Article and NCCIC Tip on Avoiding Social Engineering and Phishing Attacks for more information. If you believe you have been a victim of these scams, report it to the FBI’s Internet Crime Complaint Center at www.ic3.gov.

Oracle has released its Critical Patch Update for October 2018 to address 301 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Oracle October 2018 Critical Patch Update and apply the necessary updates.

VMware has released security updates to address a vulnerability in ESXi, Workstation, and Fusion. An attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review VMware Security Advisory VMSA-2018-0026 and apply the necessary updates.

Google has released Chrome version 70.0.3538.67 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. we encourage users and administrators to review the Chrome Releases page and apply the necessary update.

10/12/18:

The Multi-State Information Sharing & Analysis Center (MS-ISAC) has released an advisory on multiple Hypertext Preprocessor (PHP) vulnerabilities. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review MS-ISAC Advisory 2018-113 and the PHP Downloads page and apply the necessary updates.

10/9/18:

Adobe has released security updates to address vulnerabilities in Adobe Digital Editions, Framemaker, and Technical Communications Suite. An attacker could exploit these vulnerabilities to take control of an affected system. We encourage users and administrators to review Adobe Security Bulletins APSB18-27, APSB18-37, and APSB18-38 and apply the necessary updates.

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s October 2018 Security Update Summary and Deployment Information and apply the necessary updates.

VMware has released a security advisory to address a vulnerability in ESXi, Workstation, and Fusion. An attacker could exploit this vulnerability to cause a denial-of-service condition. we encourage users and administrators to review VMware Security Advisory VMSA-2018-0025 and apply the necessary workarounds.

10/3/18:

Cisco has released security updates to address multiple vulnerabilities affecting Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Cisco Security Advisories and Alerts webpage and apply the necessary updates.

The Federal Trade Commission (FTC) has released an alert to provide Facebook users with recommended precautions against identity theft after the recent breach of the Facebook social media platform. We encourage users and administrators to review the FTC Alert and the NCCIC Tip on Preventing and Responding to Identity Theft. If you believe you are a victim of identity theft, visit the FTC’s identity theft website to make a report.

Cisco has released several updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Cisco Security Advisories and Alerts webpage and apply the necessary updates.

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. A remote attacker could exploit these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Mozilla Security Advisory for Firefox 62.0.3 and Firefox ESR 60.2.2 and apply the necessary updates.

9/26/18:

Cisco has released several updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review the Cisco Security Advisories and Alerts webpage and apply the necessary updates.

9/24/18:

Apple has released a security update to address multiple vulnerabilities in macOS Mojave 10.14. An attacker could exploit one of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Apple’s security page for macOS Mojave 10.14 and apply the necessary update.

9/21/18:

Cisco has released a security update to address a vulnerability in Cisco Video Surveillance Manager. A remote attacker could exploit this vulnerability to take control of an affected system. We encourage users and administrators to review the Cisco Security Advisory and apply the necessary update.

9/19/18:

Adobe has released security updates to address vulnerabilities in Adobe Acrobat and Reader. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Adobe Security Bulletin APSB-18-34 and apply the necessary updates.

9/17/18:

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Apple security pages for the following products and apply the necessary updates:

9/11/18:

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Microsoft’s September 2018 Security Update Summary and Deployment Information and apply the necessary updates.

Google has released Chrome version 69.0.3497.92 for Windows, Mac, and Linux. This version addresses vulnerabilities, one of which an attacker could exploit to take control of an affected system. We encourage users and administrators to review the Chrome Releases page and apply the necessary update.

Adobe has released security updates to address vulnerabilities in Adobe Flash Player and ColdFusion. An attacker could exploit some of these vulnerabilities to take control of an affected system. We encourage users and administrators to review Adobe Security Bulletins APSB18-31 and APSB18-33 and apply the necessary updates.

9/6/18:

VMware has released security updates to address vulnerabilities in VMware AirWatch Agent and Content Locker. An attacker could exploit these vulnerabilities to obtain access to sensitive information. We encourage users and administrators to review the VMware Security Advisory VMSA-2018-0023 and apply the necessary updates.

8/28/18:

VMware has released security updates to address vulnerabilities in VMware AirWatch Agent and Content Locker. An attacker could exploit these vulnerabilities to obtain access to sensitive information. We encourage users and administrators to review the VMware Security Advisory VMSA-2018-0023 and apply the necessary updates.

8/22/18:

The Federal Trade Commission has released an alert on Bitcoin blackmail scams. In these schemes, scammers threaten victims with public disclosure of their “secret” unless they send a payment in Bitcoin. NCCIC encourages users and administrators to refer to the FTC Alert and a related FBI press release for more information.

Adobe has released security updates to address vulnerabilities in Adobe Photoshop CC. An attacker could exploit these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review Adobe Security Bulletin APSB18-28 and apply the necessary updates.

