Info collector

Recent Vulnerabilities

ST17-001: Securing the Internet of Things

By on November 16, 2017 in Recent Vulnerabilities

Original release date: November 16, 2017 The Internet of Things refers to any object or device that sends and receives data automatically through the Internet. This rapidly expanding set of “things” includes tags (also known as labels or chips that automatically track objects), sensors, and devices that interact with people and share information machine to […]

Continue Reading »

FCC Promotes Best Practices for SS7 Communications

By on August 27, 2017 in Recent Vulnerabilities

Original release date: August 24, 2017 The Federal Communications Commission (FCC) has released a public notice encouraging communications service providers to voluntarily use security best practices recommended by the Communications Security, Reliability, and Interoperability Council (CSRIC), a federal advisory committee to the FCC. These best practices help prevent exploitation of Signaling System 7 (SS7) network […]

Continue Reading »

DNSSEC Key Signing Key Rollover

By on August 27, 2017 in Recent Vulnerabilities

Original release date: August 21, 2017 On October 11, 2017, the Internet Corporation for Assigned Names and Numbers (ICANN) will be changing the Root Zone Key Signing Key (KSK) used in the domain name system (DNS) Security Extensions (DNSSEC) protocol.  DNSSEC is a set of DNS protocol extensions used to digitally sign DNS information, which […]

Continue Reading »

Mozilla Releases Security Update

By on August 27, 2017 in Recent Vulnerabilities

Original release date: August 21, 2017 Mozilla has released a security update to address multiple vulnerabilities in Thunderbird. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review the Mozilla Security Advisory for Thunderbird 52.3 and apply the necessary update. This product […]

Continue Reading »

SB17-233: Vulnerability Summary for the Week of August 14, 2017

By on August 27, 2017 in Recent Vulnerabilities

Original release date: August 21, 2017 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center […]

Continue Reading »

Drupal Releases Security Updates

By on August 27, 2017 in Recent Vulnerabilities

Original release date: August 16, 2017 Drupal has released an advisory to address several vulnerabilities in Drupal 8.x. A remote attacker could exploit one of these vulnerabilities to obtain or modify sensitive information. US-CERT encourages users and administrators to review Drupal’s Security Advisory and upgrade to version 8.3.7. This product is provided subject to this […]

Continue Reading »

DOJ Provides Organizations a Framework for Development of a Vulnerability Disclosure Program

By on August 1, 2017 in Recent Vulnerabilities

Original release date: August 01, 2017 The Department of Justice (DOJ) Criminal Division Cybersecurity Unit has developed a framework to assist organizations interested in creating a formal vulnerability disclosure program. US-CERT encourages users, administrators, and organizations to review the DOJ publication, A Framework for a Vulnerability Disclosure Program for Online Systems. This product is provided […]

Continue Reading »

Internet Information Services (IIS) 6.0 Vulnerability

By on April 3, 2017 in Recent Vulnerabilities

Original release date: March 30, 2017 US-CERT is aware of active exploitation of a vulnerability in Windows Server 2003 Operating System Internet Information Services (IIS) 6.0. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system.  On June 15, 2015, Microsoft ended support for Windows Server 2003 Operating System, which […]

Continue Reading »

Google Releases Security Updates for Chrome

By on April 3, 2017 in Recent Vulnerabilities

Original release date: March 30, 2017 Google has released Chrome version 57.0.2987.133 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that, if exploited, may allow an attacker to take control of an affected system. Users and administrators are encouraged to review the Chrome Releases page and apply the necessary updates. This product is provided […]

Continue Reading »

Apple Releases Security Update for iTunes

By on March 26, 2017 in Recent Vulnerabilities

Original release date: March 24, 2017 Apple has released a security update for Apple iTunes to address multiple vulnerabilities. Exploitation of some of these vulnerabilities may allow a remote attacker to cause a denial-of-service condition. Users and administrators are encouraged to review information on iTunes 12.6 and apply the necessary update. This product is provided […]

Continue Reading »

Top