Info collector

NCCIC Awareness Briefing on Chinese Malicious Cyber Activity

By on January 30, 2019 in Recent Vulnerabilities

Original release date: January 30, 2019 The Cybersecurity and Infrastructure Security Agency (CISA) will conduct a series of virtual awareness briefings on Chinese malicious cyber activity targeting managed service providers (MSPs). Briefings will be held from 1–2 p.m. ET on the dates listed below: Wednesday, February 6 Friday, February 22 CISA encourages MSPs and their […]

Continue Reading »

MS-ISAC Releases Advisory on DNS Flag Day

By on January 30, 2019 in Recent Vulnerabilities

Original release date: January 30, 2019 The Multi-State Information Sharing & Analysis Center (MS-ISAC) has released an alert on Domain Name System (DNS) Flag Day, which is Friday, February 1, 2019. On DNS Flag Day, DNS software and service providers will roll out updates to remove workarounds that allow users to bypass the Extension Mechanisms […]

Continue Reading »

Mozilla Releases Security Update for Thunderbird

By on January 30, 2019 in Recent Vulnerabilities

Original release date: January 30, 2019 Mozilla has released a security update to address vulnerabilities in Thunderbird. An attacker could exploit one of these vulnerabilities to take control of an affected system. The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review […]

Continue Reading »

CERT/CC Reports Microsoft Exchange 2013 and Newer are Vulnerable to NTLM Relay Attacks

By on January 28, 2019 in Recent Vulnerabilities

Original release date: January 28, 2019 The CERT Coordination Center (CERT/CC) has released information to address NTLM relay attacks affecting Microsoft Exchange 2013 and newer versions. A remote attacker could exploit this vulnerability to take control of an affected system. The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security […]

Continue Reading »

SB19-028: Vulnerability Summary for the Week of January 21, 2019

By on January 28, 2019 in Recent Vulnerabilities

Original release date: January 28, 2019 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center […]

Continue Reading »

CISA Releases Blog on Emergency Directive

By on January 24, 2019 in Recent Vulnerabilities

Original release date: January 24, 2019 The U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) Director Christopher Krebs, has released a blog, titled “Why CISA Issued Our First Emergency Directive,” to explain considerations in issuing Emergency Directive 19-01 on January 22, 2019. The directive requires Federal civilian agencies to take a […]

Continue Reading »

AA19-024A: DNS Infrastructure Hijacking Campaign

By on January 24, 2019 in Recent Vulnerabilities

Original release date: January 24, 2019 Summary The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), is aware of a global Domain Name System (DNS) infrastructure hijacking campaign. Using compromised credentials, an attacker can modify the location to which an organization’s domain name resources resolve. This enables […]

Continue Reading »

Tax Identity Theft Awareness Week

By on January 24, 2019 in Recent Vulnerabilities

Original release date: January 24, 2019 Tax Identity Theft Awareness Week is January 28 to February 1. This annual campaign aims to help consumers be more informed about protecting themselves from tax-related identity theft and scams. Tax-related identity theft occurs when someone steals a Social Security number and uses it to claim a tax refund […]

Continue Reading »

CISA Emergency Directive on DNS Infrastructure Tampering

By on January 22, 2019 in Recent Vulnerabilities

Original release date: January 22, 2019 The U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive to address ongoing incidents associated with global Domain Name System (DNS) infrastructure tampering. CISA is aware of multiple executive branch agency domains that were impacted by the tampering campaign and has notified […]

Continue Reading »

SB19-021: Vulnerability Summary for the Week of January 14, 2019

By on January 22, 2019 in Recent Vulnerabilities

Original release date: January 21, 2019 | Last revised: January 22, 2019 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) […]

Continue Reading »

Top
All of these posts originated on blog.dynamoo.com, us-cert.gov and malwaredomainlist.com and are automatically reposted on colors.cbnetsecurity.com.X