8/15/18:

Cisco has released updates to address vulnerabilities affecting Cisco products. A remote attacker could exploit these vulnerabilities to cause a denial-of-service situation. NCCIC encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates: Web Security Appliance Web Proxy Memory Exhaustion Denial-of-Service Vulnerability cisco-sa-20180815-wsa-dos; Unified Communications Manager IM & Presence Service Denial-of-Service Vulnerability cisco-sa-20180815-ucmimps-dos.

8/14/18:

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review Microsoft’s August 2018 Security Update Summary and Deployment Information and apply the necessary updates.

7/24/18:

Google has released Chrome version 68.0.3440.75 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. NCCIC encourages users and administrators to review the Chrome Releases page and apply the necessary update.

6/13/18:

Apple has released a security update to address vulnerabilities in Xcode. An attacker could exploit one of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review Apple’s security page for Xcode 9.4.1 and apply the necessary update.

5/13/18:

Mozilla has released a security update to address vulnerabilities in Thunderbird. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the Mozilla Security Advisory for Thunderbird 52.8 and apply the necessary update.

4/17/18:

Oracle has released its Critical Patch Update for April 2018 to address 254 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the Oracle April 2018 Critical Patch Update and apply the necessary updates.

4/10/18:

Adobe has released security updates to address vulnerabilities in Adobe PhoneGap Push Plugin, Adobe Digital Editions, Adobe InDesign, Adobe Experience Manager, and Adobe Flash Player. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review Adobe Security Bulletins APSB18-15, APSB18-13, APSB18-11, APSB18-10, and APSB18-08, and apply the necessary updates.

3/21/18:

Citrix has released security updates to address vulnerabilities in its XenServer. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review the Citrix Security Bulletin CTX232655 and apply the necessary updates.

1/30/18 – 2/2/18:

The Internet Crime Complaint Center (IC3) has released an alert on impersonation scams. In these schemes, scammers send emails impersonating IC3 to trick recipients into providing personally identifiable information or downloading malicious files. Users should use caution when reviewing unsolicited messages. Please refer to the IC3 Alert here.

Mozilla has released a security update to address a vulnerability in Firefox.

Cisco has released software updates to address a vulnerability in its IOS XR Software Release 5.3.4 for the Cisco Aggregation Services Router (ASR) 9000 Series. You can review the Cisco Security Advisory here.

The Federal Trade Commission (FTC) has released an article addressing scams targeting online daters. In this type of fraud, cyber criminals target victims, gain their confidence, and trick them into sending money. To stay safer online, review the FTC article on Online Dating Scams.

1/23/18:

Mozilla has released security updates to address vulnerabilities in Firefox ESR and Firefox 58.

Apple has released security updates to address vulnerabilities in multiple products: Safari 11.0.3, watchOS 4.2.2, iOS 11.2.5, macOS High Sierra 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, and tvOS 11.2.5.

1/12/18:

VMware Releases Security Updates for Workstation and Fusion.

1/9/18:

Microsoft Releases January 2018 Security Updates for the following software: Internet Explorer, Windows, Office, .NET Framework, SQL Server and more.

12/12/17:

Microsoft has released December updates to address vulnerabilities in Microsoft software.

12/7/17:

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR.

12/6/17:

Microsoft has released updates to address a vulnerability in Microsoft Malware Protection Engine affecting multiple products.

Apple has released security updates to address vulnerabilities in multiple products:

Google has released Chrome version 63.0.3239.84 for Windows, Mac, and Linux.

11/29/17:

Mozilla has released a security update to address multiple vulnerabilities in Firefox 57.

11/29/17:

Cisco has released security updates to address vulnerabilities in its WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files.

11/20/17:

Symantec has released an update to address a vulnerability in the Symantec Management Console.

11/16/17:

Oracle has released a security alert to address multiple vulnerabilities in Oracle Tuxedo.

11/15/17:

Cisco has released a security update to address a vulnerability in its Voice Operating System software platform. Exploitation of this vulnerability could allow a remote attacker to take control of an affected system.

11/14/17:

Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. Deployment information can be found here.

Mozilla has released security updates to address multiple vulnerabilities in Firefox 57 and ESR 52.5. An attacker could exploit these vulnerabilities to take control of an affected system.

Adobe has released security updates to address vulnerabilities in Flash Player, Photoshop CC, Adobe Connect, DNG Converter, InDesign, Digital Editions, Shockwave Player, and Experience Manager. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. The Security Bulletins are: APSB17-33, APSB17-34, APSB17-35, APSB17-37, APSB17-38, APSB17-39, APSB17-40, and APSB17-41.

11/6/17:

Google has released Chrome version 62.0.3202.89 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.