This article is contributed. See the original author and article here.
Google has updated the stable channel for Chrome to 90.0.4430.72 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.
CISA encourages users and administrators to review the Chrome release and apply the necessary changes.
This article is contributed. See the original author and article here.
Juniper Networks has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review the Juniper Security Advisories webpage and apply the necessary updates or workarounds.
This article is contributed. See the original author and article here.
Cybersecurity researchers from Forescout and JSOF have released a report on a set of nine vulnerabilities—referred to as NAME:WRECK—affecting Domain Name System (DNS) implementations. NAME:WRECK affects at least four common TCP/IP stacks—FreeBSD, IPNet, NetX, and Nucleus NET—that are used in Internet of Things (IoT), operational technology (OT), and information technology (IT) devices. A remote attacker could exploit these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review the Forescout Research Labs and JSOF Research Labs report NAME:WRECK Breaking and Fixing DNS Implementations and Forescout NAME:WRECK web page for more information, including recommended mitigations.
This article is contributed. See the original author and article here.
Google and Microsoft recently published reports on advanced persistent threat (APT) actors targeting cybersecurity researchers. The APT actors are using fake social media profiles and legitimate-looking websites to lure security researchers into visiting malicious websites to steal information, including exploits and zero-day vulnerabilities. APT groups often use elaborate social engineering and spear phishing schemes to trick victims into running malicious code through malicious links and websites.
CISA recommends cybersecurity practitioners to guard against this specific APT activity and review the following reports for more information:
Additionally, CISA strongly encourages cybersecurity practitioners use sandbox environments that are isolated from trusted systems or networks when examining untrusted code or websites.
This article is contributed. See the original author and article here.
Google has updated the stable channel for Chrome to 89.0.4389.128 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.
CISA encourages users and administrators to review the Chrome release and apply the necessary changes.
This article is contributed. See the original author and article here.
SAP has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review the SAP Security Notes for April 2021 and apply the necessary updates.
Recent Comments