by Scott Muniz | Oct 7, 2021 | Security, Technology
This article is contributed. See the original author and article here.
On October 7, 2021, the Apache Software Foundation released Apache HTTP Server version 2.4.51 to address Path Traversal and Remote Code Execution vulnerabilities (CVE-2021-41773, CVE-2021-42013) in Apache HTTP Server 2.4.49 and 2.4.50. These vulnerabilities have been exploited in the wild.
CISA is also seeing ongoing scanning of vulnerable systems, which is expected to accelerate, likely leading to exploitation. CISA urges organizations to patch immediately if they haven’t already—this cannot wait until after the holiday weekend.
by Scott Muniz | Oct 7, 2021 | Security, Technology
This article is contributed. See the original author and article here.
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS A
lock (
) or
https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
by Scott Muniz | Oct 7, 2021 | Security, Technology
This article is contributed. See the original author and article here.
In coordination with the Office of Management and Budget (OMB), the Federal Chief Information Security Officer Council (FCISO) Trusted Internet Connections (TIC) Subcommittee, and the General Services Administration, CISA has released Trusted Internet Connections 3.0 Remote User Use Case. The Remote User Use Case provides federal agencies with guidance on applying network and multi-boundary security for agencies that permit remote users on their networks. In accordance with OMB Memorandum M-19-26, this use case builds off TIC 3.0 Interim Telework Guidance originally released in Spring 2020.
The TIC 3.0 Remote User Use Case considers additional security patterns agencies may face with remote users and includes four new security capabilities:
- User Awareness and Training,
- Domain Name Monitoring,
- Application Container, and
- Remote Desktop Access.
In conjunction with the Remote User Use Case, CISA has also released Response to Comments on TIC 3.0 Remote User Use Case and the Pilot Process Handbook. These additional documents provide feedback on the Remote User Use Case and describes the process by which agencies should conduct TIC 3.0 pilots.
CISA encourages all federal government agencies and organizations to review the TIC 3.0 Remote User Use Case and visit the CISA TIC page for updates and additional information on the TIC program.
by Scott Muniz | Oct 6, 2021 | Security, Technology
This article is contributed. See the original author and article here.
Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR . An attacker could exploit some of these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review the Mozilla security advisories for Firefox 93, Firefox ESR 78.15, and Firefox ESR 91.2.
by Scott Muniz | Oct 6, 2021 | Security, Technology
This article is contributed. See the original author and article here.
The Apache Software Foundation has released Apache HTTP Server version 2.4.50 to address two vulnerabilities. An attacker could exploit these vulnerabilities to take control of an affected system. One vulnerability, CVE-2021-41773, has been exploited in the wild.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apache HTTP Server 2.4.50 vulnerabilities page and apply the necessary update.
by Scott Muniz | Oct 6, 2021 | Security
This article was originally posted by the FTC. See the original article here.
For-profit colleges sometimes use overblown — or flat-out false — promises to attract new students and their money. The FTC is ramping up its efforts to stop shady practices on campus. The Commission is sending a Notice of Penalty Offenses to the largest 70 for-profits, warning them that the FTC will not stand for unfair or deceptive practices.
Why the heads-up? Under federal law, the FTC may put companies on notice that some practices have been found to be unfair or deceptive in administrative cases with final cease and desist orders, other than consent orders. If a company knows about (the law says has “actual knowledge” about) the orders and uses those same deceptive marketing tactics, the FTC can sue the company in federal court for civil penalties. The Notice outlines those prohibited practices: claims about the career or earning prospects of their graduates, the percentage of graduates that get jobs in their chosen field, whether the school can help a graduate get a job, and more. These are just the kinds of information a student would want to know before committing to a program — and it’s exactly how some for-profit schools market their programs.
The FTC has been going after false and misleading claims in education for nearly a century, but fraud in this sector persists. Most recently, the University of Phoenix agreed to a $191 million judgment to settle the FTC’s charges that, to attract students, it used deceptive ads that falsely touted its relationships with and job opportunities at companies such as AT&T, Yahoo!, Microsoft, Twitter, and The American Red Cross. In another matter, DeVry University paid $100 million to settle the FTC’s charges that the for-profit misrepresented the employment and salary prospects of its graduates. Additionally, the Commission has published a guide for vocational schools describing practices that the agency determined are deceptive.
Servicemembers and student veterans are often the targets of schools’ deceptive marketing. For-profit schools have had a strong incentive to enroll veterans because of the education benefits servicemembers can use to pay for college. This has led to aggressive targeting of servicemembers, veterans, and their families. For example, the FTC’s case against Career Education Corporation (“CEC”) charged it with recruiting prospective students using marketers who falsely claimed to be affiliated with the U.S. military, tricking students who were looking to serve their country.
There are tools to help veterans, servicemembers, and all kinds of students navigate the education marketplace and blow the whistle on bad actors. If you have a federal student loan and feel like a school misled you or broke the law, apply for loan forgiveness through the Department of Education’s (ED’s) Borrower Defense to Repayment procedures. If you’re getting started (or re-started), ED’s Opportunity Centers are designed to help prospective students (including people of modest means, first-generation college students, and veterans) apply for admission to college and arrange for financial aid and loans. Find one near you.
Servicemembers: talk with your Personal Financial Manager to get hands-on help with your next steps. And vets can call the VA’s GI Bill Hotline to discuss questions about education benefits: 1-888-GIBILL (1-888-442-4551), or visit the VA site to learn more. Before enrolling, you can find out important information about any school — including whether it’s a for-profit school — at the U.S. Department of Education’s sites, College Scorecard or College Navigator. The FTC’s Military Consumer site also has helpful advice on finding and paying for school.
Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.
Recent Comments