by Scott Muniz | Oct 29, 2021 | Security, Technology
This article is contributed. See the original author and article here.
Google has released Chrome version 95.0.4638.69 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. Some of these vulnerabilities have been detected in exploits in the wild.
CISA encourages users and administrators to review the Chrome Release Note and apply the necessary update as soon as possible.
by Scott Muniz | Oct 29, 2021 | Security, Technology
This article is contributed. See the original author and article here.
GoCD has released a security update to address a critical authentication vulnerability in GoCD versions 20.6.0 through 21.2.0. GoCD is an open-source Continuous Integration and Continuous Delivery system. A remote attacker could exploit this vulnerability to obtain sensitive information.
CISA encourages users and administrators to update to GoCD 21.3.0 or apply the necessary workarounds.
For more information, see Agent 007: Pre-Auth Takeover of Build Pipelines in GoCD.
by Scott Muniz | Oct 28, 2021 | Security
This article was originally posted by the FTC. See the original article here.
Many of us would like to believe a marketer’s claims that an over-the-counter nasal spray can prevent or treat COVID-19. Luckily, the law sets a high standard of proof before a marketer can say its product can prevent, treat, or cure a serious disease. The law requires competent scientific evidence. In its latest case targeting fake COVID-19 cure claims, the FTC says that nasal spray maker Xlear, Inc., broke the law by promoting its saline sprays as effective treatments for COVID-19 without scientific proof.
The FTC says that since at least March 2020, Xlear and its president used deceptive or unsubstantiated claims to promote their nasal sprays on their websites and in YouTube videos, social media posts, and magazine advertorials. For example, the defendants said the sprays would protect against the virus “for up to four hours, helping keep you and others around you safe.” The FTC staff warned the defendants in July 2020 that they were unlawfully advertising their products. According to the complaint, the defendants told the staff they would remove the claims from their websites and other platforms, but continued using them.
The complaint, filed by the Department of Justice on behalf of the FTC, seeks substantial financial penalties and asks the court to bar the defendants from making similar false and unsupported health claims in the future.
Protect yourself — and your wallet — from bogus health products:
- Talk with your doctor or healthcare professional before you try any product claiming to treat, prevent, or cure COVID-19 or any other serious illness.
- Visit CDC.gov and FDA.gov for the most up-to-date information about COVID-19.
- Remember, when there’s a medical breakthrough to treat, prevent, or cure a disease, you’re not going to hear about it first through an ad or sales pitch.
- Know that bad actors post fake reviews and testimonials about their own products. Read How to Evaluate Online Reviews to learn more.
If you spot a bogus health product, please tell us at ReportFraud.ftc.gov.
Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.
by Scott Muniz | Oct 28, 2021 | Security, Technology
This article is contributed. See the original author and article here.
The National Security Agency (NSA) and CISA have published the first of a four-part series, Security Guidance for 5G Cloud Infrastructures. Security Guidance for 5G Cloud Infrastructures – Part I: Prevent and Detect Lateral Movement provides recommendations for mitigating lateral movement attempts by threat actors who have gained initial access to cloud infrastructures.
This guidance has been created by the Critical Infrastructure Partnership Advisory Council (CIPAC) Cross Sector Enduring Security Framework Working Group—a public-private working group that provides cybersecurity guidance addressing high-priority cyber threats to the nation’s critical infrastructure.
CISA encourages 5G providers, integrators, and network operators to review the guidance and consider the recommendations.
by Scott Muniz | Oct 28, 2021 | Security, Technology
This article is contributed. See the original author and article here.
Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisory
CISA encourages users and administrators to review the Cisco advisory and apply the necessary updates.
by Scott Muniz | Oct 28, 2021 | Security, Technology
This article is contributed. See the original author and article here.
The Internet Systems Consortium (ISC) has released a security advisory that addresses a vulnerability affecting multiple versions of the ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit this vulnerability to cause a denial-of-service condition.
CISA encourages users and administrators to review the ISC advisory for CVE-2021-25219 and apply the necessary updates or workaround.
Recent Comments