Info collector

Microsoft Releases November 2018 Security Updates

By on November 13, 2018 in Recent Vulnerabilities

Original release date: November 13, 2018 Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review Microsoft’s November 2018 Security Update Summary and Deployment Information and apply the necessary updates. This […]

Continue Reading »

SB18-316: Vulnerability Summary for the Week of November 5, 2018

By on November 12, 2018 in Recent Vulnerabilities

Original release date: November 12, 2018 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center […]

Continue Reading »

NCCIC Releases Analysis Report on JexBoss

By on November 8, 2018 in Recent Vulnerabilities

Original release date: November 08, 2018 NCCIC has released Analysis Report (AR) AR18-312A: JexBoss – JBoss Verify and EXploitation Tool. Cyber threat actors use JexBoss to remotely access victims’ systems. The report provides information on JexBoss’ capabilities, as well as suggestions for detection and mitigation. NCCIC encourages users and administrators to review AR18-312A for more […]

Continue Reading »

AR18-312A: JexBoss – JBoss Verify and EXploitation Tool

AR18-312A: JexBoss – JBoss Verify and EXploitation Tool

By on November 8, 2018 in Recent Vulnerabilities

Original release date: November 08, 2018 Summary JBoss Verify and EXploitation tool (JexBoss) is an open-source tool used by cybersecurity hunt teams (sometimes referred to as “red teams”) and auditors to conduct authorized security assessments. Threat actors use this tool maliciously to test and exploit vulnerabilities in JBoss Application Server (JBoss AS)—now WildFly—and a variety […]

Continue Reading »

Self-Encrypting Solid-State Drive Vulnerabilities

By on November 6, 2018 in Recent Vulnerabilities

Original release date: November 06, 2018 NCCIC is aware of reports of vulnerabilities in the hardware encryption of certain self-encrypting solid-state drives. An attacker could exploit these vulnerabilities to obtain access to sensitive information. NCCIC encourages users and administrators to review Microsoft’s Security Advisory ADV180028 and Samsung’s Customer Notice regarding Samsung SSDs for more information […]

Continue Reading »

Apache Releases Security Advisory for Apache Struts

By on November 5, 2018 in Recent Vulnerabilities

Original release date: November 05, 2018 The Apache Software Foundation has released an advisory to address a vulnerable commons-fileupload library used in Apache Struts versions 2.3.36 and prior. A remote attacker could exploit this vulnerability to take control of an affected system. Struts versions from 2.5.12 are not affected. NCCIC encourages users and administrators of […]

Continue Reading »

SB18-309: Vulnerability Summary for the Week of October 29, 2018

By on November 5, 2018 in Recent Vulnerabilities

Original release date: November 05, 2018 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center […]

Continue Reading »

Cisco Releases Security Advisory

By on November 1, 2018 in Recent Vulnerabilities

Original release date: November 01, 2018 Cisco has released a security advisory to address a vulnerability affecting Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software. A remote attacker could exploit this vulnerability to cause a denial-of-service condition. NCCIC encourages users and administrators to review the Cisco Security Advisory and the CERT Coordination […]

Continue Reading »

ST18-006: Website Security

By on November 1, 2018 in Recent Vulnerabilities

Original release date: November 01, 2018 What is website security? Website security refers to the protection of personal and organizational public-facing websites from cyberattacks. Why should I care about website security? Cyberattacks against public-facing websites—regardless of size—are common. An attack to your website could Cause defacement, Cause a denial-of-service (DoS) condition, Enable the attacker to […]

Continue Reading »

November is National Critical Infrastructure Security and Resilience Month

By on November 1, 2018 in Recent Vulnerabilities

Original release date: November 01, 2018 November is National Critical Infrastructure Security and Resilience Month. Critical Infrastructure (CI) is our Nation’s backbone; it is the physical and cyber systems and assets that are so vital to the United States that their incapacity or destruction would have a debilitating impact on our physical or economic security […]

Continue Reading »

Top
All of these posts originated on blog.dynamoo.com, us-cert.gov and malwaredomainlist.com and are automatically reposted on colors.cbnetsecurity.com.X