🐛 COMMON VULNERABILITIES AND EXPOSURES 5[−]
17 NovPublicly Available Tools Seen in Cyber Incidents WorldwideSummary This report is a collaborative research effort by the cyber security authorities of five nations: Australia, Canada, New Zealand, the United Kingdom, and the United States.[1][2][3][4][5] In it we highlight the use of five publicly available tools, which have been used fo…CISA.GOV
17 NovMicrosoft Operating Systems BlueKeep VulnerabilitySummary The Cybersecurity and Infrastructure Security Agency (CISA) is issuing this Activity Alert to provide information on a vulnerability, known as “BlueKeep,” that exists in the following Microsoft Windows Operating Systems (OSs), including both 32- and 64-bit versions, as we…CISA.GOV
17 NovDridex MalwareSummary This Alert is the result of recent collaboration between the Department of the Treasury Financial Sector Cyber Information Group (CIG) and the Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) to identify and share information with the financial s…CISA.GOV
17 NovContinued Exploitation of Pulse Secure VPN VulnerabilitySummary Unpatched Pulse Secure VPN servers continue to be an attractive target for malicious actors. Affected organizations that have not applied the software patch to fix an arbitrary file reading vulnerability, known as CVE-2019-11510, can become compromised in an attack.[ 1 ] …CISA.GOV
17 NovCritical Vulnerabilities in Microsoft Windows Operating SystemsSummary New vulnerabilities are continually emerging, but the best defense against attackers exploiting patched vulnerabilities is simple: keep software up to date. Timely patching is one of the most efficient and cost-effective steps an organization can take to minimize its expo…CISA.GOV
⚠️ VULNERABILITY DISCLOSURE 5[−]
17 NovSamSam RansomwareSummary The Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) and the Federal Bureau of Investigation (FBI) are issuing this activity alert to inform computer network defenders about SamSam ransomware, also known as MSIL/Sa…CISA.GOV
17 NovDNS Infrastructure Hijacking CampaignSummary The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), is aware of a global Domain Name System (DNS) infrastructure hijacking campaign. Using compromised credentials, an attacker can m…CISA.GOV
17 NovNew Exploits for Unsecure SAP SystemsSummary The Cybersecurity and Infrastructure Security Agency (CISA) is issuing this activity alert in response to recently disclosed exploits that target unsecure configurations of SAP components. [ 1 ] Technical Details A presentation at the April 2019 Operation for Community De…CISA.GOV
17 NovMicrosoft Ending Support for Windows 7 and Windows Server 2008 R2Summary Note : This alert does not apply to federally certified voting systems running Windows 7. Microsoft will continue to provide free security updates to those systems through the 2020 election. See Microsoft’s article, Extending free Windows 7 security updates to voting syst…CISA.GOV
17 NovPotential for Iranian Cyber Response to U.S. Military Strike in BaghdadSummary The Cybersecurity and Infrastructure Security Agency (CISA) is sharing the following information with the cybersecurity community as a primer for assisting in the protection of our Nation’s critical infrastructure in light of the current tensions between the Islamic Repub…CISA.GOV