Info collector

Recent Vulnerabilities

ST18-001: Securing Network Infrastructure Devices

By on June 21, 2018 in Recent Vulnerabilities

Original release date: June 21, 2018 Network infrastructure devices are ideal targets for malicious cyber actors. Most or all organizational and customer traffic must traverse these critical devices. An attacker with presence on an organization’s gateway router can monitor, modify, and deny traffic to and from the organization. An attacker with presence on an organization’s […]

Continue Reading »

MS-ISAC Releases Advisory on PHP Vulnerabilities

By on April 27, 2018 in Recent Vulnerabilities

Original release date: April 27, 2018 The Multi-State Information Sharing & Analysis Center (MS-ISAC) has released an advisory on multiple Hypertext Preprocessor (PHP) vulnerabilities. An attacker could exploit one of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review MS-ISAC Advisory  2018-046 and the PHP Downloads page and […]

Continue Reading »

Drupal Releases Critical Security Updates

By on April 26, 2018 in Recent Vulnerabilities

Original release date: April 25, 2018 Drupal has released critical updates addressing a vulnerability in Drupal 8.x and 7.x. A remote attacker could exploit this vulnerability to take control of an affected system. NCCIC encourages users and administrators to review Drupal’s Security Advisory and apply the necessary updates. This product is provided subject to this Notification […]

Continue Reading »

ST17-001: Securing the Internet of Things

By on November 16, 2017 in Recent Vulnerabilities

Original release date: November 16, 2017 The Internet of Things refers to any object or device that sends and receives data automatically through the Internet. This rapidly expanding set of “things” includes tags (also known as labels or chips that automatically track objects), sensors, and devices that interact with people and share information machine to […]

Continue Reading »

FCC Promotes Best Practices for SS7 Communications

By on August 27, 2017 in Recent Vulnerabilities

Original release date: August 24, 2017 The Federal Communications Commission (FCC) has released a public notice encouraging communications service providers to voluntarily use security best practices recommended by the Communications Security, Reliability, and Interoperability Council (CSRIC), a federal advisory committee to the FCC. These best practices help prevent exploitation of Signaling System 7 (SS7) network […]

Continue Reading »

DNSSEC Key Signing Key Rollover

By on August 27, 2017 in Recent Vulnerabilities

Original release date: August 21, 2017 On October 11, 2017, the Internet Corporation for Assigned Names and Numbers (ICANN) will be changing the Root Zone Key Signing Key (KSK) used in the domain name system (DNS) Security Extensions (DNSSEC) protocol.  DNSSEC is a set of DNS protocol extensions used to digitally sign DNS information, which […]

Continue Reading »

Mozilla Releases Security Update

By on August 27, 2017 in Recent Vulnerabilities

Original release date: August 21, 2017 Mozilla has released a security update to address multiple vulnerabilities in Thunderbird. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review the Mozilla Security Advisory for Thunderbird 52.3 and apply the necessary update. This product […]

Continue Reading »

SB17-233: Vulnerability Summary for the Week of August 14, 2017

By on August 27, 2017 in Recent Vulnerabilities

Original release date: August 21, 2017 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center […]

Continue Reading »

Drupal Releases Security Updates

By on August 27, 2017 in Recent Vulnerabilities

Original release date: August 16, 2017 Drupal has released an advisory to address several vulnerabilities in Drupal 8.x. A remote attacker could exploit one of these vulnerabilities to obtain or modify sensitive information. US-CERT encourages users and administrators to review Drupal’s Security Advisory and upgrade to version 8.3.7. This product is provided subject to this […]

Continue Reading »

DOJ Provides Organizations a Framework for Development of a Vulnerability Disclosure Program

By on August 1, 2017 in Recent Vulnerabilities

Original release date: August 01, 2017 The Department of Justice (DOJ) Criminal Division Cybersecurity Unit has developed a framework to assist organizations interested in creating a formal vulnerability disclosure program. US-CERT encourages users, administrators, and organizations to review the DOJ publication, A Framework for a Vulnerability Disclosure Program for Online Systems. This product is provided […]

Continue Reading »

Top