Feed aggregator

Intel Firmware Vulnerability

Nov 21, 2017

Original release date: November 21, 2017 Intel has released recommendations to address vulnerabilities in the firmware of the following Intel products: Management Engine, Server Platform Services, and Trusted Execution Engine. An attacker could exploit some of these vulnerabilities to take control of an affected system.US-CERT encourages users and administrators to review the Intel links below and refer to their original equipment manufacturers (OEMs) for mitigation strategies and updated firmware.Intel Security Advisory INTEL-SA-00086Support ArticleDetection Tool  This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Symantec Releases Security Update

Nov 21, 2017

Original release date: November 21, 2017 Symantec has released an update to address a vulnerability in the Symantec Management Console. A remote attacker could exploit this vulnerability to take control of an affected system.US-CERT encourages users and administrators to review the Symantec Security Advisory and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

You Are a Target

Nov 20, 2017

You may not realize it, but you are a target. Your computer, your work and personal accounts and your information are all highly valuable to cyber criminals. Be mindful that bad guys are out to get you.

Continue Reading ›

Windows ASLR Vulnerability

Nov 20, 2017

Original release date: November 20, 2017 The CERT Coordination Center (CERT/CC) has released information on a vulnerability in Windows Address Space Layout Randomization (ASLR) that affects Windows 8, Windows 8.1, and Windows 10. A remote attacker could exploit this vulnerability to take control of an affected system.US-CERT encourages users and administrators to review CERT/CC VU #817544 and apply the necessary workaround until a patch is released. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Holiday Scams and Malware Campaigns

Nov 16, 2017

Original release date: November 16, 2017 US-CERT reminds users to remain vigilant when browsing or shopping online this holiday season. Emails and ecards from unknown senders may contain malicious links. Fake advertisements or shipping notifications may deliver attachments infected with malware. Spoofed email messages and phony posts on social networking sites may request support for fraudulent causes.To avoid seasonal campaigns that could result in security breaches, identity theft, or financial loss, users are encouraged to take the following actions:Avoid following unsolicited links or downloading attachments from unknown sources.Refer to our Tips to learn more about Shopping Safely Online and Avoiding Social Engineering and Phishing Attacks.Read the Federal Trade Commission's blog: Holiday Shopping Tips from the FTC.Visit the Federal Trade Commission's Consumer Information page on Charity Scams.If you believe you are a victim of a holiday phishing scam or malware campaign, consider the following actions:File a complaint with the FBI's Internet Crime Complaint Center (IC3).Report the attack to the police and file a report with the Federal Trade Commission.Contact your financial institution immediately and close any accounts that may have been compromised. Watch for any unexplainable charges to your account.Immediately change any passwords you might have revealed and do not use that password in the future. Avoid reusing passwords on multiple sites. See Choosing and Protecting Passwords for more information. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Oracle Releases Security Alert

Nov 16, 2017

Original release date: November 16, 2017 Oracle has released a security alert to address multiple vulnerabilities in Oracle Tuxedo. A remote attacker could exploit these vulnerabilities to take control of an affected system.US-CERT encourages users and administrators to review the Oracle Security Alert Advisory and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Don't Login on Untrusted Computers

Nov 15, 2017

A password is only as secure as the computer or network it is used on. As such, never log in to a sensitive account from a public computer, such as computers in a cyber cafe, hotel lobby or conference hall. Bad guys target public computers such as these and infect them on purpose. The moment you type your password on an infected computer, these cyber criminals can harvest your passwords. If you have no choice but to use a public computer, change your password at the next available opportunity you have access to a trusted computer.

Continue Reading ›

Cisco Releases Security Update

Nov 15, 2017

Original release date: November 15, 2017 Cisco has released a security update to address a vulnerability in its Voice Operating System software platform. Exploitation of this vulnerability could allow a remote attacker to take control of an affected system.US-CERT encourages users and administrators to review the Cisco Security Advisory and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Mobile Apps

Nov 14, 2017

Only install mobile apps from trusted places, and always double-check the privacy settings to ensure you are not giving away too much information.

