This article is contributed. See the original author and article here.
The National Security Agency (NSA) has released an information sheet with guidance on adopting encrypted Domain Name System (DNS) over Hypertext Transfer Protocol over Transport Layer Security (HTTPS), referred to as DNS over HTTPS (DoH). When configured appropriately, strong enterprise DNS controls can help prevent many initial access, command and control, and exfiltration techniques used by threat actors.
This article is contributed. See the original author and article here.
The Apache Software Foundation has released a security advisory to address a vulnerability affecting multiple versions of Apache Tomcat. An attacker could exploit this vulnerability to obtain sensitive information.
CISA encourages users and administrators to review the Apache security advisory for CVE-2021-24122 and upgrade to the appropriate version.
This article was originally posted by the FTC. See the original article here.
Scammers are at it again, pretending to be from a government agency to rip people off. Here’s what you need to know about the latest coronavirus relief fund scam.
You get an email that looks to be from Joe Simons of the Federal Trade Commission. It says you’re getting coronavirus relief money. The email includes a fake certificate to make you think the money is real.
If you reply, they say you have to pay taxes before you get your money. They may include a fake letter from the IRS, like this one, to convince you.
If you pay, they say you must pay the State Department for a certificate that proves the funds are not related to any terrorist activity and the money is cleared for you to receive. (Yes, really!)
Finally, if you pay that, they send you a fake remittance order showing that the money is on the way to your bank account.
As you might have suspected by now, the money never shows up. That’s because every step of the way was carried out by scammers looking to steal your money. So, what can you do to protect yourself against imposters when their stories keep changing?
Be suspicious of any call, email, text, or letter from a government agency asking for money or information. Government agencies don’t call you with threats or promises of – or demands for – money. Scammers do.
Don’t trust caller ID – it can be faked. Even if it might look like a real call from a real government agency, don’t trust it.
Never pay with a gift card or wire transfer. If someone tells you to pay this way, it’s a scam.
Check with the real agency. Look up their number. Call them to find out if they’re trying to reach you – and why.
If you look up Joe Simons, you’ll see that he is the Chairman of the FTC. But Joe didn’t email you. Scammers pretending to be Joe did.
Here’s another sign this is a scam: The FTC is not involved in distributing coronavirus economic stimulus money in any way. Economic stimulus payments come from the IRS. The IRS won’t contact you by phone, email, text message, or social media with information about any payments related to the coronavirus pandemic, or to ask you for personal or financial information. Check out irs.gov/coronavirus for the latest info about coronavirus relief payments.
If you get an email that says you’re getting some money, don’t reply, period. And definitely don’t give them your bank account or other financial information. Report it to the FTC at ReportFraud.ftc.gov.
Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.
This article is contributed. See the original author and article here.
Original release date: January 14, 2021
Microsoft has released a security advisory to address a remote code execution vulnerability, CVE-2021-1647, in Microsoft Defender. A remote attacker can exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild.
CISA encourages users and administrators to review Microsoft Advisory for CVE-2021-1647 and apply the necessary updates.
This article is contributed. See the original author and article here.
Original release date: January 14, 2021
Cisco has released security updates to address vulnerabilities in Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities see the Cisco Security Advisories page.
CISA encourages users and administrators to review the following Cisco Advisories and apply the necessary updates:
Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Command Injection Vulnerabilities cisco-sa-rv-command-inject-LBdQ2KRN
Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities cisco-sa-rv-overflow-WUnUgv4U
This article is contributed. See the original author and article here.
Original release date: January 14, 2021
Juniper Networks has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to cause take control of an affected system.
CISA encourages users and administrators to review the Juniper Networks security advisories page and apply the necessary updates.
DrWare.com uses cookies to provide you the best possible experience. Use of this site means you understand and accept our cookie policy. Find out more.
Recent Comments