Continue Reading ›

Mozilla Releases Security Updates

Nov 14, 2017

Original release date: November 14, 2017 Mozilla has released security updates to address multiple vulnerabilities in Firefox 57 and ESR 52.5. An attacker could exploit these vulnerabilities to take control of an affected system.US-CERT encourages users and administrators to review the Mozilla Security Advisory for Firefox 57 and ESR 52.5 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Microsoft Releases November 2017 Security Updates

Nov 14, 2017

Original release date: November 14, 2017 Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.US-CERT encourages users and administrators to review Microsoft's November 2017 Security Update Summary and Deployment Information and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Adobe Releases Security Updates

Nov 14, 2017

Original release date: November 14, 2017 Adobe has released security updates to address vulnerabilities in Flash Player, Photoshop CC, Adobe Connect, DNG Converter, InDesign, Digital Editions, Shockwave Player, and Experience Manager. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.US-CERT encourages users and administrators to review Adobe Security Bulletins APSB17-33, APSB17-34, APSB17-35, APSB17-37, APSB17-38, APSB17-39, APSB17-40, and APSB17-41, and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Never Give Your Password Over the Phone

Nov 12, 2017

Never give your password to someone over the phone. If someone calls you and asks for your password while saying they are from the Help Desk or Tech Support team, it is an attacker attempting to gain access to your account.

Continue Reading ›

Microsoft Releases Security Advisory on Dynamic Data Exchange (DDE)

Nov 9, 2017

Original release date: November 09, 2017 Microsoft has released an advisory that provides guidance on securing Dynamic Data Exchange (DDE) fields in Microsoft Office applications. Exploitation of this protocol may allow an attacker to take control of an affected system.US-CERT encourages users and administrators to review the Microsoft Security Advisory for more information and US-CERT's Tip on Using Caution with Email Attachments. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Joomla! Releases Security Update

Nov 7, 2017

Original release date: November 07, 2017 Joomla! has released version 3.8.2 of its Content Management System (CMS) software to address multiple vulnerabilities. A remote attacker could exploit one of these vulnerabilities to obtain sensitive information.US-CERT encourages users and administrators to review the Joomla! Security Release and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Google Releases Security Update for Chrome

Nov 6, 2017

Original release date: November 06, 2017 Google has released Chrome version 62.0.3202.89 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.US-CERT encourages users and administrators to review the Chrome Releases page and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Two-Step Verification

Nov 5, 2017

Two-step verification is one of the best steps you can take to secure any account. Two-step verification is when you require both a password and code sent to or generated by your mobile device. Examples of services that support two-step verification include Gmail, Dropbox and Twitter.

Continue Reading ›

Cisco Releases Security Update for IOS XE Software

Nov 3, 2017

Original release date: November 03, 2017 Cisco has released a security update to address a vulnerability in its IOS XE software. A remote attacker could exploit this vulnerability to cause a denial-of-service condition.US-CERT encourages users and administrators to review the Cisco Security Advisory and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Lock Your Mobile Devices

Nov 1, 2017

The number one step for protecting your mobile device is making sure it has a strong passcode or password lock on it so only you can access it.

Continue Reading ›

Cisco Releases Security Updates

Nov 1, 2017

Original release date: November 01, 2017 Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:Wireless LAN Controller 802.11v Basic Service Set Transition Management Denial of Service Vulnerability cisco-sa-20171101-wlc2Wireless LAN Controller Simple Network Management Protocol Memory Leak Denial of Service Vulnerability cisco-sa-20171101-wlc1Identity Services Engine Privilege Escalation Vulnerability cisco-sa-20171101-iseFirepower 4100 Series NGFW and Firepower 9300 Security Appliance Smart Licensing Command Injection Vulnerability cisco-sa-20171101-fpwrPrime Collaboration Provisioning Authenticated SQL Injection Vulnerability cisco-sa-20171101-cpcpApplication Policy Infrastructure Controller Enterprise Module Unauthorized Access Vulnerability cisco-sa-20171101-apicemAironet 1560, 2800, and 3800 Series Access Point Platforms Extensible Authentication Protocol Denial of Service Vulnerability cisco-sa-20171101-aironet2Aironet 1560, 2800, and 3800 Series Access Point Platforms 802.11 Denial of Service Vulnerability cisco-sa-20171101-aironet1 This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Pages

Related Content

Best Practices

10 Best Pactices

Our 10 Best Pactices

Contact Us

Contact Information Security at 756-7000

Contacts

Did you know?

Stay Safe Online Tips